Example: How to configure a protocol bridge agent to use private key credentials with a UNIX SFTP server
This example demonstrates how you can generate and configure the ProtocolBridgeCredentials.xml file. This example is a typical example and the details might vary according to your platform, but the principles remain the same.
About this task
Procedure
- On the SFTP client, log on with the login ID to be passed to the SFTP server by the protocol bridge agent and run the ssh-keygen command to create a public/private key sequence. Supply a pass phrase when asked for one. The ssh-keygen command generates the following two files: id_rsa and id_rsa.pub. If you need DSA format, use -t dsa when you run the ssh-keygen command
- Copy the contents of the id_rsa.pub file into the ~/.ssh/authorized_keys file of the SFTP user on the SFTP server. Ensure that the SFTP file server process has read access to this file.
- Run the following command to obtain the host ssh fingerprint of the SFTP server: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
- On the protocol bridge agent system, edit the ProtocolBridgeCredentials.xml file
in the agent properties directory. Substitute the values shown in
italics in the following example with your own values:
where:<tns:credentials xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeCredentials" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeCredentials ProtocolBridgeCredentials.xsd "> <tns:serverHost name="SFTP_host_name"> <tns:user name="mq_User_ID" serverUserId="SFTP_user_ID" hostKey="ssh_host_finger"> <tns:privateKey associationName="name" keyPassword="pass_phrase"> Complete contents of the id_rsa file including the entries -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- </tns:privateKey> </tns:user> </tns:serverHost> </tns:credentials>
- SFTP_host_name is the name of the SFTP server as shown in the agent.properties file.
- mq_User_ID is the MQMD user ID associated with the transfer request.
- SFTP_user_ID is the SFTP user ID as used in step 2. It is the value passed to the SFTP serve as the login user ID.
- ssh_host_finger is the fingerprint collected in step 3.
- name is a name that you can specify to be used for trace and logging purposes.
- pass_phrase is the pass phrase you provided in the ssh-keygen in step 1.
- Complete contents of the id_rsa file is
the complete contents of the generated id_rsa file
from step 1. To prevent a connection error, ensure that you include
both of the following entries:
-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
You can add additional keys by duplicating the <tns:privatekey> element.
- Start the protocol bridge agent if the agent is not already started. Alternatively, the protocol bridge agent periodically polls the ProtocolBridgeCredentials.xml file and pick up the changes.
Related concepts:
Related reference:
Related information:

Feedback

http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/protocol_bridge_private_key.htm