SFTP and FTPs with jsse

Similar Messages

• SAP XI support SFTP and FTPS?

  Hi Gurus,
    I would like to find out if SAP XI supports both SFTP and FTPS. If yes, how do I perform the configuration?
  Thanks in advance.

  Business Case:
  In many implementations Business requirement is to "secure" the file/data transfer between XI and any third-party system. So there is a need of secured connection between XI/PI and any file based third-party legacy systems.
  Following solutions are proposed to cater secure connection between XI/PI and any third party systems.
  1) SFTP (Secure File Transfer Protocol)
  "SSH File Transfer Protocol" or SFTP is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer. SFTP encrypts the session, preventing the casual detection of username, password or anything that is being transmitted. One key benefit to SFTP is its ability to handle multiple secure file transfers over a single encrypted pipe. By using a single encrypted pipe, there are fewer holes in the corporate firewall.
  2) FTPS (FTP over SSL)
  FTPS (FTP-SSL) is a real ftp that uses TSL/SSL to encrypt the control session and if required the data session. With FTPS, the control session is always encrypted, but the data session may not be always encrypted. FTPS is a file transport layer on top of SSL. SSL, or Secure Sockets Layer, is a method by which an encrypted u2018pipe' or tunnel is established between the FTP client and FTP server. Once the secure tunnel has been established (which is done using 128-bit encryption techniques), standard FTP is used to transfer data over the secure connection.
  Feasibility of SFTP and FTPS in XI:
  SFTP:
  As per the latest SAP PI/XI support pack, it does not support SFTP via File Adapter.
  So alternative approach to cater this requirement from XI is to make use of Unix Script at OS level to transfer the files from/to third-party systems.
  Inbound Interface - i.e. third-party system ->XI->SAP:
        File is transferred to a folder in SAP XI landscape from the third-party legacy system using UNIX Script with secured protocol. Once the file is ready in the XI landscape, File Adapter will poll this directory and file is picked up by NFS protocol.
  Outbound Interface u2013 i.e. SAP->XI->third-party system:
        XI is responsible for writing a file into a folder in the XI landscape. These files are transferred to the third-party system by executing UNIX scripts with secured protocol i.e. via sFTP.
  Pre-Requisites:
  Public key should be exchanged between external systems and the PI system.
  UNIX shell script has to be developed and scheduled.
  Advantages:
  Highly Secured.
  Ability to handle multiple secure file transfers over a single encrypted pipe .By using a single encrypted pipe, there are fewer holes in the corporate firewall.
  Disadvantages:
  Two-Step process i.e. XI>Temporary folder>External System and vice-versa
  Files have to be temporarily stored in XI server.
  Multiple failure points i.e. XI and Unix script execution
  Maintenance of an external UNIX script.
  Difficulty in monitoring the execution of the shell script as it cannot be monitored thru XI.
  Need to generate keys and install it in the SFTP site as a pre-requisite i.e. SFTP clients must install keys on the server.
  SFTP uses keys rather than certificates. This means that it can't take advantage of the "chains of trust" paradigm facilitated through Certificate Authorities.
  Files from the XI server should be deleted/archived in a periodic manner to increase the disc space so that it will increase the performance.
  Note: UNIX shell Script can be executed as a background job u2018or' can be triggered from SAP XI through OS command at File adapter level.
  FTPS (File Transfer Protocol Using SSL/TLS):
  This is a built-in feature of File adapter in XI. But SAP Java Cryptographic Toolkit must be deployed as a prerequisite. (Refer to note https://service.sap.com/sap/support/notes/821267 Question 28). By default following ports are used:
  Implict FTPs 990 (Control) and 989 (Data)
  Explicit FTPs 21 (Control) and 20 (Data)
  Both use cases can be combined with active and passive mode.
  Advantages:
  Direct transfer of files to/from third-party systems. It is not required to store the files in the XI server temporarily.
  Built-In feature from XI File adapter
  No extra effort in development and maintenance of Unix Script.
  Centralized Monitoring tool from XI
  FTPS uses certificates and therefore can take advantage of "chains of trust" paradigm facilitated through Certificate Authorities. This paradigm makes it possible for two entities to establish a trust relationship without directly exchanging security information, which is important for some applications.
  Disadvantages:
  Requires opening multiple ports forenabling SSLin the firewall. So there are multiple holes in the corporate firewall.
  Not every FTP server supports FTPS and many that do, require a configuration change to activate the FTPS protocol extension.
  Cryptographic toolkit should be installed in XI system though it is not very complex or expensive.
  Conclusion:
  Though SFTP seems more secure as it works through one port, FTPS is easier to configure, monitor and maintain from XI point of view. However, the decision depends on many parameters like, cost/effort, flexibility in use, ease of maintenance, company security policy, failure possibilities etc.
  regards
  kummari

• SFTP and passkeys with Dreamweaver 8

  I've been using WinSCP3 to manage a site but would like to
  set up Dreamweaver to manage it so I can directly edit and check
  in/out etc. Basically I want all the niceties of a decent GUI
  rather than having to edit files through WinSCP.
  With WinSCP I use a locally stored passkey file and provide
  the username and password to WinSCP when prompted but I can't
  figure out how to configure Dreamweaver to connect using this
  passkey so my logon details are always rejected (despite being
  correct).
  Anyone had eny experience with this issue before and managed
  to get round it?

  Hi there,
  Try after rebooting your system or in a different user account on MAC.
  Is there any limit with number of login sessions with your SFTP?
  Could you check with Filezila or similar FTP client and connect to your site, see if you get any error there?
  Thanks.

• Can I set up my own domain email and FTP with iCloud?

  Hi,
  I have my own domain name and I would like to have my own domain email using iCloud. Is that possible?
  Also, if I buy storage, can I set up a FTP so I can share files with working clients?
  I noticed Google Apps let you do these things but since I am a Mac guy I am wondering if iCloud would be easier to set up and manage it.
  Thanks for any feedback.

  You cannot use your own domain name with iCloud email - it handles only its own email. The only thing you can do is forward email from your domain's email account to iCloud, but then you can't answer using it as you can only send using iCloud's outgoing server with the iCloud address as the 'From' address.

• DW on Mac, CS3/CS5 using SFTP and/or FTP, need it secure!

  Folks:
  DW CS3 or CS5 running on an quad-Intel iMac, 10.6.4, connecting to a host that uses identical credentials for SFTP and FTP.
  It's important to be assured that the connection is in fact secure.
  If you set  "connect using SFTP" will DW CS3 complain if the connection cannot be made securely?  Will DW then default to ordinary, insecure FTP?  If so, will DW inform you?   Is there an easy way of verifying the current connection mode, SFTP or FTP, within DW? (The FTP connection log does not say.)  Is there an easy way of doing it in MacOS or with a simple utility? (Can be done, but not conveniently, with L'il Snitch.)
  Is DW CS5 any different?
  TIA,
  hen3ry

  Folks:
  Problem solved.
  It's clear that FTP and SFTP are fundamentally different protocols, but the DW protocol selection strongly implies similarity by offering SFTP as a minor option under the main selection of FTP.    I think it would be much clearer if SFTP were offered as a major option -- and then there would be an opportunity for offering SFTP options, too.
  Here's a way of distinguishing which of these two is active:  Connecting to the target site using FTP results in a succession of text entries in the optionally viewable FTP log  -- no surprise.   I discovered that connecting to the same site with the same credentials and the addition of checking the "Use SFTP" option results in only line feeds --scrolling, but no visible text-- in the FTP log window.  I guess that's a reasonable though a bit indirect way of informing users that the link is active and secure.   (What does one do to diagnose problems with SFTP for hosting services that don't support FTP?  I don't know there are such services but it should be the great majority of them.)  Works in DW CS3 but I didn't check CS5.
  Another option, untested but fairly obvious:  It's fairly easy these days to control host s/w (personal) firewalls -- even for low-tech users.  Establish and verify a link to your server using SFTP, then disable FTP; the link should fail.  And vice-versa.  This meets my specification of "simple" and should be  available with no extra expense and little trouble.
  Brief Editorial:  From the recent reading I've done on FTP versus SFTP,  it is clear that the time to discontinue all support for FTP  is long past.
  hen3ry

• What to use FTPS or SFTP and how?

  Clent has send public key can be put it on FTPS (using it as Keystore)and use it and transfer of file take place or we have to go for SFTP i.e writing UNIX script and from PI application server we have to send.

  Hey
  You use FTPS(FTP with SSL encryption) when you need to transfer encrypted message.the channel via which you transfer the message can be a regular channel(like internet) but the message is encrypted by using various private.public key security algorithms.
  You need to do FTPS and can follow the below article
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51?overridelayout=true
  SFTP(SSH with FTP) on the other hand needs a dedicated transfer channel,you connect to SFTP servers by logging to channels which protect any intrusion.to implement SFTP you need to buy third party adapters like SeeBurger or develop your own modules.You also need to buy license for FTP SSH server like FTP VAN,AS2 etc
  So the bottom line is,in FTPS the payload is encrypted but the channel can be secure or regular channel(like internet) but in SFTP the channel itself is secure and only people who have access to it can transfer files over it.
  Hope that helps
  Thanks
  Aamir
  Edited by: Aamir Suhail on Jun 27, 2009 8:00 PM

• How to set up a FTP and web server and integrate with DMM 5.2

  Hi All ...
  I need to set up a external server only for content publishing to reduce the overhead of the DMM server .
  can anyone guide me on how to set up the external server and intergrate it with the DMM 5.2
  Thanks

  semuthu,
  Notes from the Release Notes:
  Compatibility Limitations with Microsoft Internet Information Server (IIS)
  DMPs that use firmware release 5.2 are compatible with only one version of Microsoft Internet Information Server.
  That supported version is IIS 6.0 for Windows 2003 Enterprise. If you do not have the supported IIS version but
  want your DMPs to retrieve assets from a webserver, we recommend that you use Apache instead of IIS.
  I would suggest using Apache instead of IIS for the webserver service. IIS can be used as FTP if needed.
  There are plenty of Documents on the Web about setting up Apache and FTP for servers.
  Using Apache with Microsoft Windows
  http://httpd.apache.org/docs/2.0/platform/windows.html
  Quick HOWTO : Ch20 : The Apache Web Server
  http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch20_:_The_Apache_Web_Server
  Once the Webserver is setup and operational. You simply store your media content on the Webserver
  and then have your DMS assets in the media library use an external URL address for its location.
  If you want to use external server for other features in the DMM, you can can see how to configure
  here:
  http://www.cisco.com/en/US/partner/docs/video/digital_media_systems/5_x/5_1/dmm/user/guide/dsm+etv.html#wp1073210
  Goto the section right below ACNS & WAAS..
  If this answers your question, Please take time to mark this
  discussion answered & rate the response.
  Thank You!
  T.

• Index problems with iweb 09 and ftp uploads

  Hi,
  after several issues with the site i eventually re-built and published with iweb 09's built in ftp.
  The problem i have is that the published site goes in a folder called Site on my server but the index page that redirects to the welcome.html file doesn't direct it to inside the site folder. This means when i navigate to the site it comes up as welcome.html not found on this server.
  I've resorted to filezilla again as when i publish to a local folder and upload it works ok.
  I still want to resolve this as the iweb ftp will publish just the canges so is loads quicker.
  I imagine the only way to resolve this is to change the settings in the iweb site settings page.
  does anyone know if i need to tell iweb a different path other than the server url.
  EG; my url is www.thepaddyproject.co.uk
  iweb put the site on the server ok (www.thepaddyproject.co.uk/Site
  the index page needs to redirect to www.thepaddyproject.co.uk/Site/Welcome.html
  any help appreciated
  Paul

  Posted by me in error.

• Java 1.3 with JSSE 1.0.3 and TLSv1

  We have a customer who wants to restrict ssl connections to only use TLSv1. Unfortunately, our lower end platform still runs a java 1.3 equivalent with JSSE 1.0.3_04 which doesn't have setEnabledProcotols(...) on the SSLSocket and SSLServerSocket classes. Is there another way to enforce this type of restriction?
  Regards,
  Bill

  Unfortunately our code is both client and server. The hardware limits us currently to supporting a 1.3 vm. Our new products support newer vms but we still have to support our legacy hardware. It's typical that embedded platforms trail the mainstream.

• Troubles with communications between Deck and FTP

  There appears to be a problem in the communication between the deck and the Final Cut Pro system. Audio and Video signal does to not appear to waver in anyway.
  In FCP Log and Capture mode, the incoming or deck Time Code display briefly flickers/scrambles, which is simultaneous to a flicker between "VTR OK" and "No Communication" in the Comm Status display. The FCP system interprets this a new tape being inserted into the deck and stops playback.
  This communication breakdown is random, as multiple playbacks over the same stretch of tape result in varying stoppages, and there is never any kind of flicker in the timecode display on the deck.
  When I attempt to "Capture Now" from a "Non-Controllable Device", the FCP gives a warning that it cannot digitize when a device is not chosen in my capture settings, even though a device is most certainly chosen.
  In case the "Custom Easy Set Up" had become corrupted, I created a new "Easy Set Up" that resulted in the exact same outcome. I have also unconnected all cables, found no broken or bent pins, and re-connected the cables but to no avail.
  FCP Version 5.1.4, the deck is JVC HD-050U, and the serial port is R-422 through a Kona Interface.
  Does anyone have any ideas?

  check in your Kona control panel to see what the Kona is seeing on input as far as video is concerned.That deck has component HD out, no HDSDI. take a look at
  http://www.convergent-design.com/CDProductsHDConnectMI.htm
  for future continued use of that deck. check your deck that it is enabled for 422 control and that Timecode is auto (LTC and VITC) also verify LTC and VITC is selected in your device control preset. My guess is your kona is trying to see standard def component and the deck isn't set to downconvert.
  I normally bring in the camera and bump up to DVCProHD 720 via HD-SDI w clone code, and work with DVCProHD

• SFTP connection issue with Dreamweaver 2014

  I have a very weird SFTP connection issue with Dreamweaver CC (2014). I am on a Mac running 10.9.4 and have no problem connecting to my server through SFTP with Dreamweaver CS 6. However, using the exact same settings on CC (2014), I get the following error: "An FTP error occurred - cannot make connection to host. Your login or password is incorrect. Please check your connection information".
  I am truly at a loss here. Command line connection works without problems.
  Any thoughts?

  Hi there,
  Try after rebooting your system or in a different user account on MAC.
  Is there any limit with number of login sessions with your SFTP?
  Could you check with Filezila or similar FTP client and connect to your site, see if you get any error there?
  Thanks.

• FTPS Sender and FTPS Receiver adapter. Pls help

  Hi All,
  I need to make file to file scenario with secure connection
  I am using FTP Sender and Receiver Adapter with Connectivity
  as FTPS.
  Please let me know the steps I need to do for this
  1. Integration Directory
  2. If I need to generate certificates what steps I need to do:
      a. How to generate certificates
      b. Where to install these certificates like File Servers, XI
          Server etc.
  3. How to use these certificates in File Server, Integration
     Directory etc.
  Please send me a document to do all steps.
  In advance thanks and Full Points will be awarded.
  Regards

  Hi,
  Deploy SAP Java Cryptographic Toolkit.&
  Add the CA certificate to the key storage as below.
  Keystore: service_ssl
  X.509 Certificate & Private Key: ssl-credentials
  This means that you need to import the CA hierarchy of your FTPs server certificate into the list of trusted CA's in XI ( either on J2EE side in the keystore service or in ABAP side via transaction STRUST , depending on where your client is ).
  If connection security parameter in communication channel for Sender FTP Adapter is set to "FTPs( FTP Using SSL/TLS) with Control Connection" only, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to "FTPs( FTP Using SSL/TLS) with Control and Data Connection".The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
  SAP Note 821267
  Refer below link
  SAP Network Blog: SFTP vs. FTPS in SAP PI
  /people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/400580c1-8d16-2a10-3eb3-ec1026dae0d5

• Dreamweaver CS 5.5 not working with Godaddy FTP with TLS/SSL

  I've upgraded to CS 5.5 and tried to connect to a client's Godaddy account with FTP with TLS/SSL it fails.  Works perfectly with my mac app Transmit every time as it always has.   It doesn't work with implicit or explicit settings with authentication set to none or otherwise.
  Can someone please let me know if Dreamweaver will ever be compatible with FTP with TLS/SSL and Godaddy?  Or is there some setting I can try that will make it work now somehow?
  Been waiting years for this....

  SnakEyez02 wrote:
  First, that's a Godaddy problem if their security isn't up to par.
  That may be the case that Godaddy is also at fault, but every other FTP app I use with Godaddy works fine.  It's just Dreamweaver and has always been just Dreamweaver not working with a secure connection to Godaddy.  Considering Godaddy is the largest webhost in the USA, you'd think Adobe would have fixed this years ago.  I should also mention I'm not endorsing Godaddy and I understand there's plenty of people that don't like Godaddy for very good reasons.
  Sent you PM with FTP account with Godaddy yesterday.  Thank you for taking a look!
  UPDATE: Whoops, I see you responded via private message already.  I'll paste most of it here in hopes it helps others to understand the issue:
  via SnakEyez02 PM:
  Ok this took a lot of digging.  I won't say it's not a DW issue 100% and I will report a bug for your problem, but DW is not the problem alone Godaddy needs to share the blame here for a bad certificate.  Here is what is happening:
  I'll start with DW:
  - The settings are correct that were in the post.  Port 21, FTP explicit, and the authentication should be set to None (encyprtion only).  This is where the transmission is encrypted using SSL, but the certificate is shared and not specific to the domain owner.  That is the difference between DW's "none" and "trusted".  It's a poor choice of words I'll give them that.  However, Godaddy seems to want all connections to be trusted thus the other error you get when you turn on the None option.  Now could DW do what Transmit does, warn you and write in an unsigned certificate into the Keychain app, probably, is it best practice for security reasons to "Trust" an unsigned certificate probably not.
  Now Transmit:
  - As explained above Transmit opens up a prompt to override and create a fake-trusted signed certificate.  Thus by forcing the OS to think a legitimate certificate is there it gets you through albeit through unconventional methods.
  The problem:
  - A good portion of this problem lies with Godaddy.  Now I use a shared hosting account and set one up on an independant host for a friend of mine and both of them accept the shared certificates (SSL explicit).  The difference is the hostname of the certificate.  I ran a traceroute (from Network Utility in Utilities folder) on your website and came up with the following address: 173.201.23x.x.
  The problem is that the certificate on your server is actually not for that server which is the reason DW seems to have such an issue with it.  The SSL certificate that Godaddy put on your shared server is for host - 173.201.19x.5x.  As you can see, it's a certificate for another server.  Honestly the fact that Panic's Transmit allows this override scares me a little bit and the fact that Godaddy never noticed this issue either scares me to.  So while DW could write in a bad certificate I can see why this is happening.
  I know there is not much solice in my answer because it still doesn't alleviate the problem that you have with DW connecting.  Unfortunately I do not have a workaround despite my numerous attempts to try and gain access over a secure connection.  One alternative you could ask Godaddy for in the meantime is an SSH connection which would allow you to use SFTP instead of FTPS.  But that's a short-term solution to a long-term problem.
  If you think of anything else feel free to bounce any ideas off me I don't mind.  Good luck in getting this solved and I will post a bug report to make Adobe aware of the issue.
  Thank you for looking into this issue in depth like you have!
  I think the issue might be that Godaddy is applying cost saving measures to keep their prices down in the way they implement their certificates (but it also wouldn't surprise me to know it's simply ineptitude on Godaddy's part either).  I'm not sure I fault Panic with Transmit much at all because it clearly warns you about the certificate and it's your choice to continue.  And, as it stands now, it's much safer to continue to connect that way with Transmit than to stop and connect with no encryption at all at a public hotspot.
  As it stands now, you really shouldn't connect to Godaddy with Dreamweaver at a public hotspot unless you set up an SSH tunnel with your connection first.  But enabling SSH is an added expense in many ways including paying for the service, using more computer resources for tunneling and time setting it up and implementation... all because Dreamweaver won't just allow developers the option like Transmit does.
  Once again, thank you for looking at this and I hope someone at Adobe finally address this issue for the security of its customers who use Godaddy (which is often not their choice and was, instead, the choice of their clients to use Godaddy as a webhost).
  Just a side note, I contacted Godaddy support about this several years ago and they were unresponsive and even hostile about it  - So that's definitely another vote against Godaddy from me as well.
  Message was edited by: greenbluewave

• Sun 7210 Storage System - SFTP and Active Directory

  Good Afternoon
  I have recently acquired a Sun 7210 Storage System which I have joined to my Microsoft Windows Active Directory domain. I have also specified the required LDAP Directory Service details under the Configuration tab. I am fairly sure these are correct as I can add a Directory user to the Users part of the device.
  What I am having problems with is having my Windows A/D users connect to their shares via either HTTPS or SFTP. They are able to use the shares fine with CIFS and/or NFS.
  The only user that can connect with SFTP and HTTPS it the local "root" user on the appliance.
  Do people know if Directory users are able to use SFTP and HTTPS to access shares?
  My current O/S on the 7210 is 2009.04.10.1.1,1-1.9.
  Thanks in advance for any advice/help.
  regards
  Stephen Meatheringham
  College of Asia & the Pacific
  Australian National University
  E: [email protected]

  Stephen,
  I ran into this same issue yesterday with SFTP. Unfortunately the answer is that the storage system does not authenticate to AD for local logins (for which FTP, SFTP, HTTP qualify). I placed a support call yesterday to Sun on this matter and was given this information as well as the fact that there are no current plans to do so.
  You have taken the functionality one step further by "tricking" the system into using AD as LDAP. I'm not sure it's truly compatible, but that was my next step as well. I was also going to experiment with creative id maps to see if I could make it work. Unfortunately, I've found that if you take the system too far from it's designed use, strange things can happen. I'm not sure that is a chance I want to take with home directories or other "secure" information.
  Let me know how you fare and I'll do likewise.
  Eric

• SSl and FTP

  Hi All,
  I am using apache's commons net for my FTP client program. I have no problems with that. Now how can i also add the SSL into this program. I am completely new with JSSE.
  Please provide me with pointers.
  Thank you
  Pradeep

  http://forum.java.sun.com/thread.jspa?threadID=666870
  see the fourth reply by harmmeijer. He has given a complete SSL enabled Http server and client. Also many links are given at the end of the page.