Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 11 SSHFTP Transport : Setting Up SSHFTP for a Trading Host

Setting Up SSHFTP for a Trading Host
To set up SSHFTP inbound for a trading host, follow the instructions in the sections:
Enabling SSHFTP Inbound
1.
In TIBCO Administrator, expand BusinessConnect > System Settings > Inbound Public Transport Types.
2.
Check the SSHFTP check box.
3.
Click Enable.
The enabled protocol will now appear with a red checkmark in the Enabled column.
Selecting and Configuring SSHFTP Inbound
1.
In TIBCO Administrator, expand BusinessConnect > Business Agreements.
2.
3.
4.
5.
Select the SSHFTP check box in the Allowed Inbound Transports area.
6.
Click Edit Settings next to the selected transport.
7.
The URL for the directory on the SSHFTP server, which is
sshftp://host_name:port/path_name/, where
host_name is the name of the machine (server) where the SSHFTP server is running
port is the port on the machine to which the SSHFTP server is listening to
path_name is the relative path that starts from the base directory of the SSHFTP server
Password   User account’s password must be configured.
Keyboard Interactive   It is a generic authentication method that can be used to implement different types of authentication mechanisms.
Public Key   BusinessConnect Server SSH private key must be configured.
Public Key and Password   BusinessConnect Server SSH private key and user account’s password must be configured.
Note: ClientAuthenticationIdentity (for SSHFTP) under Business Agreement must have the TIBCO BusinessConnect Server SSH private key if either Public Key or Public Key and Password is selected.
File Mask   Choose to control file renaming. Enter a mask in the File Mask field.
Script   Choose to process files. Specify a script in the Scripts field.
Select the Delete File check box, which causes each file to be deleted after it is retrieved, if this is allowed by the FTP server.
See Supported File Mask Options for more information.
See TIBCO BusinessConnect EDI Protocol User’s Guide for information on pre-defined and user-defined options for input file masks for EDI.
Specify an SSHFTP script. See Appendix B, Scripts for information on how to write scripts, and File Specification Dialog for information on how to upload a script.
Note: The FESI EcmaScript engine originally supported by TIBCO BusinessConnect is out of support by the vendor. It is good practice to use the Nashorn script engine as a substitute because the Nashorn script engine is roughly compatible with the FESI EcmaScript engine.
PGP policy only takes effect if the Require PGP Processing check box is selected. The following options are available in the list:
None   No specific policies are mandated for the incoming message; the message can be signed and/or encrypted, with or without compression. However the message has to be PGP packaged in certain way, otherwise it will be rejected.
Must Sign   The incoming message must be and only be signed, with or without compression;
Must Encrypt   The incoming message must and only be encrypted with or without compression;
Must Sign and Encrypt   The message must be both signed and encrypted, with or without compression.
Pass-Through   In this mode, the software does not package the data in any way. The software takes the original notify message that the private process sent and forwards it over the Internet to the trading partner.
8.
Click Save three times.
SSH Server Public Key Retriever
When presenting the SSH server's retrieved public key, TIBCO BusinessConnect always indicates one of these four basic situations:
TIBCO BusinessConnect currently has no public key configured on this transport instance and, along with warning of the risks of importing unverified public keys, it presents the properties of the public key (such as algorithm, exponent, modulus, and so on) for the administrator's acceptance.
Figure 46 No Key Configured
TIBCO BusinessConnect currently has a public key configured on this transport instance, but that key is different from what the server uses.
Similarly to the first situation, along with warning of the risks of importing unverified public keys, it presents the properties of the public key (such as algorithm, exponent, modulus, and so on) for the administrator's acceptance.
Figure 47 Configured Key is Different
TIBCO BusinessConnect currently has a public key configured on this transport instance, and it has been found identical to the one used by the SSH server.
The GUI still presents the properties of the key, but the key cannot be added to the keystore (as it is unnecessary).
Figure 48 Configured and Retrieved Keys Match
These are the transport/application errors that might occur during key negotiation:
Figure 49 Server Is Not Available
Figure 50 Server Did Not Respond to the SSH Query as Expected
Figure 51 The Configured Server Hostname Is Not Valid
Accepting and importing the credential
After the administrator accepted the presented credential by clicking on OK, TIBCO BusinessConnect imports the key to the keystore and binds it to the participant owning the given transport instance (outbound case) or using the given business agreement (inbound case).
The credential will be normally named with a pattern <partner-name>-<hostname>-<port>-<algorithm>-<index>, such as partner-sshserver.com-10022-rsa-2 or partner-sshserver-dsa.
(The variable <port> is used only when the server port is not the default value 22)
The indexes are only used if the generated name already exists. The credentials imported through this feature are exportable in all the supported formats.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved