Example: How to configure a protocol bridge agent to use private key credentials with a UNIX SFTP server

This example demonstrates how you can generate and configure the ProtocolBridgeCredentials.xml file. This example is a typical example and the details might vary according to your platform, but the principles remain the same.

About this task

Procedure

  1. On the SFTP client, log on with the login ID to be passed to the SFTP server by the protocol bridge agent and run the ssh-keygen command to create a public/private key sequence. Supply a pass phrase when asked for one. The ssh-keygen command generates the following two files: id_rsa and id_rsa.pub. If you need DSA format, use -t dsa when you run the ssh-keygen command
  2. Copy the contents of the id_rsa.pub file into the ~/.ssh/authorized_keys file of the SFTP user on the SFTP server. Ensure that the SFTP file server process has read access to this file.
  3. Run the following command to obtain the host ssh fingerprint of the SFTP server: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
  4. On the protocol bridge agent system, edit the ProtocolBridgeCredentials.xml file in the agent properties directory. Substitute the values shown in italics in the following example with your own values:
    <tns:credentials xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeCredentials"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeCredentials ProtocolBridgeCredentials.xsd ">
    
    <tns:serverHost name="SFTP_host_name">
    
    <tns:user name="mq_User_ID" serverUserId="SFTP_user_ID" hostKey="ssh_host_finger">
    <tns:privateKey associationName="name" keyPassword="pass_phrase">
     Complete contents of the id_rsa file including the entries
     -----BEGIN RSA PRIVATE KEY----- 
    
     -----END RSA PRIVATE KEY----- 
    </tns:privateKey>
    </tns:user>
    
    </tns:serverHost>
    </tns:credentials>
    
     
    where:
    • SFTP_host_name is the name of the SFTP server as shown in the agent.properties file.
    • mq_User_ID is the MQMD user ID associated with the transfer request.
    • SFTP_user_ID is the SFTP user ID as used in step 2. It is the value passed to the SFTP serve as the login user ID.
    • ssh_host_finger is the fingerprint collected in step 3.
    • name is a name that you can specify to be used for trace and logging purposes.
    • pass_phrase is the pass phrase you provided in the ssh-keygen in step 1.
    • Complete contents of the id_rsa file is the complete contents of the generated id_rsa file from step 1. To prevent a connection error, ensure that you include both of the following entries:
      -----BEGIN RSA PRIVATE KEY----- 
      
      -----END RSA PRIVATE KEY----- 

    You can add additional keys by duplicating the <tns:privatekey> element.

  5. Start the protocol bridge agent if the agent is not already started. Alternatively, the protocol bridge agent periodically polls the ProtocolBridgeCredentials.xml file and pick up the changes.

Task Task

Feedback

Timestamp icon Last updated: Tuesday, 30 January 2018
http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/protocol_bridge_private_key.htm