SFTP Component Configuration Overview

All the SFTP components support both password-based and key pair-based authentication without password.

In conventional password authentication, you prove who you are by entering the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed, an attacker can learn your password.

Key Pair authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key, but anybody who has your public key can verify that a particular signature is genuine.

First, generate a key pair on your own computer and copy the public key to the server under a certain name. When the server asks you to prove who you are, WinSCP can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password. They only gain one signature. And signatures cannot be re-used, so they have gained nothing.

Note: While using key pair authentication, the private key file path has to be populated in the SFTP component that is invoked. If password based authentication is used, the password field has to be populated while the private key file is left blank. This applies for all SFTP components listed below.

This section lists the supported Secure FTP components that are available in iWay Service Manager.

• SFTP Listener. A listener that uses the SFTP protocol component and is continuously polling the specified folder on the SFTP server (machine that supports OpenSSH FTP).
• SFTP Emitter. The SFTP Emitter will emit messages onto a SFTP server. It requires the credentials on the server and the directory to emit as input.
• Services. The following are the types of SFTP services:
  • SFTP Read (com.ibi.agents.XDSFTPReadAgent). The SFTP Read service is used to read files from a SFTP server (drive on UNIX or Windows). It can also be used in tandem with a file listener to embed file contents (the file picked up by the listener) into the XML file read from the SFTP drive by specifying the tag.
  • SFTP Emit (com.ibi.agents.XDSFTPEmitAgent. The SFTP Emit service is used to write files to an output directory through SFTP (drive on UNIX or Windows). The output file name can be specified completely or using wildcard characters.
  • SFTP File Ops (com.ibi.agents.XDSFTPOpsAgent). The SFTP File Ops (Operations) service emits data using the SSH protocol to a given host:port using various common SFTP commands. It can be used to perform operations, such as Copy, Prepend, Append, Size, and Move.
  • SFTP Directory Contents (com.ibi.agents.XDSFTPDirListAgent). The SFTP Directory Contents service is used to generate an XML document listing the contents of a SFTP directory specified by the user in the Directory parameter.
  • SFTP Direct Transfer (com.ibi.agents.XDSFTPDirectFileTransfer). The SFTP Direct File Transfer service transfers a file directly from the iSM to an SFTP server (drive on UNIX, or Windows), or directly from the SFTP server to the iSM server, without out moving the file through the iSM process flow.
  • SFTP Connection Cache (com.ibi.agents.XDSFTPConnectionCacheAgent). The SFTP Connection Cache service caches a single SFTP connection (both the control and data channels) to an SFTP server. When the connection cache is started, an existing connection from the cache is utilized for any SFTP agent within the iSM process flow that connects to an SFTP server, with the same address and authentication credentials (user ID and password).