ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Configurate SFTP failed!!!

Post new topic  Reply to topic
 Configurate SFTP failed!!! « View previous topic :: View next topic » 
Author Message
lucas
PostPosted: Mon Sep 02, 2013 2:12 am    Post subject: Configurate SFTP failed!!! Reply with quote

Novice

Joined: 14 Jun 2013
Posts: 17
hi

I defined a message flow to get some file from a sftp server. But even how do i config the sftpservice, it always failed and the reason is "publickey authentication credentials invalid".

What is the public key? is the public key file which i generate from putty gen? And is sftp service must be existed?
Here is my command of config the service:

Code:

mqsideleteconfigurableservice FTPBroker -c FtpServer -o sftpserver
mqsicreateconfigurableservice FTPBroker -c FtpServer -o sftpserver -n serverName,protocol,scanDelay,strictHostKeyChecking,connectionType -v 9.119.84.165:22,SFTP,5,Yes,ACTIVE
mqsireportproperties FTPBroker -o sftpserver -c FtpServer -r
mqsisetdbparms FTPBroker -n sftp::sftpidentity -u fams -i D:/pk
// the second way is : mqsisetdbparms FTPBroker -n sftp::sftpidentity -u fams -p fams
mqsichangeproperties FTPBroker -c FtpServer -o sftpserver -n securityIdentity -v sftpidentity
mqsireload FTPBroker -e sshgroup


Please help me , thanks
Back to top
View user's profile Send private message
smdavies99
PostPosted: Mon Sep 02, 2013 2:26 am    Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
strangely, searching this forum with Mr google and the topic of

sftp keygen

gives some interesting answers.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
Tibor
PostPosted: Mon Sep 02, 2013 5:18 am    Post subject: Re: Configurate SFTP failed!!! Reply with quote

Grand Master

Joined: 20 May 2001
Posts: 1033
Location: Hungary
lucas wrote:
...it always failed and the reason is "publickey authentication credentials invalid"

This error is receiving when the publickey authentication is set on SFTP server side (in SSHD), so you should discuss this problem with admin guys on remote server side.

Have you already connected with this account in a direct SSH / SFTP session?
Back to top
View user's profile Send private message
lucas
PostPosted: Mon Sep 02, 2013 6:16 am    Post subject: Re: Configurate SFTP failed!!! Reply with quote

Novice

Joined: 14 Jun 2013
Posts: 17
Tibor wrote:
lucas wrote:
...it always failed and the reason is "publickey authentication credentials invalid"

This error is receiving when the publickey authentication is set on SFTP server side (in SSHD), so you should discuss this problem with admin guys on remote server side.

Have you already connected with this account in a direct SSH / SFTP session?


I use the sftp client to connect the server without any problem.
Back to top
View user's profile Send private message
lucas
PostPosted: Mon Sep 02, 2013 6:23 am    Post subject: Reply with quote

Novice

Joined: 14 Jun 2013
Posts: 17
Here is the error message :
Code:
( SFTPBroker.default ) File node ''File Input'' in message flow ''sftptest'' cannot log in to remote ''SFTP'' server ''9.119.84.165'' with user name ''fams''. Reason: ''publickey authentication credentials invalid''.   

The FileInput or FileOutput node failed to log in after connecting to a remote server. Possible reasons for this failure are that the user name and password were invalid or not known at the remote system, the SFTP or FTP protocol was not observed by the server, accounting information was required but not supplied in the FtpServer definition, or that the server was too busy to respond.   

Ensure that:   
 - The user name and password defined as the 'securityIdentity' with 'mqsisetdbparms' are correct.   
 - The 'account information' is specified on the 'acctInfo' property of the FtpServer definition only if it is required by the remote system.   
 - Local firewall settings do not block access to the remote server.   
 If you modify an FtpServer configurable service definition, restart the broker to pick up the new settings. For more information, see the "FtpServer configurable service properties" topic in the WebSphere Message Broker information center. 
Back to top
View user's profile Send private message
Tibor
PostPosted: Mon Sep 02, 2013 7:57 am    Post subject: Reply with quote

Grand Master

Joined: 20 May 2001
Posts: 1033
Location: Hungary
This problem seems similar to me: http://www-01.ibm.com/support/docview.wss?uid=swg21635824

For more help, I should see the error log on server (sshd) side.

...and as far as I remember, you can follow the ssh connection if you switch the trace for the Execution Group.
Back to top
View user's profile Send private message
Tibor
PostPosted: Tue Sep 03, 2013 5:30 am    Post subject: Reply with quote

Grand Master

Joined: 20 May 2001
Posts: 1033
Location: Hungary
Tibor wrote:
...and as far as I remember, you can follow the ssh connection if you switch the trace for the Execution Group.

I was not sure - so I've tested it again (with a fake account) and tracing is working:
Code:
$ mqsichangetrace RAPTOR -t -e FTP -l normal -r
$ mqsireadlog RAPTOR -t -e FTP -f -o trace.xml
$ mqsiformatlog -i trace.xml -o trace.txt
$ more trace.txt | grep JSCH
2013-09-03 15:16:45.190732     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Connecting to localhost port 22'
2013-09-03 15:16:45.191428     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Connection established'
2013-09-03 15:16:45.202664     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Remote version string: SSH-2.0-OpenSSH_6.0'
2013-09-03 15:16:45.202704     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Local version string: SSH-2.0-JSCH-0.1.39'
2013-09-03 15:16:45.202752     5921   SFTPService.JSCH TRACE  'INFO: ' , 'CheckCiphers: aes256-cbc,aes192-cbc,aes128-cbc'
2013-09-03 15:16:45.204380     5921   SFTPService.JSCH TRACE  'INFO: ' , 'aes256-cbc is not available.'
2013-09-03 15:16:45.204416     5921   SFTPService.JSCH TRACE  'INFO: ' , 'aes192-cbc is not available.'
2013-09-03 15:16:45.204864     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_KEXINIT sent'
2013-09-03 15:16:45.204916     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_KEXINIT received'
2013-09-03 15:16:45.205276     5921   SFTPService.JSCH TRACE  'INFO: ' , 'kex: server->client aes128-cbc hmac-md5 none'
2013-09-03 15:16:45.205316     5921   SFTPService.JSCH TRACE  'INFO: ' , 'kex: client->server aes128-cbc hmac-md5 none'
2013-09-03 15:16:45.213072     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_KEXDH_INIT sent'
2013-09-03 15:16:45.213100     5921   SFTPService.JSCH TRACE  'INFO: ' , 'expecting SSH_MSG_KEXDH_REPLY'
2013-09-03 15:16:45.225420     5921   SFTPService.JSCH TRACE  'INFO: ' , 'ssh_rsa_verify: signature true'
2013-09-03 15:16:45.225792     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Host 'localhost' is known and mathces the RSA host key'
2013-09-03 15:16:45.226024     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_NEWKEYS sent'
2013-09-03 15:16:45.226080     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_NEWKEYS received'
2013-09-03 15:16:45.231080     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_SERVICE_REQUEST sent'
2013-09-03 15:16:45.231248     5921   SFTPService.JSCH TRACE  'INFO: ' , 'SSH_MSG_SERVICE_ACCEPT received'
2013-09-03 15:16:45.250012     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Authentications that can continue: publickey,password,keyboard-interactive'
2013-09-03 15:16:45.250036     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Next authentication method: publickey'
2013-09-03 15:16:45.250096     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Authentications that can continue: password,keyboard-interactive'
2013-09-03 15:16:45.250112     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Next authentication method: password'
2013-09-03 15:16:45.255164     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Authentications that can continue: keyboard-interactive'
2013-09-03 15:16:45.255208     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Next authentication method: keyboard-interactive'
2013-09-03 15:16:45.257812     5921   SFTPService.JSCH TRACE  'INFO: ' , 'Disconnecting from localhost port 22'

... and a new entry received into the syslog:
Code:
Sep  3 15:16:45 xxx Broker v7005[]: (RAPTOR.FTP)[5921]BIP3381E: File node 'FileInput' in message flow 'Test_tnt' cannot log in to remote 'SFTP' server 'localhost' with user name 'test'. Reason: 'password authentication credentials invalid'.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Configurate SFTP failed!!!
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.