Create a Basic SFTP Configuration

This scenario contains all the information and tools to configure Sterling Secure Proxy to establish a basic connection from a trading partner to the SFTP server as shown in the following diagram. You are configuring the minimum requirements to allow you to test the connections and ensure that communications sessions can be established between the inbound node and Sterling Secure Proxy, and to the outbound SFTP node. The basic configuration requires that Sterling Secure Proxy present its key to the inbound node for authentication and that the SFTP server present its key to Sterling Secure Proxy for authentication. It does not configure user authentication. After you create and test the basic SFTP configuration and all connections are working, you then add user authentication.

You accept default values when configuring this scenario. As a result, user credentials presented by the inbound node are used to connect to the outbound SFTP server.

Create a Basic SFTP Configuration

After you configure the basic SFTP configuration, validate it by initiating an SFTP connection from the trading partner. For more information on testing the configuration, see Test the Inbound and Outbound Connections.

Complete the following tasks to define a basic SFTP configuration:
  • Create a policy
  • Define inbound and outbound connections in a netmap
  • Define an SFTP adapter

Basic SFTP Configuration Worksheet

Before you configure Sterling Secure Proxy for SFTP connections, gather the information on the Basic SFTP Configuration Worksheet. You use this information as you configure a basic SFTP connection for Sterling Secure Proxy. After you configure Sterling Secure Proxy for SFTP connections, validate the configuration by initiating an SFTP connection from the inbound node.

Create a basic policy. The default authentication method is password authentication. However, the password is not authenticated in the basic configuration because you do not select an authentication mechanism. Instead, it is passed through to the outbound node for authentication. In a later SFTP configuration scenario, you add the configuration information needed to authenticate an inbound node.

Configuration Manager Field

Feature

Value

Policy Name

Name of policy.

Create a netmap that contains connection information for the nodes connecting to and from Sterling Secure Proxy: the trading partner (inbound node) and the Sterling B2B Integrator SFTP server (outbound node). For the outbound node, you must identify the host name and IP address to connect to the node as well as the known host key to use for server authentication and the ciphers or message authentication codes (MACs) to use to encrypt the data. You also associate the basic policy you create with the inbound node.

Note: You must have SSH keys to authenticate Sterling Secure Proxy to the inbound node (local host keys) and to authenticate the outbound SFTP server to Sterling Secure Proxy (known host keys). Create a key store for the keys and check the keys into the key store. Refer to Manage Local Host Key Stores and Keys for instructions on creating a local host key store and add a key to the key store. Refer to Manage Known Host Key Stores and Keys for instructions on creating the known host key store and importing the key. If Sterling Secure Proxy is required by the SFTP server to present its user key for authentication, you must have SSH keys for the local user for this authentication exchange. Refer to Manage Local User Key Stores and Keys for instructions on creating the local host key store and importing the key.

Configuration Manager Field

Feature

Value

Netmap Name

Netmap name.

Inbound Trading Partner Information

Inbound Node Name

Trading partner name (name to assign to inbound node definition).

No spaces allowed.

Peer Address Pattern

Host name/IP address pattern.

*

Specifying * for this value allows all inbound nodes configured on the SFTP server as trading partners to connect to the SFTP server. To define a more specific node definition, see Define SFTP Connection Requirements Between Sterling Secure Proxy and Inbound Nodes.

Policy

Name of policy you create. (Select it from the pull-down list.)

Outbound SFTP Server Connection

Outbound Node Name

Outbound SFTP server node name.

Primary Destination Address

Host name/IP address of SFTP server.

Primary Destination Port

Port number to connect to SFTP server.

Known Host Key Store

Name of the key store where the known host key is stored.

Known Host Key

Location and name of the public key presented to Sterling Secure Proxy by the outbound SFTP server during authentication.

Create an SFTP adapter that defines information necessary to establish SFTP connections to and from Sterling Secure Proxy. When you configure the adapter, select the basic netmap and outbound SFTP server in the netmap definition and the local host key that Sterling Secure Proxy presents to its clients.

Configuration Manager Field

Feature

Value

Adapter Name

Adapter name.

Listen Port

Listen port to use for inbound connections.

Netmap

Netmap to associate with the adapter.

Standard Routing Node

Name of the outbound node corresponding to the Sterling B2B Integrator server where inbound connections are routed.

Engine

Engine to run on.

Startup Mode

How the adapter is started.

auto starts the adapter as soon as it is pushed to the engine.

manual requires that the adapter be manually started.

Local Host Key Store

Name of the key store where the local host key is stored.

Local Host Key

Location and name of the private part of the key presented by Sterling Secure Proxy to the inbound connection during authentication.

Available Cipher Suites

Selected Cipher Suites

Cipher suites to enable.

(Be sure to match the configuration of the SFTP client.)

Available MAC Suites

Selected MAC Suites

MAC suites to enable.

(Be sure to match the configuration of the SFTP client.)

Available Key Exchange

Selected Key Exchange

Key exchange to enable.

(Be sure to match the configuration of the SFTP client.)