Create a Basic SFTP Configuration

This scenario contains all the information and tools to configure Secure Proxy to establish a basic connection from a trading partner to the SFTP server as shown in the following diagram. You are configuring the minimum requirements to allow you to test the connections and ensure that communications sessions can be established between the inbound node and Secure Proxy, and to the outbound SFTP node. The basic configuration requires that Secure Proxy present its key to the inbound node for authentication and that the SFTP server present its key to Secure Proxy for authentication. It does not configure user authentication. After you create and test the basic SFTP configuration and all connections are working, you then add user authentication.

You accept default values when configuring this scenario. As a result, user credentials presented by the inbound node are used to connect to the outbound SFTP server.

After you configure the basic SFTP configuration, validate it by initiating an SFTP connection from the trading partner. For more information on testing the configuration, see Test the Inbound and Outbound Connections.

Complete the following tasks to define a basic SFTP configuration:

Create a policy
Define inbound and outbound connections in a netmap
Define an SFTP adapter

Basic SFTP Configuration Worksheet

Before you configure Secure Proxy for SFTP connections, gather the information on the Basic SFTP Configuration Worksheet. You use this information as you configure a basic SFTP connection for Secure Proxy. After you configure Secure Proxy for SFTP connections, validate the configuration by initiating an SFTP connection from the inbound node.

Create a basic policy. The default authentication method is password authentication. However, the password is not authenticated in the basic configuration because you do not select an authentication mechanism. Instead, it is passed through to the outbound node for authentication. In a later SFTP configuration scenario, you add the configuration information needed to authenticate an inbound node.

Configuration Manager Field	Feature	Value
Policy Name	Name of policy.

Create a netmap that contains connection information for the nodes connecting to and from Secure Proxy: the trading partner (inbound node) and the Sterling B2B Integrator SFTP server (outbound node). For the outbound node, you must identify the host name and IP address to connect to the node as well as the known host key to use for server authentication and the ciphers or message authentication codes (MACs) to use to encrypt the data. You also associate the basic policy you create with the inbound node.

Note: You must have SSH keys to authenticate Secure Proxy to the inbound node (local host keys) and to authenticate the outbound SFTP server to Secure Proxy (known host keys). Create a key store for the keys and check the keys into the key store. Refer to Manage Local Host Key Stores and Keys for instructions on creating a local host key store and add a key to the key store. Refer to Manage Known Host Key Stores and Keys for instructions on creating the known host key store and importing the key. If Secure Proxy is required by the SFTP server to present its user key for authentication, you must have SSH keys for the local user for this authentication exchange. Refer to Manage Local User Key Stores and Keys for instructions on creating the local host key store and importing the key.

Configuration Manager Field	Feature	Value
Netmap Name	Netmap name.
Inbound Trading Partner Information
Inbound Node Name	Trading partner name (name to assign to inbound node definition).	No spaces allowed.
Peer Address Pattern	Host name/IP address pattern.	* Specifying * for this value allows all inbound nodes configured on the SFTP server as trading partners to connect to the SFTP server. To define a more specific node definition, see Define SFTP Connection Requirements Between Secure Proxy and Inbound Nodes.
Policy	Name of policy you create. (Select it from the pull-down list.)
Outbound SFTP Server Connection
Outbound Node Name	Outbound SFTP server node name.
Primary Destination Address	Host name/IP address of SFTP server.
Primary Destination Port	Port number to connect to SFTP server.
Known Host Key Store	Name of the key store where the known host key is stored.
Known Host Key	Location and name of the public key presented to Secure Proxy by the outbound SFTP server during authentication.

Create an SFTP adapter that defines information necessary to establish SFTP connections to and from Secure Proxy. When you configure the adapter, select the basic netmap and outbound SFTP server in the netmap definition and the local host key that Secure Proxy presents to its clients.

Configuration Manager Field	Feature	Value
Adapter Name	Adapter name.
Listen Port	Listen port to use for inbound connections.
Netmap	Netmap to associate with the adapter.
Standard Routing Node	Name of the outbound node corresponding to the Sterling B2B Integrator server where inbound connections are routed.
Engine	Engine to run on.
Startup Mode	How the adapter is started. auto starts the adapter as soon as it is pushed to the engine. manual requires that the adapter be manually started.
Local Host Key Store	Name of the key store where the local host key is stored.
Local Host Key	Location and name of the private part of the key presented by Secure Proxy to the inbound connection during authentication.
Available Cipher Suites Selected Cipher Suites	Cipher suites to enable. (Be sure to match the configuration of the SFTP client.)
Available MAC Suites Selected MAC Suites	MAC suites to enable. (Be sure to match the configuration of the SFTP client.)
Available Key Exchange Selected Key Exchange	Key exchange to enable. (Be sure to match the configuration of the SFTP client.)