Setting Up SSH Servers
TIBCO MFT Internet Serverprovides an internal SSH server that can be configured and used to perform SSH transfers. Configuring this server allows TIBCO MFT Internet Server to become a host as opposed to adding an SSH server to the server definitions where TIBCO MFT Internet Server acts as the client.
Procedure
-
Create an SSH system key.
All SSH servers have a key/certificate pair. TIBCO MFT Internet Server can create the key pair for you or you may import existing keys. For example, you will generate a new key pair for your MFT SSH server to use as the default keys.
-
Click
Administration > Protocol Keys > System Keys > Create Key. Configure the following parameters:
Parameter Description System Key Type Select SSH System Key. Description Provide the key a descriptive name. Password Configure the key password and confirm it. Expiration Date Accept the default value or edit them if you want. Key Size Accept the default value or edit them if you want. Signing Algorithm Accept the default value or edit them if you want. Set as Default Select this check box. Common Name Configure the common name in the Distinguished Name section. Configure the rest of the Distinguished Name section if required.
- Click Create Key.
-
Click
Administration > Protocol Keys > System Keys > Create Key. Configure the following parameters:
-
Configure the SSH server.
-
Click
Administration > Transfer Servers > SSH Server > Configure SSH Server. In the SSH Server Settings section for your MFT SSH server, configure the following parameters:
Parameter Description Enabled Select Yes. IP Port Configure the IP port. The default port is 22. Bind Adapter IP4 Address Configure the bind adapter IPv4 address that will be used when listening for incoming connections on a port if required. Bind Adapter IP6 Address Configure the bind adapter IPv6 address that will be used when listening for incoming connections on a port if required. SSH System Key The SSH system key that you created in Step 1 is used be default. You may enter more keys to the MFT system and you would choose the key pair that you want to use by selecting the appropriate one from the list. For this example, the default key will be used. Key or Certificate Define whether the SSH Server should support SSH Keys, X.509 certificates or both SSH Keys and X.509 certificates. Welcome Message Provide a welcome message that users can see when they connect to the server if required. - Click Update.
-
Click
Administration > Transfer Servers > SSH Server > Configure SSH Server. In the SSH Server Settings section for your MFT SSH server, configure the following parameters:
- To start the MFT SSH server, click Administration > Transfer Servers > SSH Server > SSH Server Status. Click Start Server on the SSH Server Status page.
-
To configure the MFT SSH server authentication, click
Administration > System Configuration to configure the Global SSH Settings section on the
System Configuration page.
By default, MFT SSH Server is configured to perform Password Only authentication. Some environments may want to change this to Key/Certificate Only authentication or use both.
Parameter Description SSH Client Authentication Method Set the authentication method to be used for the MFT SSH server. The valid values are: Password Only, Key/Certificate Only, Key/Certificate or Password, and Key/Certificate and Password. See Adding an SSH Public Key to TIBCO MFT Internet Server for more information on adding SSH public keys to the MFT database.
Allow Users to Add SSH Keys If you want to allow users to add their own SSH public keys to the MFT database, click Yes. Initial Status of SSH Keys Added by Users This parameter defines whether you want these keys to be enabled or disabled when users add their own SSH public keys. Email Recipients when User Adds SSH Key Enter the email addresses to which an email will be sent when a user has added a new SSH public key to the MFT database. Separate multiple email addresses with a comma. Email Template when User Adds SSH Key The email template that will be used when sending out notification to the email recipient in the previous parameters. The default email template is located at WEB_Server\cfcc\email-templates\email-ssh-key-notification-template.xml.
Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.