FTP to SFTP.
Hi,
My application is using ftp to connect to the server. but now it is going to change to sftp. For that I am not able to get what are the things in need to change in my ftp program to make it support for sftp. The following is the ftpbean class and the methods of the class are used by other classes. sftp is already installed and the environment is ready now. but I am not able to proceed where to modify the java..Please help.
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.*;
import java.net.Socket;
import java.net.ServerSocket;
import java.util.StringTokenizer;
import java.util.Vector;
public class FtpBean
private String server = ""; // server name
private String user = ""; // user name
private String replyMessage = ""; // reply message from server
private String reply = ""; // reply to the command
private Socket socket; // Socket for FTP connection
private BufferedReader in; // Input for FTP connection
private PrintWriter out; // Output for FTP connection
private int port = 21; // FTP port number, default 21
private boolean passive = true; // Passive mode transfer, default true
// Needed for thread safety
private int[] lock = new int[0]; // For synchronized locking
private boolean acquired = false; // Count the number of acquire
private Vector threadSpool = new Vector(); // Spool for the waiting threads
// Needed for some Visual tools
private PropertyChangeSupport pcs; // PropertyChangeSupport for visual tools
final private boolean DEBUG = false; // True to turn on debug mode
* Constructor
public FtpBean()
pcs = new PropertyChangeSupport(this);
* Add PropertyChangeListener
public void addPropertyChangeListener(PropertyChangeListener listener)
pcs.addPropertyChangeListener(listener);
* removePropertyChangeListener
public void removePropertyChangeListener(PropertyChangeListener listener)
pcs.removePropertyChangeListener(listener);
* Connect to FTP server and login.
* @param server Name of server
* @param user User name for login
* @param password Password for login
* @exception FtpException if a ftp error occur (eg. Login fail in this case).
* @exception IOException if an I/O error occur
public void ftpConnect(String server, String user, String password)
throws IOException, FtpException
if (DEBUG) // Debug message
System.out.println("FtpBean: Connecting to server " + server);
acquire(); // Acquire the object
// Set server name & user name
setServerName(server);
setUserName(user);
try {
// Create socket, get input & output stream
socket = new Socket(server, port);
in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
out = new PrintWriter(socket.getOutputStream(), true);
// Read reply code when get connected
getRespond();
if (DEBUG) // Debug message
System.out.println("FtpBean: Connected");
// Login
ftpLogin(user, password); // check if login success
finally {
release(); // Release the object
* Close FTP connection.
* @exception IOException if an I/O error occur
* @exception FtpException if a ftp error occur
public void close()
throws IOException, FtpException
if (out == null)
return;
acquire(); // Acquire the object
try {
ftpCommand("QUIT");
if (!reply.startsWith("221"))
throw new FtpException(reply);
closeSocket();
// Set server name & user name to ""
setServerName("");
setUserName("");
finally {
release(); // Release the object
* Delete a file at the FTP server.
* @param filename Name of the file to be deleted.
* @exception FtpException if a ftp error occur. (eg. no such file in this case)
* @exception IOException if an I/O error occur.
public void fileDelete(String fileName)
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("DELE " + fileName);
if (!reply.startsWith("250"))
throw new FtpException(reply);
finally {
release(); // Release the object
* Rename a file at the FTP server.
* @param oldFileName The name of the file to be renamed
* @param newFileName The new name of the file
* @exception FtpException if a ftp error occur. (eg. A file named the new file name already in this case.)
* @exception IOException if an I/O error occur.
public void fileRename(String oldFileName, String newFileName)
throws IOException, FtpException
acquire(); // Acquire this object
try {
ftpCommand("RNFR " + oldFileName);
if (!reply.startsWith("350"))
throw new FtpException(reply);
ftpCommand("RNTO " + newFileName);
if (!reply.startsWith("250"))
throw new FtpException(reply);
finally {
release(); // Release the object
private boolean isSameSystem()
throws IOException, FtpException
String sysType = getSystemType();
return (sysType.toUpperCase().indexOf("WINDOWS") < 0);
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile File name of local file
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
* @see FtpObserver
public void getAsciiFile(String ftpFile, String localFile)
throws IOException, FtpException
getAsciiFile(ftpFile, localFile, null);
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile File name of local file
* @param observer The FtpObserver which monitor this downloading progress
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
* @see FtpObserver
public void getAsciiFile(String ftpFile, String localFile, FtpObserver observer)
throws IOException, FtpException
if (isSameSystem()) {
getBinaryFile(ftpFile, localFile, observer);
return;
acquire(); // Acquire the object
setTransferType(true); // Set transfer type to ascii
Socket sock = null;
try {
sock = getDataSocket("RETR " + ftpFile, 0);
// Read bytes from server and write to file.
BufferedReader din = new BufferedReader(new InputStreamReader(sock.getInputStream()));
PrintWriter dout = new PrintWriter(new BufferedWriter(new FileWriter(localFile)));
char[] cbuf = new char[2048];
int n;
while ((n = din.read(cbuf, 0, cbuf.length)) != -1) {
if (skipLineSepFilter())
dout.write(cbuf, 0, n);
else {
// filter DOS line-sep to UNIX line-sep
String data = filterLineSep(cbuf, n);
dout.write(data, 0, data.length());
if (observer != null)
observer.byteRead(n);
String data = null;
while ((data = din.readLine()) != null) {
dout.println(data);
if (observer != null)
observer.byteRead(data.length() + 1);
din.close();
dout.close();
sock.close();
getRespond();
if (!reply.startsWith("226"))
throw new FtpException(reply); // transfer incomplete
finally {
release(); // Release the object
public void putAsciiFile(String localFile, String remoteFile, FtpObserver observer)
throws IOException, FtpException
acquire(); // Acquire the object
setTransferType(true);
// if file is to be transferred to MF, without slash, exec quote site cmd
if (!remoteFile.startsWith("/"))
setQuoteSite();
Socket sock = null;
try {
// Read bytes from local file and write to a server.
BufferedReader din = new BufferedReader(new FileReader(localFile));
sock = getDataSocket("STOR " + remoteFile, 0);
PrintWriter dout = new PrintWriter(new BufferedWriter(new OutputStreamWriter(sock.getOutputStream())));
String data = null;
while ((data = din.readLine()) != null) {
//dout.println(data);
dout.write(data);
dout.write("\r\n");
if (observer != null)
observer.byteWrite(data.length() + 1);
din.close();
dout.close();
sock.close();
getRespond();
if (DEBUG) // Debug message
System.out.println("FtpBean: Reply is " + reply);
putAsciiFile()
Changed manner of checking if transfer is complete by checking the
string Transfer Complete in the reply.
For UNIX: Reply is 226 Transfer complete.
For MF: Reply is 250 Transfer completed successfully.
//if (!reply.startsWith("226"))
int m = 0;
if ((m = reply.indexOf("Transfer complete")) < 0)
throw new FtpException(reply); // transfer incomplete
finally {
release(); // Release the object
* Read file from ftp server and write to a file in local hard disk.
* This method is much faster than those method which return a byte array<br>
* if the network is fast enough.<br>
* <br>Remark:<br>
* Cannot be used in unsigned applet.
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile Name of local file to be write, can be in full path.
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
public void getBinaryFile(String ftpFile, String localFile)
throws IOException, FtpException
getBinaryFile(ftpFile, localFile, 0, null);
* Read file from ftp server and write to a file in local hard disk.
* This method is much faster than those method which return a byte array<br>
* if the network is fast enough.<br>
* <br>Remark:<br>
* Cannot be used in unsigned applet.
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile Name of local file to be write, can be in full path.
* @param restart Restarting point
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
public void getBinaryFile(String ftpFile, String localFile, long restart)
throws IOException, FtpException
getBinaryFile(ftpFile, localFile, restart, null);
* Read file from ftp server and write to a file in local hard disk.
* This method is much faster than those method which return a byte array<br>
* if the network is fast enough.<br>
* <br>Remark:<br>
* Cannot be used in unsigned applet.
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile Name of local file to be write, can be in full path.
* @param observer The FtpObserver which monitor this downloading progress
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
* @see FtpObserver
public void getBinaryFile(String ftpFile, String localFile, FtpObserver observer)
throws IOException, FtpException
getBinaryFile(ftpFile, localFile, 0, observer);
* Read from a ftp file and restart at a specific point.
* This method is much faster than those method which return a byte array<br>
* if the network is fast enough.<br>
* Remark:<br>
* Cannot be used in unsigned applet.
* @param ftpFile Name of file to be get from the ftp server, can be in full path.
* @param localFile File name of local file
* @param restart Restarting point, ignored if equal or less than zero.
* @param observer The FtpObserver which monitor this downloading progress
* @exception FtpException if a ftp error occur. (eg. No such file in this case)
* @exception IOException if an I/O error occur.
* @see FtpObserver
public void getBinaryFile(String ftpFile, String localFile, long restart, FtpObserver observer)
throws IOException, FtpException
acquire(); // Acquire the object
setTransferType(false); // Set transfer type to binary
Socket sock = null;
try {
sock = getDataSocket("RETR " + ftpFile, restart);
// Read bytes from server and write to file.
BufferedInputStream din = new BufferedInputStream(sock.getInputStream());
RandomAccessFile dout = new RandomAccessFile(localFile, "rw");
dout.seek(restart);
byte[] data = new byte[1024];
int n;
while ((n = din.read(data)) != -1) {
dout.write(data, 0, n);
if (observer != null)
observer.byteRead(n);
din.close();
dout.close();
sock.close();
getRespond();
if (!reply.startsWith("226"))
throw new FtpException(reply); // transfer incomplete
finally {
release(); // Release the object
* Read a file from local hard disk and write to the server.
* <br>Remark:<br>
* <br>Cannot be used in unsigned applet.
* @param local_file Name of local file, can be in full path.
* @param remoteFile Name of file in the ftp server, can be in full path.
* @exception FtpException if a ftp error occur. (eg. permission denied)
* @exception IOException if an I/O error occur.
public void putBinaryFile(String localFile, String remoteFile)
throws IOException, FtpException
putBinaryFile(localFile, remoteFile, 0, null);
* Read a file from local hard disk and write to the server.
* <br>Remark:<br>
* <br>Cannot be used in unsigned applet.
* @param localFile Name of local file, can be in full path.
* @param remoteFile Name of file in the ftp server, can be in full path.
* @param observer The FtpObserver which monitor this uploading progress.
* @exception FtpException if a ftp error occur. (eg. permission denied)
* @exception IOException if an I/O error occur.
public void putBinaryFile(String localFile, String remoteFile, FtpObserver observer)
throws IOException, FtpException
putBinaryFile(localFile, remoteFile, 0, observer);
* Read a file from local hard disk and write to the server with restarting point.
* Remark:<br>
* Cannot be used in unsigned applet.
* @param localFile Name of local file, can be in full path.
* @param remoteFile Name of file in the ftp server, can be in full path.
* @param restart The restarting point, ignored if less than or greater than zero.
* @exception FtpException if a ftp error occur. (eg. permission denied)
* @exception IOException if an I/O error occur.
public void putBinaryFile(String localFile, String remoteFile, long restart)
throws IOException, FtpException
putBinaryFile(localFile, remoteFile, restart, null);
* Read a file from local hard disk and write to the server with restarting point.
* Remark:<br>
* Cannot be used in unsigned applet.
* @param localFile Name of local file, can be in full path.
* @param remoteFile Name of file in the ftp server, can be in full path.
* @param observer The FtpObserver which monitor this uploading progress
* @exception FtpException if a ftp error occur. (eg. permission denied)
* @exception IOException if an I/O error occur.
public void putBinaryFile(String localFile, String remoteFile, long restart, FtpObserver observer)
throws IOException, FtpException
acquire(); // Acquire the object
setTransferType(false);
Socket sock = null;
try {
RandomAccessFile din = new RandomAccessFile(localFile, "r");
sock = getDataSocket("STOR " + remoteFile, restart);
if (restart > 0)
din.seek(restart);
DataOutputStream dout = new DataOutputStream(sock.getOutputStream());
byte[] data = new byte[1024];
int n;
while ((n = din.read(data)) != -1) {
dout.write(data, 0, n);
if (observer != null)
observer.byteWrite(n);
din.close();
dout.close();
sock.close();
getRespond();
putBinaryFile()
Changed manner of checking if transfer is complete by checking the
string Transfer Complete in the reply.
For UNIX: Reply is 226 Transfer complete.
For MF: Reply is 250 Transfer completed successfully.
//if (!reply.startsWith("226"))
int m = 0;
if ((m = reply.indexOf("Transfer complete")) < 0)
throw new FtpException(reply); // transfer incomplete
finally {
release(); // Release the object
* Get current directory name.
* @return The name of the current directory.
* @exception FtpException if a ftp error occur.
* @exception IOException if an I/O error occur.
public String getDirectory()
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("PWD");
if (!reply.startsWith("257"))
throw new FtpException(reply);
int first = reply.indexOf("\"");
int last = reply.lastIndexOf("\"");
return reply.substring(first + 1, last);
finally {
release(); // Release the object
* Change directory.
* @param directory Name of directory
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
public void setDirectory(String directory)
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("CWD " + directory);
if (!reply.startsWith("250"))
throw new FtpException(reply);
finally {
release(); // Release the object
* Change to parent directory.
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
public void toParentDirectory()
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("CDUP");
if (!reply.startsWith("250"))
throw new FtpException(reply);
finally {
release(); // Release the object
* Get the content of current directory
* @return A FtpListResult object, return null if it is not connected.
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
* @see FtpListResult
public FtpListResult getDirectoryContent()
throws IOException, FtpException
String strList = getDirectoryContentAsString();
FtpListResult ftpList = new FtpListResult();
ftpList.parseList(strList, getSystemType());
return ftpList;
* Get the content of current directory.
* @return A list of directories, files and links in the current directory.
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
public String getDirectoryContentAsString()
throws IOException, FtpException
StringBuffer list = new StringBuffer(""); // Directory list
Socket sock = null; // Socket to establish data connection
acquire(); // Acquire the object
try {
// get DataSocket for the LIST command.
// As no restarting point, send 0.
sock = getDataSocket("LIST", 0);
BufferedReader din = new BufferedReader(new InputStreamReader(sock.getInputStream()));
// Read bytes from server.
String line;
while ((line = din.readLine()) != null)
list.append(line).append("\n");
din.close();
sock.close();
getRespond();
if (!reply.startsWith("226"))
throw new FtpException(reply);
finally {
release(); // Release the object
return list.toString();
* Make a directory in the server.
* @param directory The name of directory to be made.
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
public void makeDirectory(String directory)
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("MKD " + directory);
if (!reply.startsWith("257"))
throw new FtpException(reply);
finally {
release(); // Release the object
* Remove a directory in the server
* @param directory The name of directory to be removed
* @exception FtpException if a ftp error occur. (eg. permission denied in this case)
* @exception IOException if an I/O error occur.
public void removeDirectory(String directory)
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("RMD " + directory);
if (!reply.startsWith("250"))
throw new FtpException(reply);
finally {
release(); // Release the object
* Execute a command using ftp.
* e.g. chmod 700 file
* @param exec The command to execute.
* @exception FtpException if a ftp error occur. (eg. command not understood)
* @exception IOException if an I/O error occur.
public void execute(String exec)
throws IOException, FtpException
acquire(); // Acquire the object
try {
ftpCommand("SITE " + exec);
if (!reply.startsWith("200"))
throw new FtpException(reply);
finally {
release(); // Release the object
private String _ftpSystemType = null;
* Get the type of operating system of the server.
* Return null if it is not currently connected to any ftp server.
* @return Name of the operating system.
public String getSystemType()
throws IOException, FtpException
if (_ftpSystemType != null)
return _ftpSystemType;
acquire(); // Acquire the object
try {
ftpCommand("SYST");
if (!reply.startsWith("215"))
throw new FtpException(reply);
_ftpSystemType = reply.substring(4);
return _ftpSystemType;
finally {
release(); // Release the object
* Return the port number
public int getPort()
return port;
* Set port number if the port number of ftp is not 21
public void setPort(int port)
acquire(); // Acquire the object
pcs.firePropertyChange("port", new Integer(this.port), new Integer(port));
this.port = port;
release(); // Release the object
* Return the server name. Return "" if it is not connected to any server.
public String getServerName()
return server;
* Return the user name. Return "" if it is not connected to any server.
public String getUserName()
return user;
* Get reply of the last command.
* @return Reply of the last comomand<br>for example: 250 CWD command successful
public String getReply()
return reply;
* Get reply message of the last command.
* @return Reply message of the last command<br>for example:<br>
* 250-Please read the file README<br>
* 250-it was last modified on Wed Feb 10 21:51:00 1999 - 268 days ago
public String getReplyMessage()
return replyMessage;
* Return true if it is using passive transfer mode.
public boolean isPassiveModeTransfer()
return passive;
* Set passive transfer mode. Default is true.
* @param passive Using passive transfer if true.
public void setPassiveModeTransfer(boolean passive)
acquire(); // Acquire the object
pcs.firePropertyChange("passiveModeTransfer", new Boolean(this.passive), new Boolean(passive));
this.passive = passive;
if (DEBUG) // debug message
System.out.println("FtpBean: Set passive transfer - " + passive);
release(); // Release the object
* Close the Socket, input and output stream
private void closeSocket()
throws IOException
_ftpSystemType = null;
in.close();
out.close();
socket.close();
in = null;
out = null;
socket = null;
* Read the respond message from the server's inputstream and assign to replyMessage
private void getRespond()
throws IOException
String line = "";
String replyMessage = "";
while (true) {
// Problem.....
line = in.readLine();
if (!checkReply(line))
break;
replyMessage = replyMessage.concat(line).concat("\n");
setReplyMessage(replyMessage);
setReply(line);
* Login to server, using FTP commands "USER" and "PASS"
* @param user FTP username
* @param password FTP Password
private void ftpLogin(String user, String password)
throws IOException, FtpException
ftpCommand("USER " + user); // send user name
ftpCommand("PASS " + password); // send password
if (!reply.startsWith("230")) {
closeSocket();
throw new FtpException(reply);
* Send FTP command to the server.
* @param command The command to be sent
private void ftpCommand(String command)
throws IOException
if (DEBUG) { // Debug message
if (command.startsWith("PASS"))
System.out.println("FtpBean: Send password");
else
System.out.println("FtpBean: Send command \"" + command + "\"");
out.print(command + "\r\n"); // Send command
out.flush();
getRespond();
* Establish data connection for transfer
private Socket getDataSocket(String command, long restart)
throws IOException, FtpException
Socket sock = null;
ServerSocket ssock = null;
// Establish data conncetion using passive or active mode.
if (passive)
sock = getPassiveDataSocket();
else
ssock = getActiveDataSocket();
// Send the restart command if it is greater than zero
if (restart > 0) {
ftpCommand("REST " + restart);
if (!reply.startsWith("350"))
throw new FtpException(reply);
// Send commands like LIST, RETR and STOR
// These commands will return 125 or 150 when success.
ftpCommand(command);
if (!(reply.startsWith("125") || reply.startsWith("150")))
throw new FtpException(reply); // command file
// Get Socket object for active mode.
if (!passive)
sock = ssock.accept();
return sock;
* Establish data connection in passive mode using "PASV" command
* Change the server to passive mode.
* by the command "PASV", it will return its address
* and port number that it will listen to.
* Create a Socket object to that address and port number.
* Then return the Socket object.
private Socket getPassiveDataSocket()
throws IOException, FtpException
ftpCommand("PASV");
if (!reply.startsWith("227"))
throw new FtpException(reply);
// array that holds the outputed address and port number.
String[] address = new String[6];
// put the 'reply' to the array 'address'
StringTokenizer t = new StringTokenizer(reply, ",");
for (int i = 0; i < 6; i++)
address[i] = t.nextToken();
// Get port number.
// Erase all other characters except the port number
// which is at the beginning of the string
String lastPort = "";
int num = 3;
if (address[5].length() < 3)
num = address[5].length();
for (int i = 0; i < num; i++) {
if (Character.isDigit(address[5].charAt(i)))
lastPort = lastPort + address[5].charAt(i);
// assign last port number to address[5]
address[5] = lastPort;
// Get the port number
// Left shift the first number by 8
int newPort = (Integer.parseInt(address[4]) << 8) + Integer.parseInt(address[5]);
// Create a new socket object
Socket sock = new Socket(getServerName(), newPort);
return sock;
* Establish data connection in active mode using "PORT" command.
* It create a ServerSocket object to listen for a port number in local machine.
* Use port command to tell the server which port the local machine is listenning.
* Return the ServerSocket object.
private ServerSocket getActiveDataSocket()
throws IOException, FtpException
int[] portNumbers = new int[6]; // Array that contains
// Get ip address of local machine. ip address and port numbers
String localAddr = socket.getLocalAddress().getHostAddress();
// Assign the ip address of local machine to the array.
StringTokenizer st = new StringTokenizer(localAddr, ".");
for (int i = 0; i < 4; i++)
portNumbers[i] = Integer.parseInt(st.nextToken());
ServerSocket ssocket = new ServerSocket(0); // ServerSocket to listen to a random free port number
int localPort = ssocket.getLocalPort(); // The port number it is listenning to
// Assign port numbers the array
portNumbers[4] = ((localPort & 0xff00) >> 8);
portNumbers[5] = (localPort & 0x00ff);
// Send "PORT" command to s
You would have to pick a library to do that. There are several commercial libraries. Out of the open source ones, the most mature one seems to be Ganymed SSH-2.
Similar Messages
-
FTPS or SFTP for file scenario. Suggstions
Hi,
I have searched blog in sdn but do not get good blogs/links.
For File scenario which to use FTPS or SFTP.
How to do the configuration in XI and Visual admin.
Full points will be awarded.Hi,
1) SFTP (Secure File Transfer Protocol)
"SSH File Transfer Protocol" or SFTP is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer. SFTP encrypts the session, preventing the casual detection of username, password or anything that is being transmitted. One key benefit to SFTP is its ability to handle multiple secure file transfers over a single encrypted pipe. By using a single encrypted pipe, there are fewer holes in the corporate firewall.
SFTP:
As per the latest SAP PI/XI support pack, it does not support SFTP via File Adapter.
So alternative approach to cater this requirement from XI is to make use of Unix Script at OS level to transfer the files from/to third-party systems.
Inbound Interface - i.e. third-party system ->XI->SAP:
File is transferred to a folder in SAP XI landscape from the third-party legacy system using UNIX Script with secured protocol. Once the file is ready in the XI landscape, File Adapter will poll this directory and file is picked up by NFS protocol.
Outbound Interface i.e. SAP->XI->third-party system:
XI is responsible for writing a file into a folder in the XI landscape. These files are transferred to the third-party system by executing UNIX scripts with secured protocol i.e. via sFTP.
Pre-Requisites:
Public key should be exchanged between external systems and the PI system.
UNIX shell script has to be developed and scheduled.
Advantages:
Highly Secured.
Ability to handle multiple secure file transfers over a single encrypted pipe .By using a single encrypted pipe, there are fewer holes in the corporate firewall.
Disadvantages:
Two-Step process i.e. XI>Temporary folder>External System and vice-versa
Files have to be temporarily stored in XI server.
Multiple failure points i.e. XI and Unix script execution
Maintenance of an external UNIX script.
Difficulty in monitoring the execution of the shell script as it cannot be monitored thru XI.
Need to generate keys and install it in the SFTP site as a pre-requisite i.e. SFTP clients must install keys on the server.
SFTP uses keys rather than certificates. This means that it can't take advantage of the "chains of trust" paradigm facilitated through Certificate Authorities.
Files from the XI server should be deleted/archived in a periodic manner to increase the disc space so that it will increase the performance.
Note: UNIX shell Script can be executed as a background job or' can be triggered from SAP XI through OS command at File adapter level.
Secure FTP (SSH) with the FTP Adapter
Secured File Transfer using SAP XI
Secure FTP in SAP XI
SFTP (FTP over SSH) in XI
/people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi
encryption adapters or how to secure data
/people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi
Regards,
Phani
Reward points if Helpful -
Stetting up FTP and SFTP adapters for the same interface
Experts-
I have a situation in which client has a requirement to setup both FTP and SFTP adapters (from adapetive adapters) for the same interface. They want to have a copy of file locally and also want a file to be sent out securly using SFTP. In my interface which was previously developed they have used one business system and added FTP and SFTP to the same. If try to add new Receiver Agreement it will say that the object already exists as the Interface Mapping is same.
Please send me any suggestions which would resolve my problemHi Hari,
As you cannot create two Receiver agreement using only one receiver interface , please create a new receiver Interface, add that in interface determination step and then assing a different channel to new receiver agreement.
If your requirement is to store the file ,i would suggest write the file in your unix directory using NFS( /usr/sap...). then run a AFT job (if already set up in your landscape) to transfer file securly to target destination.Not sure if its feasible in your case otherwise you can use SFTP for the secure transfer.
Best Regards
Srinivas -
Hi All,
I am using a FTP connection interface...there is a new requirement from one of the customer to have SFTP(SSH FTP)..But the current version of PI i use doesn’t support SFTP….i am looking for alternative approach for making FTP as SFTP.
can any one help me.Hi Naresh,
Which version of PI are you using?
The new secure connectivity Add-on is available for free.
New ADD-ONs (B2B and SFTP-PGP) for SAP NetWeaver Process Orchestration: Released and Available
You can check OSS note 1695563 to see if your version supports the new SFTP adapter. Maybe if it does not, you can consider upgrading to the latest SP in order to support it.
Rgds
Eng Swee -
hi, what is the difference between FTPS and SFTP and does XI support FTPS and SFTP. Please elaborate.
krishnanHi also have a look at this
if u want to view the difference between FTPS (that XI supports) and SFTP, please refer this link
http://www.enterprisedt.com/forums/viewtopic.php?p=136&sid=28d66491b43c6bf90448deea4936bc15
HTTPS / SFTP with XI
Hey have a look at the following also
http://en.wikipedia.org/wiki/FTPS
Thanks !! -
FTP (using SFTP) Reponse in Java
How can i get some response from the server saying that file uploaded successfully?
public void doUpload() throws IOException {
SshParameters params = new SshParameters(ftpHostname, ftpUsername,
ftpPassword);
Sftp ftp = new Sftp(params);
ftp.addSftpListener(new ConnectToUpload());
ftp.connect();
String listing = ftp.getDirListingAsString();
System.out.println(listing);
ftp.setLocalDir(new File("C:/tmp"));
System.out.println(ftp.getLocalDir());
ftp.setDir("//dropzone/inbound/moneymarket/mmconfirmations/dev");
ftp.setAscii();
ftp.setBinary();
ftp.upload("TestUpload.txt");
ftp.disconnect();
System.out.println("Connection is FTP Site : " + ftpHostname
+ " has now disconnected");
}Hi I added the following to my code
InputStream fis = null;
byte buf[] = new byte[8192];
System.out.print(buf);
and get a [B@186db541199 reply
I am not sure what does this mean or does is mean anything -
Apple Remote Desktop vs. FTP vs SFTP vs PC
Complex one this, and its driving me mad - can anyone advise
Background: two small networks in different locations with different ISPs. Both behind routers. All necessary ports opened. The primary objective was to have access between two macs to allow Remote Control and file sharing via FTP or, better still, SFTP (using Transmit). Everything was fine and the Macs could connect to each other everywhich way.
Then I was forced to do a complete reinstall on one of the macs
Current situation: Remote Desktop continues to work fine both ways. The (Intel) Mac with the reinstall will only connect via SFTP (FTP times out). The other Mac will not communicate with the Intel Mac at all with either FTP or SFTP. But the PC alongside it will connect using FTP through the same router
Any clues?Just had some success establishing the SFTP connections in both directions.
Trying to SFTP into the Intel mac here reported a message:
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): Someone could be eavesdropping on you right now (man-in-the-middle attack)!
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): It is also possible that the RSA host key has just been changed.
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): The fingerprint for the RSA key sent by the remote host is
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): xxxxxx (number deleted)
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): Please contact your system administrator.
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): Add correct host key in /Users/PP/.ssh/known_hosts to get rid of this message.
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): Offending key in /Users/PP/.ssh/known_hosts:1
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): RSA host key for xx.xx.xx.xx has changed and you have requested strict checking.
Aug 13 16:03:08 BigMac Fetch 5.2.1 (5C263): Host key verification failed.
I guess the host number changed as a result of the earlier system reinstall
Anyhow, I made hidden files visible using Tinker Tool, found the known_hosts file in the Home/.ssh folder - then deleted its contents on both machines
When I went to log on using SFTP in Fetch, there was a brief "are you sure" king of warning then it connected. This worked in both directions
Still can't get the FTP working in either direction though.
Trying to connect From the Intel to the Mac I get:
Fetch 5.2.1 (5C263): Fetch could not get the file list because data connections were blocked by both a firewall at the server and by the Mac OS X firewall. (Ask the server administrator to allow passive mode data connections through their firewall, or turn off the Mac OS X firewall in the Sharing pane of System Preferences.)
From Mac to Intel I get:
Fetch 5.2.1 (5C263): Fetch could not get the file list because the connection was refused. (Contact the server administrator for more information.)
Logs show that a communication is taking place between the computers, but the ipfw.log shows a "12190 Deny TCP" message -
Hi,
I am using one shell script for file transfer wich is currently using ftp.
Now I have a requirment to use sftp instead of ftp.
Below is the script which is being used for file transfer.....
============================
set -x
#!/bin/sh
# Command line parameters are
# 1- File name
# 2- Host
# 3- User ID
# 4- Password
# 5-Virtual Folder
# 6-Retry Interval
# 7- No of Retries
# 8- FTP result Directory
# 9- MAIL TO ADDRESS
#10- Ascii File Directory
#echo $@ > /tmp/myparams.lst
FILE=$5
HOST=$6
USER=$7
PASSWD=$8
VIRTUAL_FOLDER=$9
RETRY_INTERVAL=10
NUM_RETRIES=3
FTP_RESULT_DIR=/data/tmp
MAIL_TO_ADDR=[email protected]
FILE_DIR=/data/tmp
BASE=" "
I=0
RESULT_DIR="${FTP_RESULT_DIR}"
LOG_DIR="${FTP_RESULT_DIR}/MY_DATA_FILE_SSS.log"
rm MY_DATA_FILE_SSS.log
function connect
ftp -nv $HOST > $LOG_DIR <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
lcd $FILE_DIR
if [ $FILE="MY_DATA_FILE" ] then
quote site recfm=fb
quote site lrecl=111
pwd
put $FILE 'MY_DATA_FILE_SSS'
fi
quit
END_SCRIPT
while [ $I -lt $NUM_RETRIES ]
do
connect
if grep "Transfer complete" $LOG_DIR
then
echo "Success"
exit 0
elif [ $I -lt $NUM_RETRIES ]
then
# echo "Error1"
((I=I+1))
sleep $RETRY_INTERVAL
else
echo "error"
exit 0
fi
done
SUBJECT="FTP to ${HOST} Done"
mailx -s "${SUBJECT}" $MAIL_TO_ADDR < $LOG_DIR
======================================
Can anybody help me to replace the ftp with sftp in this script?
Thanks in Advance,
RoopakIt is not that difficult. The main difference is that sftp uses a different means of authentication. Thus the username and password (and ftp quote ) commands are not relevant.
As for the sftp list of commands - very similar to ftp. I suggest that you try this conversion yourself. Will be a valuable exercise that will increase your knowledge.
The list of commands:
sftp> help
Available commands:
cd path Change remote directory to 'path'
lcd path Change local directory to 'path'
chgrp grp path Change group of file 'path' to 'grp'
chmod mode path Change permissions of file 'path' to 'mode'
chown own path Change owner of file 'path' to 'own'
df [path] Display statistics for current directory or
filesystem containing 'path'
help Display this help text
get remote-path [local-path] Download file
lls [ls-options [path]] Display local directory listing
ln oldpath newpath Symlink remote file
lmkdir path Create local directory
lpwd Print local working directory
ls [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put local-path [remote-path] Upload file
pwd Display remote working directory
exit Quit sftp
quit Quit sftp
rename oldpath newpath Rename remote file
rmdir path Remove remote directory
rm path Delete remote file
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help -
We are using the FTP Adapter to connect to a SFTP Server. The Adapter has the properties
useSFTP = true
authenticationType = publickey
privateKeyFile = location of the SSH keys
port = 22
username = user name provided to connect to the SFTP server
hostname = hostname of SFTP Server
We are able to connect using the UNIX command prompt
When invoking the Adapter from a BPEL process, we are getting the error
Error in establishing a session with SSH Server..
Unable to establish a session with the server.
Please ensure hostname and port specified to login to the server are correct.
; nested exception is:
ORABPEL-12511
Adapter Framework unable to create outbound JCA connection.
file:/u01/oracle/product/bpel/domains/tbm/tmp/.bpel_TestService_2.1_ecd5849bfbf7e69719c02bd12091c054.tmp/plTestData_Archive.wsdl [ Put_ptt::Put(Invoice) ] - : The Adapter Framework was unable to establish an outbound JCA connection due to the following issue: ORABPEL-11447
Error in establishing a session with SSH Server..
Unable to establish a session with the server.
Please ensure hostname and port specified to login to the server are correct.
Please examine the log file for any reasons. Enable DEBUG logging in the BPEL Console.
Could you please let me know if I am missing something here?Check if your able to do sftp at command line from the server where BPEL is running.
--Prasanna -
I am bit confused about all this B2B scenarios.
Our setup:
Existing
PI Server || firelwall || DMZ || Firewall -
> destination (abc company)
Proposed
PI Server || firelwall || DMZ Adapter Engine || Firewall -
> destination (abc company)
Flat file is in a folder - which has to be dropped to the destination. As we have port restriction in our firewall for PI for any ftp/ftps/sftp - we are planning to put Adapter engine in the DMZ.
Will this work?
Q1. To send a file on ftps - will we configure File sender adapter with certificates.
I am trying to install certificates on java stack it is looking for password for the private key but on ABAP stack it didn't ask for any key.
The abc company says it doesn't have any password. It could be a reason why https coud not drop files and now want to try ftps / sftp.
It is really frustrating to use PI for B2B. I will not recommend it again to any one. Thanks in advance.Hi,
Flat file is in a folder - which has to be dropped to the destination. As we have port restriction in our firewall for PI for any ftp/ftps/sftp - we are planning to put Adapter engine in the DMZ.
Will this work?
Yes, this should work.
Q1. To send a file on ftps - will we configure File sender adapter with certificates.
Sender File Adapter? If you using J2SE AE, then from IE to AE, you will need receiver XI adapter. Check the Certificate Management in AE.
SFTP uses keys and not certificates. FTPS exchanges certificates.
It is really frustrating to use PI for B2B. I will not recommend it again to any one.
PI is a real robust tool for B2B integration. I guess, there are some flaws in the design, that's why you are feeling frustrated.
Hope this helps.
Regards,
Neetesh
Edited by: Neetesh Raj on Sep 16, 2009 8:46 AM -
What to use FTPS or SFTP and how?
Clent has send public key can be put it on FTPS (using it as Keystore)and use it and transfer of file take place or we have to go for SFTP i.e writing UNIX script and from PI application server we have to send.
Hey
You use FTPS(FTP with SSL encryption) when you need to transfer encrypted message.the channel via which you transfer the message can be a regular channel(like internet) but the message is encrypted by using various private.public key security algorithms.
You need to do FTPS and can follow the below article
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51?overridelayout=true
SFTP(SSH with FTP) on the other hand needs a dedicated transfer channel,you connect to SFTP servers by logging to channels which protect any intrusion.to implement SFTP you need to buy third party adapters like SeeBurger or develop your own modules.You also need to buy license for FTP SSH server like FTP VAN,AS2 etc
So the bottom line is,in FTPS the payload is encrypted but the channel can be secure or regular channel(like internet) but in SFTP the channel itself is secure and only people who have access to it can transfer files over it.
Hope that helps
Thanks
Aamir
Edited by: Aamir Suhail on Jun 27, 2009 8:00 PM -
Looking for free SFTP (does commons-net-1.4.1.jar only support ftp not sftp
where can a i find a free open source secure ftp package
see http://www.jcraft.com/jsch/index.html
Its a pure Java implementation of ssh2. Also used by ant and eclipse -
Hello!
I have a question
I have a Lab (classroom) running Tiger 10.4.11, all machines has the same configurations and the same Users (an Admin User and "Limited User")they are configured to use ftp, but when the users connect via ftp they can get accesses a total local Volume.
and i need to know how can i restring the "Limited User" that only can get accesses their home?
Ok why ?
Because sometime they use "Transmit" and with transmit they can get accesses a total local Volume, of corse they don't has permission to delete or write on local volume, only in Home directory.
Is possible to restring the "Limited User" a their Home only?
Thanks!BDAqua wrote:
Hi, not 100% certain, but possibly restricting with Sharepoints...
http://www.hornware.com/sharepoints/
thank for your answer!
But it´s not exactly that i want to do.
follow this link
http://www.sveinbjorn.org/macosxftpserverhowto
under the title "Configuring the FTP server" paragraph:
chroot
+Although this is adequately documented in the ftpd man page, it is worth discussing shortly: chroot-ing is a very important thing to do when providing a publicly accessible FTP server. If FTP users are chrooted, they will be unable to navigate the entire directory structure of the server. This is essential for security reasons.+ -
SFTP and the FTP Log - DW MX2004
Can anyone tell me why DW MX2004's FTP Log just records blank
lines when using SFTP? Is there a way to change this and do later
versions do the same thing?
Thanks!Folks:
Problem solved.
It's clear that FTP and SFTP are fundamentally different protocols, but the DW protocol selection strongly implies similarity by offering SFTP as a minor option under the main selection of FTP. I think it would be much clearer if SFTP were offered as a major option -- and then there would be an opportunity for offering SFTP options, too.
Here's a way of distinguishing which of these two is active: Connecting to the target site using FTP results in a succession of text entries in the optionally viewable FTP log -- no surprise. I discovered that connecting to the same site with the same credentials and the addition of checking the "Use SFTP" option results in only line feeds --scrolling, but no visible text-- in the FTP log window. I guess that's a reasonable though a bit indirect way of informing users that the link is active and secure. (What does one do to diagnose problems with SFTP for hosting services that don't support FTP? I don't know there are such services but it should be the great majority of them.) Works in DW CS3 but I didn't check CS5.
Another option, untested but fairly obvious: It's fairly easy these days to control host s/w (personal) firewalls -- even for low-tech users. Establish and verify a link to your server using SFTP, then disable FTP; the link should fail. And vice-versa. This meets my specification of "simple" and should be available with no extra expense and little trouble.
Brief Editorial: From the recent reading I've done on FTP versus SFTP, it is clear that the time to discontinue all support for FTP is long past.
hen3ry -
Does the FTP Adapters support SFTP?
I have an application set up with several ftp adapters. The company are changing from ftp to sftp. Does the interconnect suppoert sftp?
Thanks.Transferring files from a to b, does the Interconnect support, or can make use of, any of the secure file transfer protocols?
Maybe you are looking for
-
Buy Book doesn't work in iPhoto 6
I have completed a Photo Book. However, pressing Buy Book does nothing at all. I have bought Apple iPhoto books before without any problems. One-click ordering is enabled for my account in the Apple Store (heard this as one possible solution) and I h
-
Deployment Exception after restore BPM Project from Consolidation system
Hi everybody, in order to restore my bpm project in NWDS i overwrite all files under "_comp" folder with the same files from the cons_track After that i could build and activate the project but i can not deploy it to the application server. The old p
-
Lens Profiles not showing up (manual focus lenses)
I am trying to create profiles for a few manual focus lenses. The profiling process seems to go as it should and I create and save a profile. When I go to Photoshop > Lens Correction, however, the profiles I just created don't appear. Clearly there i
-
Where to type the name of a song I want to buy, at store page nothing seems to be interactive. Thanks Vladimir
-
Internet Explorer doesn't handle Flash Form on a single page
On FireFox 2.0.0.12 (Linux), the attach code displays two accordions. On Internet Explorer 7 (Windows XP), only one accordion is displayed. First, How do I determine if this Internet Explorer or a Flash error? Second, Is there a fix? <!--- Code --->