Setting Up SSHFTP for a Trading Host

To set up SSHFTP inbound for a trading host, perform the steps in the following sections:

  • Enabling SSHFTP Inbound
  • Selecting and Configuring SSHFTP Inbound
Enabling SSHFTP Inbound

Procedure

  1. On the System Settings tile, click Inbound Protocols under Transport protocols.
  2. On the Inbound page, select the SSHFTP check box and then click Save.

Selecting and Configuring SSHFTP Inbound

Procedure

  1. On Partner Management tile, click BusinessAgreements.
  2. On Business Agreement page, click the business agreement for which you wish to configure this transport.
  3. On Protocol tab, select the protocol you wish to bind and configure and click Edit Configuration.
  4. On the protocol configuration page, click Transports tab.
  5. In Inbound transport for Partner section , select SSHFTP and click Edit Settings to configure the fields explained in the following table:
    Note: Only the transport protocols that are selected in System Settings>Transport Protocols>Inbound Protocols are displayed in the Inbound transport for Partner section.
    SSHFTP Settings
    Field Description
    URL The URL for the directory on the SSHFTP server, which is sshftp://host_name:port/path_name/, where host_name is the name of the machine (server) where the SSHFTP server is running. Port is the port on the machine to which the SSHFTP server is listening to. path_name is the relative path that starts from the base directory of the SSHFTP server
    Authentication Mode You can choose the following modes from this list:

    • Password User account’s password must be configured.

    • Keyboard Interactive It is a generic authentication method that can be used to implement different types of authentication mechanisms.

    • Public Key BusinessConnect Server SSH private key must be configured.

    • Public Key and Password BusinessConnect Server SSH private key and user account’s password must be configured.
    Note: ClientAuthenticationIdentity (for SSHFTP) under Business Agreement must have the TIBCO BusinessConnect Container Edition Server SSH private key if either Public Key or Public Key and Password is selected.
    Username The user name for the trading partner’s SSHFTP server. The user name must always be configured.
    Password The password for the user account with the name specified in the Username field on the trading partner's SSH server.
    Server Certificate The SSH server's public key must be specified.
    Preferred Cipher
    Choose among the following ciphers:
    • AES128_CBC
    • AES192_CBC
    • AES256_CBC
    • AES128_CTR
    • AES192_CTR
    • AES256_CTR
    • ARCFOUR
    • ARCFOUR128
    • ARCFOUR256
    • BLOWFISH_CBC
    • BLOWFISH_CTR
    • CAST128_CBC
    • 3DES_CBC
    • 3DES_CTR
    • RIJNDAEL_CBC@LYSATOR.LIU.SE
    • ANY (accept the server’s preference if available)
    Preferred MAC Choose among these options:
    • HMAC_SHA1
    • HMAC_MD5
    • HMAC_RIPEMD160
    • ANY (accept the server’s preference if available)
    Preferred Compression
    Choose among these compression algorithms:
    • ANY (accept the server’s preference if available)
    • None (do not use compression even if the server offers this choice)
    • ZLIB
    • ZLIB@OPENSSH.COM
    File Processing The mechanism for deciding which files to retrieve. There are two choices:
    • File Mask Choose to control file renaming. Enter a mask in the File Mask field.
    • Script Choose to process files. Specify a script in the Scripts field
    File Mask Controls which files to retrieve. If you enter an asterisk (*), BusinessConnect searches for all files in the specified FTP directory.
    To prevent the retrieval of files that have already been retrieved, there are two options:
    • Select the Delete File check box, which causes each file to be deleted after it is retrieved, if this is allowed by the FTP server.
    • Specify a file mask that prevents the retrieval of the same files again

    For more information, see Supported File Mask Options.

    Include Full File Path The complete file path is enabled to distinguish this file from other files. If the complete file path is required, select this check box to send the getting request by SSHFTP poller file full path to the original file field of the Business Connect ReceiveRequest palette.
    Scripts Click Upload file to upload a SSHFTP script. For information on how to write scripts, see Scripts.
    Scripts Engine The scripts engine that you want to use to execute custom scripts.

    You can select Nashorn from the list.

    Start Time The start time of the scheduled window where polling from the external FTP server occurs. You can modify the start time by using increment or decrement arrow buttons .
    End Time The end time of the scheduled window where polling from the external FTP server occurs.You can modify the end time by using increment or decrement arrow buttons .
    Frequency (seconds) This field defines how often polling occurs. By default, the frequency is 5 minutes (300 seconds).
    Delete File Enable files to be deleted after retrieval. This option is intended for test purposes so that duplicate files are not retrieved from an SSHFTP server.
    Require PGP Processing Select this check box if PGP unpackaging is required for an incoming message, which includes signature verification, decryption and/or decompression.

    This also assumes that the incoming messages are PGP packaged, otherwise the messages are rejected.

    This check box does not take effect if an SSHFTP script is used. When the SSHFTP script is used, the PGP options and policies are set up in SSHFTP script through PGP API.

    If PGP unpackaging is required, the PGP keys used for the unpackaging are configured in the Inbound Document Exchange portion of the Document Exchange tab in a Business Agreement.

    If unselected, the message is sent to back office as pass through, even if the message is PGP packaged.

    PGP Policy Select one item from this list.

    PGP policy only takes effect if the Require PGP Processing check box is selected.

    The following options are available in the list:

    None No specific policies are mandated for the incoming message; the message can be signed and/or encrypted, with or without compression. However the message has to be PGP packaged in certain way, otherwise it will be rejected.

    Must Sign The incoming message must be and only be signed, with or without compression;

    Must Encrypt The incoming message must and only be encrypted with or without compression;

    Must Sign and Encrypt The message must be both signed and encrypted, with or without compression.

    Pass-Through In this mode, the software does not package the data in any way.

    The software takes the original notify message that the private process sent and forwards it over the Internet to the trading partner.

    TCPNoDelay Select this check box to enable the TCP No Delay feature.

    This property is used to manage the TCP_NODELAY option that controls the Transmission Control Protocol (TCP) packet batching on the TCP level. By default, this property is enabled.

    • If the property is enabled, the client sends TCP packets by using the SSHFTP transport regardless of the packet size, which increases the volume of network traffic.

    • If the property is disabled, the client does not send a TCP packet by using the SSHFTP transport until it has collected a significant amount of outgoing data.

    You can weigh the network efficiency versus your application requirements to decide whether to enable this property. Disable this property if the SSHFTP client or server of your trading partner do not handle the message well with the property enabled