Create a Basic SFTP Configuration
This scenario contains all the information and tools to configure Sterling Secure Proxy to establish a basic connection from a trading partner to the SFTP server as shown in the following diagram. You are configuring the minimum requirements to allow you to test the connections and ensure that communications sessions can be established between the inbound node and Sterling Secure Proxy, and to the outbound SFTP node. The basic configuration requires that Sterling Secure Proxy present its key to the inbound node for authentication and that the SFTP server present its key to Sterling Secure Proxy for authentication. It does not configure user authentication. After you create and test the basic SFTP configuration and all connections are working, you then add user authentication.
You accept default values when configuring this scenario. As a result, user credentials presented by the inbound node are used to connect to the outbound SFTP server.
After you configure the basic SFTP configuration, validate it by initiating an SFTP connection from the trading partner. For more information on testing the configuration, see Test the Inbound and Outbound Connections.
- Create a policy
- Define inbound and outbound connections in a netmap
- Define an SFTP adapter
Basic SFTP Configuration Worksheet
Before you configure Sterling Secure Proxy for SFTP connections, gather the information on the Basic SFTP Configuration Worksheet. You use this information as you configure a basic SFTP connection for Sterling Secure Proxy. After you configure Sterling Secure Proxy for SFTP connections, validate the configuration by initiating an SFTP connection from the inbound node.
Create a basic policy. The default authentication method is password authentication. However, the password is not authenticated in the basic configuration because you do not select an authentication mechanism. Instead, it is passed through to the outbound node for authentication. In a later SFTP configuration scenario, you add the configuration information needed to authenticate an inbound node.
Configuration Manager Field |
Feature |
Value |
---|---|---|
Policy Name |
Name of policy. |
Create a netmap that contains connection information for the nodes connecting to and from Sterling Secure Proxy: the trading partner (inbound node) and the Sterling B2B Integrator SFTP server (outbound node). For the outbound node, you must identify the host name and IP address to connect to the node as well as the known host key to use for server authentication and the ciphers or message authentication codes (MACs) to use to encrypt the data. You also associate the basic policy you create with the inbound node.
Configuration Manager Field |
Feature |
Value |
---|---|---|
Netmap Name |
Netmap name. |
|
Inbound Trading Partner Information |
||
Inbound Node Name |
Trading partner name (name to assign to inbound node definition). |
No spaces allowed. |
Peer Address Pattern |
Host name/IP address pattern. |
* Specifying * for this value allows all inbound nodes configured on the SFTP server as trading partners to connect to the SFTP server. To define a more specific node definition, see Define SFTP Connection Requirements Between Sterling Secure Proxy and Inbound Nodes. |
Policy |
Name of policy you create. (Select it from the pull-down list.) |
|
Outbound SFTP Server Connection |
||
Outbound Node Name |
Outbound SFTP server node name. |
|
Primary Destination Address |
Host name/IP address of SFTP server. |
|
Primary Destination Port |
Port number to connect to SFTP server. |
|
Known Host Key Store |
Name of the key store where the known host key is stored. |
|
Known Host Key |
Location and name of the public key presented to Sterling Secure Proxy by the outbound SFTP server during authentication. |
Create an SFTP adapter that defines information necessary to establish SFTP connections to and from Sterling Secure Proxy. When you configure the adapter, select the basic netmap and outbound SFTP server in the netmap definition and the local host key that Sterling Secure Proxy presents to its clients.
Configuration Manager Field |
Feature |
Value |
---|---|---|
Adapter Name |
Adapter name. |
|
Listen Port |
Listen port to use for inbound connections. |
|
Netmap |
Netmap to associate with the adapter. |
|
Standard Routing Node |
Name of the outbound node corresponding to the Sterling B2B Integrator server where inbound connections are routed. |
|
Engine |
Engine to run on. |
|
Startup Mode |
How the adapter is started. auto starts the adapter as soon as it is pushed to the engine. manual requires that the adapter be manually started. |
|
Local Host Key Store |
Name of the key store where the local host key is stored. |
|
Local Host Key |
Location and name of the private part of the key presented by Sterling Secure Proxy to the inbound connection during authentication. |
|
Available Cipher Suites Selected Cipher Suites |
Cipher suites to enable. (Be sure to match the configuration of the SFTP client.) |
|
Available MAC Suites Selected MAC Suites |
MAC suites to enable. (Be sure to match the configuration of the SFTP client.) |
|
Available Key Exchange Selected Key Exchange |
Key exchange to enable. (Be sure to match the configuration of the SFTP client.) |