This project has moved. For the latest updates, please go here.

Failed to send files using identityfile

Jul 22, 2010 at 2:45 PM
Edited Jul 22, 2010 at 2:52 PM

Hi all, I have tried to set up a sftp connection to a sftp server using an identityfile to authenticate to the server.
Manually using the Bitvise Tunnelier is working fine but when using BizTalk I get the following error:



Method: Blogical.Shared.Adapters.Sftp.SftpTransmitterEndpoint.ProcessMessage
Error: Unable to transmit file /swedATM/%SoureFileName%.
Inner Exception:
Unable write file to /swedATM/%SoureFileName%
Unable to connect to Sftp host [216.205.158.87]

------------------------------
Information:
Type: Blogical.Shared.Adapters.Sftp.SftpException
Target: Microsoft.BizTalk.Message.Interop.IBaseMessage ProcessMessageInternal(Microsoft.BizTalk.Message.Interop.IBaseMessage, Blogical.Shared.Adapters.Sftp.ISftp)
Message: Unable to transmit file /swedATM/%SoureFileName%.
Inner Exception:
Unable write file to /swedATM/%SoureFileName%
Unable to connect to Sftp host [216.205.158.87]
Stacktrace:
   at Blogical.Shared.Adapters.Sftp.SftpTransmitterEndpoint.ProcessMessageInternal(IBaseMessage message, ISftp sftp)
   at Blogical.Shared.Adapters.Sftp.SftpTransmitterEndpoint.ProcessMessage(IBaseMessage message)

------------------------------
Type: Blogical.Shared.Adapters.Sftp.SftpException
Target: Void Put(System.IO.Stream, System.String)
Message: Unable write file to /swedATM/%SoureFileName%
Stacktrace:
   at Blogical.Shared.Adapters.Sftp.SharpSsh.Sftp.Put(Stream memStream, String destination)
   at Blogical.Shared.Adapters.Sftp.SftpTransmitterEndpoint.ProcessMessageInternal(IBaseMessage message, ISftp sftp)


------------------------------
Type: System.Exception
Target: Void connect(Boolean)
Message: Unable to connect to Sftp host [216.205.158.87]
Stacktrace:
   at Blogical.Shared.Adapters.Sftp.SharpSsh.Sftp.connect(Boolean force)
   at Blogical.Shared.Adapters.Sftp.SharpSsh.Sftp.reConnect()
   at Blogical.Shared.Adapters.Sftp.SharpSsh.Sftp.Put(Stream memStream, String destination)


------------------------------
Type: Tamir.SharpSsh.jsch.JSchException
Target: Void connect(Int32)
Message: Auth fail
Stacktrace:
   at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout)
   at Tamir.SharpSsh.SshBase.ConnectSession(Int32 tcpPort)
   at Tamir.SharpSsh.SshBase.Connect(Int32 tcpPort)
   at Blogical.Shared.Adapters.Sftp.SharpSsh.Sftp.connect(Boolean force)


The trace from DebugView:

[3600] [SftpTransmitterEndpoint] Created...
[3600] [SftpTransmitProperties] ReadLocationConfiguration called
[3600] [SftpTransmitProperties] Username/Password Authentication
[3600] [SftpConnectionPool] GetConnectionFromPool found a free connection in the pool
[3600] [SftpTransmitterEndpoint] Sftp.Put /swedATM/%SoureFileName%
[3600] [SftpConnectionPool] Connection has timed out


It seems that the adapter uses the Username/Password authentication and not the certificate.
From the SFTP server log I got the following error: "...Failed password for xxxxxx..."

I have generated a keypair with the Keypair manager in Bitvise Tunnelier and exported both the public & private key with openSSH.
The Private key have I sent to the customer hosting the server and they have imported the key.
In BizTalk I have configured the Identityfile property to the genereated public key file.

What can be wrong with this setup? Thanks for all help!

Kind regards

Coordinator
Jul 22, 2010 at 10:38 PM

Hi, sorry to hear you having problems.

What version are you using?

Have you tried resetting the password?

//Mikael

Jul 23, 2010 at 9:37 AM
Edited Jul 23, 2010 at 9:39 AM

Hi Mikael,

- What version are you using?

I am using the 1.3.3 version of the adapter.

- Have you tried resetting the password?

I havn't configured a password and that is the strange thing I guess.
Although I tried to reset the password but it didn't help.
Then I reconfigured the send port again but the same error occurs again.
I tried to use teststation you offered in an earlier discussion but I get an unhandled exception when trying to connect to the sftp server.

//Tomas

Coordinator
Jul 23, 2010 at 11:12 AM

I took a look at the code and it seams the trace message is wrong:

            if (!String.IsNullOrEmpty(this._ssoApplication))
            {
                TraceMessage("[SftpReceiverEndpoint] SSO Authetication");
                try
                {
                    this._sshUser = SSOConfigHelper.Read(this._ssoApplication, "UserName");
                    this._sshPasswordProperty = SSOConfigHelper.Read(this._ssoApplication, "Password");
                }
                catch (Exception e)
                {
                    throw new Exception(@"Unable to read properties from SSO database. Make sure to use ""UserName"" and ""Password"" as fields", e);  
                }
            }
            else
            {
                TraceMessage("[SftpReceiverEndpoint] Username/Password Authentication");
                this._sshUser = Extract(endpointConfig, "/Config/user", String.Empty);
                this._sshPasswordProperty = IfExistsExtract(endpointConfig, "/Config/password", String.Empty);
            }

 There are three ways to authenticate: Username/password, identityfile or via SSO (which is also username/password). A better message would have been "Authenticating information is collected from port configuration" I guess. I'd recommend downloading the latest version as it is much more verbose when it comes to tracing.

This means the problem lies elsewhere. I my first guess would be the identity file. Sharp SSH supports publickey (RSA, DSA). I've seen this problem before when I tried to generate the key via putty. Would it be possible to generate the key using tunnelier or some other tool? For more info on Sharp SSH: http://www.tamirgal.com/blog/page/SharpSSH.aspx

HTH

//Mikael 

 

 

Jul 26, 2010 at 7:11 AM

Yes, it seems that the trace message could be better.

I have generated the identity file using Tunnelier and have succeeded in connecting to the SFTP site using Tunnelier but not when I'm using the SFPT adapter in BizTalk.

Do you have any other tips when authenticate using the Identity file? Thanks for all help.

//Tomas

Jul 26, 2010 at 12:14 PM

We have a similar problem. The version of SFTP adpater is 1.3.3. It turns out the adapter does not even try the authentication using the identity file - only the account/password authentication.

//Antti

 

Coordinator
Jul 26, 2010 at 8:05 PM
Antti; What's makes you assume it is not? //Mikael
Jul 27, 2010 at 7:06 AM

We ran a trace on the server. The trace shows that this is the case

[2010-06-24 11:33:04.635] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Access Mananger has authorized access to *Edited*
[2010-06-24 11:33:04.635] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Client is attempting none authentication
[2010-06-24 11:33:04.635] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Posting message com.maverick.sshd.AuthenticationProtocol$3 to q
ueue
[2010-06-24 11:33:04.635] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Adding interested ops operation to selector thread SSHD-TRANSF
ER-1
[2010-06-24 11:33:04.636] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.636] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Transport protocol is expecting another packet
[2010-06-24 11:33:04.636] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** There is 0 bytes left to process on socket
[2010-06-24 11:33:04.636] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.636] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing socket WRITE event
[2010-06-24 11:33:04.636] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing APPLICATION WRITE event
[2010-06-24 11:33:04.637] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** USERAUTH_FAILURE|
SESSION_ID = [*Edited*|
AUTHENTICATION_METHOD = none|
USERNAME = *Edited*
[2010-06-24 11:33:04.637] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Sent SSH_MSG_USERAUTH_FAILURE
[2010-06-24 11:33:04.637] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Written 72 bytes to socket
[2010-06-24 11:33:04.637] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.637] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing socket WRITE event
[2010-06-24 11:33:04.638] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing APPLICATION WRITE event
[2010-06-24 11:33:04.638] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Adding interested ops operation to selector thread SSHD-TRANSF
ER-1
[2010-06-24 11:33:04.638] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.825] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing socket READ event
[2010-06-24 11:33:04.825] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Read 80 bytes from socket
[2010-06-24 11:33:04.825] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing APPLICATION READ data
[2010-06-24 11:33:04.825] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Access Mananger has authorized access to *Edited*
[2010-06-24 11:33:04.826] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Client is attempting password authentication
[2010-06-24 11:33:04.979] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Posting message com.maverick.sshd.AuthenticationProtocol$3 to q
ueue
[2010-06-24 11:33:04.979] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Adding interested ops operation to selector thread SSHD-TRANSF
ER-1
[2010-06-24 11:33:04.979] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.979] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Transport protocol is expecting another packet
[2010-06-24 11:33:04.979] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** There is 0 bytes left to process on socket
[2010-06-24 11:33:04.979] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Woke up selector thread
[2010-06-24 11:33:04.98] DEBUG 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing socket WRITE event
[2010-06-24 11:33:04.98] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Processing APPLICATION WRITE event
[2010-06-24 11:33:04.98] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** USERAUTH_FAILURE|
SESSION_ID = [*Edited*|
AUTHENTICATION_METHOD = password|
USERNAME = *Edited*
[2010-06-24 11:33:04.98] INFO 000000000000 GLOBAL_SCOPE ** MAVERICK SSHD ** Sent SSH_MSG_USERAUTH_FAILURE

I tried the latest beta with similar results. The connection works with Tunnelier.

/Antti

 

Coordinator
Jul 27, 2010 at 8:15 AM
Edited Jul 27, 2010 at 8:16 AM
Thanks Antti, this is great information. Would it be possible to run a trace for the adapter too (the 1.3.6 version)? I'm committed to fix this! //Mikael
Jul 27, 2010 at 9:53 AM

I have difficulties running the trace. I have set the trace property in the send port to true and run the debugview but nothing is captured. Is there something I have missed? Some additional information: the server is Windows 2003 and we are using BizTalk 2006 R2. I have full admin rights to the server.

/Antti

Jul 27, 2010 at 2:12 PM

I actually had to modify the code so that trace messages were written to a file. Even if the trace says timeout, this is not the case. Actually the cause is failed authentication (according to stack trace). Here is the adapter trace:

[SftpTransmitterEndpoint] Created...
[SftpTransmitProperties] ReadLocationConfiguration called
[SftpTransmitProperties] Username/Password Authentication
[SftpConnectionPool] Started...
[SftpConnectionPool] GetConnectionFromPool creating a new connection for pool
[SftpTransmitterEndpoint] Sftp.Put /Inbound/Test.txt
[SftpConnectionPool] Connecting to *edited*
[SftpConnectionPool] Disconnecting from *edited*
[SftpConnectionPool] Connection has timed out
[SftpConnectionPool] Reconnecting to *edited*
[SftpConnectionPool] Connecting to *edited*
[SftpConnectionPool] Connection has timed out
[SftpTransmitterEndpoint] Exception: [SftpTransmitterEndpoint] Unable to transmit file /Inbound/FortumTest.txt.
Inner Exception:
Unable write file to /Inbound/FortumTest.txt
Unable to connect to Sftp host [*edited*]
[SftpConnectionPool] Overriding connection pool settings
[SftpConnectionPool] ReleaseConnectionToPool releasing connection to pool

/Antti

 

Jul 27, 2010 at 3:45 PM

I have even created a new key pair using Tunnelier. No luck.

/Antti

Jul 28, 2010 at 9:06 AM

I installed WinSSHD 5.18 to test this locally. Using the same key pair I was able to upload a file to this SFTP server. Still no luck with the Maveric server.

/Antti

Jul 29, 2010 at 9:29 AM

I think I have spotted the problem. The adapter sends an empty password in case it has not been specified. There is a check for a null password in the code but it really should be for null or empty.
There are differences with SFTP servers. WinSSHD is more forgiving than server that is part of Gentran Integration Suite. Here is the server trace for a successful operation.

[2010-07-28 18:18:11.594] ALL 000000000000 GLOBAL_SCOPE AUDIT: User [*edited*] authenticated via public key.
[2010-07-28 18:18:12.529] ALL 000000000000 GLOBAL_SCOPE AUDIT: User [*edited*] is opening file [/Inbound/Test.txt] for transfer.
[2010-07-28 18:20:20.913] ALL 000000000000 GLOBAL_SCOPE AUDIT: User [*edited*] authenticated via public key.
[2010-07-28 18:25:16.947] ALL 000000000000 GLOBAL_SCOPE AUDIT: User [*edited*] logged off.

I have made a temporary change into the module SshBase.cs but it really should be done in the adapter code.

if (!string.IsNullOrEmpty(Password))
m_session.setUserInfo(new KeyboardInteractiveUserInfo(Password));

/Antti

Coordinator
Jul 29, 2010 at 8:40 PM

Antti, thanks alot for all the work you've put into this issue.

So if I understand you correctly; authenticating using identity file, causes a problem as the password is not null. I agree with you, this should be handled at the adapter level, and I'm thinking of updating the constructor of the Sftp class:

        public Sftp(string host, string user, string password, string identityFile, int port, string passphrase, bool debugTrace)
        {
            if (string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(identityFile))
                     password = null;

            this._applicationStorage = ApplicationStorageHelper.Load();
            this._sftp = new SshTransfer(host, user, password);
            this._identityFile = identityFile;
            this._host = host;
            this._user = user;
            this._password=password;
            this._port = port;
            this._passphrase = passphrase;
            this.DebugTrace = debugTrace;
        }
This code will nullify the password if the password is blank and the identityfile is set. This will eliminate the possibility of using idenityfile with a blank password. I don't think this should be a problem as very few uses username/password + identityfile, espesially with a blank password. 
Any thoughts?
//Mikael
Jul 30, 2010 at 7:33 AM

Hi,

That would fix the problem and I doubt there are any side effects.

Thanks,

Antti

From: wmmihaa [mailto:notifications@codeplex.com]
Sent: 29. heinäkuuta 2010 22:41
To: Somersalo Antti
Subject: Re: Failed to send files using identityfile [SftpAdapter:220746]

From: wmmihaa

Antti, thanks alot for all the work you've put into this issue.

So if I understand you correctly; authenticating using identity file, causes a problem as the password is not null. I agree with you, this should be handled at the adapter level, and I'm thinking of updating the constructor of the Sftp class:

        public Sftp(string host, string user, string password, string identityFile, int port, string passphrase, bool debugTrace)
        {
            if (string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(identityFile))
                     password = null;
 
            this._applicationStorage = ApplicationStorageHelper.Load();
            this._sftp = new SshTransfer(host, user, password);
            this._identityFile = identityFile;
            this._host = host;
            this._user = user;
            this._password=password;
            this._port = port;
            this._passphrase = passphrase;
            this.DebugTrace = debugTrace;
        }
This code will nullify the password if the password is blank and the identityfile is set. This will eliminate the possibility of using idenityfile with a blank password. I don't think this should be a problem as very few uses username/password + identityfile, espesially with a blank password. 
Any thoughts?
//Mikael

Read the full discussion online.

To add a post to this discussion, reply to this email (SftpAdapter@discussions.codeplex.com)

To start a new discussion for this project, email SftpAdapter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Coordinator
Aug 1, 2010 at 8:13 AM
Edited Aug 1, 2010 at 8:14 AM

They (the CodPlex team) have changed the TFS server so I couldn't check in any changes. But it¨s updated now, and I'd be greatful it you could test it (also with WinSSHd). Looking forward to your feedback.

http://sftpadapter.codeplex.com/releases/19784/download/139662

//Mikael

Aug 2, 2010 at 7:48 AM

I can confirm that the fix works with the tested servers (WinSSHD and GIS).

/Antti

From: wmmihaa [mailto:notifications@codeplex.com]
Sent: 1. elokuuta 2010 10:14
To: Somersalo Antti
Subject: Re: Failed to send files using identityfile [SftpAdapter:220746]

From: wmmihaa

They (the CodPlex team) have changed the TFS server so I couldn't check in any changes. But it¨s updated now, and I'd be greatful it you could test it (also with WinSSHd). Looking forward to your feedback.

//Mikael

Read the full discussion online.

To add a post to this discussion, reply to this email (SftpAdapter@discussions.codeplex.com)

To start a new discussion for this project, email SftpAdapter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Coordinator
Aug 2, 2010 at 8:10 AM
Thanks Antti, let me know if there is anything else I can do.
//Mikael


From: [email removed]
To: [email removed]
Date: Sun, 1 Aug 2010 23:48:41 -0700
Subject: Re: Failed to send files using identityfile [SftpAdapter:220746]

From: somerant

I can confirm that the fix works with the tested servers (WinSSHD and GIS).

/Antti

From: wmmihaa [mailto:notifications@codeplex.com]
Sent: 1. elokuuta 2010 10:14
To: Somersalo Antti
Subject: Re: Failed to send files using identityfile [SftpAdapter:220746]

From: wmmihaa
They (the CodPlex team) have changed the TFS server so I couldn't check in any changes. But it¨s updated now, and I'd be greatful it you could test it (also with WinSSHd). Looking forward to your feedback.
//Mikael
Read the full discussion online.
To add a post to this discussion, reply to this email (SftpAdapter@discussions.codeplex.com)
To start a new discussion for this project, email SftpAdapter@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com
Read the full discussion online.
To add a post to this discussion, reply to this email (SftpAdapter@discussions.codeplex.com)
To start a new discussion for this project, email SftpAdapter@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com
Jun 21, 2012 at 10:04 PM
HI,

We are facing a similar issue with version 1.4.

"Unable write file to /XXXX/XXXX/XXXX.xml"

We are using identity file with blank password for a USER.

Any help is appreciated.

Amit