You can configure an App Connect Enterprise (ACE) file node (FileInput, FileOutput, FileRead) to make a connection to an SFTP server.
Complete the following steps:
1. Use your key generation tool (on the Linux server) to generate SSH keys (private and public) and export the public key in PEM format.
For example:
ssh-keygen -m PEM
this will prompt for password, leave it blank if you do not want to have any password.
you can optionally supply the path and file name for the keys.
ssh-keygen -f "filepath/filename (no extension)"-m PEM
2. once the SSH keys are generated, you can share and import the public key on the remote server.
once that is done you can verify the connection from Linux server using below command -
sftp -i "SSH-Private-key-file" -oPort=2222 userid@hostname
Note: supplying port is optional if it's different than default SFTP port.
if its successful then you can proceed with next step -
3 Run the mqsisetdbparms command:
mqsisetdbparms sftp::myIdentityName -u myUserName -i myPEMFormatKeyFile
4. Restart the Integration Node
5. Now use the security identity on the messageflow node and deploy/test.
-------------- Important Notes ------------------
If by any chance/mistake you have provided a passphrase to the SSH key while generating it.
then it will ask for the passphrase when you try to connect to the remote machine.
[aceuser@ .ssh]$ sftp -i /home/aceuser/sshkeys/id_rsa_iib User1@remote.test.com
The authenticity of host 'remote.test.com (132.42.2.123)' can't be established.
RSA key fingerprint is SHA256:uDcuqo4a2tmWXWTfRLG/pDOV7XUn7aU8/2WcapRj+CE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'remote.test.com,132.42.2.123' (RSA) to the list of known hosts.
Enter passphrase for key '/home/aceuser/sshkeys/id_rsa_iib':
Password Authentication
Enter password for User1
Password:
Password Authentication
Enter password for User1
Password:
[aceuser@ .ssh]$
[aceuser@ .ssh] $
----------
In case if you do not know the passphrase for the private SSH key and also not sure if there is a passphrase set for the key then you can try below to confirm - for this you should have the private key.
-- below command is used to print/fetch public key from the private key, but if there is a passphrase is set for the private key then it will prompt for the passphrase.
[aceuser@ .ssh]$ ssh-keygen -y -f /home/aceuser/sshkeys/id_rsa_iib
Enter passphrase:
Load key "/home/aceuser/sshkeys/id_rsa_iib": incorrect passphrase supplied to decrypt private key
To remove or update the passphrase of the private key you can run below command -
[aceuser@ ]$ ssh-keygen -f /home/aceuser/sshkeys/id_rsa_iib -p
Enter old passphrase:
Enter old passphrase:
---------------------------------------------------------
In case there is any issue with known_hosts file of the OS or the EG level one, where we have old host entries and we need to remove them then, run below command -
a) for OS level known_hosts files
[aceuser@ .ssh]$ ssh-keygen -f /home/aceuser/.ssh/known_hosts -R remote.test.com
# Host transmissions.jpmorgan.com found: line 8
/home/aceuser/.ssh/known_hosts updated.
Original contents retained as /home/aceuser/.ssh/known_hosts.old
[aceuser@tuat2ace01 .ssh]$
b) for an EG level known_hosts file -
[aceuser@ config]$ ssh-keygen -f /var/mqsi/components/Node-Name/servers/EG-Name/config/known_hosts -R [remote.test.com]:2525
# Host [remote.test.com]:2525 found: line 1
# Host [remote.test.com]:2525 found: line 2
/var/mqsi/components/Node-Name/servers/EG-Name/config/known_hosts updated.
Original contents retained as /var/mqsi/components/Node-Name/servers/EG-Name/config/known_hosts.old
[aceuser@ config]$
for reference on SSH-keygen tool commands - https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
No comments:
Post a Comment