Setting Up SSHFTP for a Trading Host
To set up SSHFTP inbound for a trading host, perform the steps in the following sections:
- Enabling SSHFTP Inbound
- Selecting and Configuring SSHFTP Inbound
- Procedure
- On the System Settings tile, click Inbound Protocols under Transport protocols.
- On the Inbound page, select the SSHFTP check box, and click Save.
Selecting and Configuring SSHFTP Inbound
- Procedure
- On the Partner Management tile, click BusinessAgreements.
- On the Business Agreement page, click the business agreement for which you wish to configure this transport.
- On the Protocol tab, select the protocol you wish to bind and configure and click Edit Configuration.
- On the protocol configuration page, click the Transports tab.
- In Inbound transport for Partner section, select SSHFTP and click Edit Settings to configure the fields explained in the following table:
Note: Only the transport protocols that are selected in System Settings >T ransport Protocols > Inbound Protocols are displayed in the Inbound transport for Partner section.
SSHFTP Settings Field Description URL The URL for the directory on the SSHFTP server, which is sshftp://host_name:port/path_name/, where host_name is the name of the machine (server) where the SSHFTP server is running. Port is the port on the machine to which the SSHFTP server is listening to. path_name is the relative path that starts from the base directory of the SSHFTP server. Authentication Mode You can choose the following modes from this list: • Password User account’s password must be configured.
• Keyboard Interactive It is a generic authentication method that can be used to implement different types of authentication mechanisms.
• Public Key BusinessConnect Container Edition Server SSH private key must be configured.
• Public Key and Password BusinessConnect Container Edition Server SSH private key and user account’s password must be configured.
Note: ClientAuthenticationIdentity (for SSHFTP) under Business Agreement must have the TIBCO BusinessConnect Container Edition Server SSH private key if either Public Key or Public Key and Password is selected.Username The user name for the trading partner’s SSHFTP server. The user name must always be configured. Password The password for the user account with the name specified in the Username field on the trading partner's SSH server. Server Certificate The SSH server's public key must be specified. Preferred Cipher Choose among the following ciphers:
- AES128_CBC
- AES192_CBC
- AES256_CBC
- AES128_CTR
- AES192_CTR
- AES256_CTR
- ARCFOUR
- ARCFOUR128
- ARCFOUR256
- BLOWFISH_CBC
- BLOWFISH_CTR
- CAST128_CBC
- 3DES_CBC
- 3DES_CTR
- RIJNDAEL_CBC@LYSATOR.LIU.SE
- ANY (accept the server’s preference if available)
Preferred MAC Choose among these options: - HMAC_SHA1
- HMAC_MD5
- HMAC_RIPEMD160
- ANY (accept the server’s preference if available)
Preferred Compression Choose among these compression algorithms:
- ANY (accept the server’s preference if available)
- None (do not use compression even if the server offers this choice)
- ZLIB
- ZLIB@OPENSSH.COM
File Processing The mechanism for deciding which files to retrieve. There are two choices: - File Mask Choose to control file renaming. Enter a mask in the File Mask field.
- Script Choose to process files. Specify a script in the Scripts field
File Mask Controls which files to retrieve. If you enter an asterisk (*), BusinessConnect Container Edition searches for all files in the specified FTP directory. To prevent the retrieval of files that have already been retrieved, there are two options:
- Select the Delete File check box, which causes each file to be deleted after it is retrieved, if this is allowed by the FTP server.
- Specify a file mask that prevents the retrieval of the same files again
For more information, see Supported File Mask Options.
Include Full File Path The complete file path is enabled to distinguish this file from other files. If the complete file path is required, select this checkbox to send the getting request by SSHFTP poller file full path to the original file field of the BusinessConnect Container Edition ReceiveRequest palette. Scripts Click Upload file to upload a SSHFTP script. For information on how to write scripts, see Scripts. Scripts Engine The scripts engine that you want to use to execute custom scripts. You can select Nashorn or FESI from the list.
Note: You are required to download and save FESI jar in machine's folder, and provide the reference of this folder in "configurations.properties" of <bcce-1.1.0/config/".Start Time The start time of the scheduled window where polling from the external FTP server occurs. You can modify the start time by using increment or decrement arrow buttons . End Time The end time of the scheduled window where polling from the external FTP server occurs.You can modify the end time by using increment or decrement arrow buttons . Frequency (seconds) This field defines how often polling occurs. By default, the frequency is 5 minutes (300 seconds). Delete File Enable files to be deleted after retrieval. This option is intended for test purposes so that duplicate files are not retrieved from an SSHFTP server. Require PGP Processing Select this checkbox if PGP unpackaging is required for an incoming message, which includes signature verification, decryption and/or decompression. This also assumes that the incoming messages are PGP packaged, otherwise the messages are rejected.
This checkbox does not take effect if an SSHFTP script is used. When the SSHFTP script is used, the PGP options and policies are set up in SSHFTP script through PGP API.
If PGP unpackaging is required, the PGP keys used for the unpackaging are configured in the Inbound Document Exchange portion of the Document Exchange tab in a Business Agreement.
If unselected, the message is sent to back office as pass through, even if the message is PGP packaged.
PGP Policy Select one item from this list. PGP policy only takes effect if the Require PGP Processing checkbox is selected.
The following options are available in the list:
• None No specific policies are mandated for the incoming message; the message can be signed and/or encrypted, with or without compression. However the message has to be PGP packaged in a certain way. Otherwise, it is rejected.
• Must Sign The incoming message must be and only be signed, with or without compression;
• Must Encrypt The incoming message must and only be encrypted with or without compression;
• Must Sign and Encrypt The message must be both signed and encrypted, with or without compression.
• Pass-Through In this mode, the software does not package the data in any way.
The software takes the original notify message that the private process sent and forwards it over the Internet to the trading partner.
TCPNoDelay Select this checkbox to enable the TCP No Delay feature. This property is used to manage the TCP_NODELAY option that controls the Transmission Control Protocol (TCP) packet batching on the TCP level. By default, this property is enabled.
• If the property is enabled, the client sends TCP packets by using the SSHFTP transport regardless of the packet size, which increases the volume of network traffic.
• If the property is disabled, the client does not send a TCP packet by using the SSHFTP transport until it has collected a significant amount of outgoing data.
You can weigh the network efficiency versus your application requirements to decide whether to enable this property. Disable this property if the SSHFTP client or server of your trading partner does not handle the message well with the property enabled.