Configuring SFTP Embedded Transfers using key based authentication in Oracle MFT – SOA Suite 12C

In this post we will see how to configure SFTP Embedded transfers in oracle MFT console using public and private key pair based authentication.

For achieving this we have to follow the below steps.

STEP 1–>

Generate public and private key pair on the SFTP machine and copy the public to oracle MFT server.

We will generate these keys using SSH-KEYGEN utility and copy the .pub file to MFT server.

Command–> ssh-keygen \-t rsa \-b 2048

STEP 2–>

Generate public and private key pair in the MFT server.

We will generate these keys using SSH-KEYGEN utility.

Command –> ssh-keygen \-t rsa \-b 2048

STEP 3–>

Now we have to import the private key from MFT machine to MFT server keystore.

For doing this we are using wlst script.

login in your mft server.

login as: testuser
Using keyboard-interactive authentication.
Password:
#######################################
testuser @localhost:~$ pwd
/export/home/testuser
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands

wls:/offline> connect(“weblogic”,”weblogic?,”t3://localhost:9003?)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PRIVATE’, ‘MFTAlias’, ‘/home/oracle/.ssh/sftplocalmft’) 

CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PRIVATE’)
Key Details
————————————————————————–
‘MFTAlias’, Format PKCS#8, RSA

STEP 4 –>

Now we have to import the public key of remote SFTP host to MFT server.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_RemotePub’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
Key Details
————————————————————————–
‘MFT_ RemotePub’, Format X.509, RSA

wls:/base_domain/serverConfig> exit()

Exiting WebLogic Scripting Tool.

 STEP 5–>

Now login to MFT console , go to Administration tab.

Inside Embedded Servers, go to sFTP tab and enable SFTP by checking the checkbox, Set authentication as Public Key, Set the host key alias as private key alias set during import in Step 3 and save and click on START button.

Embsftp1.jpg

STEP 6–>

Now we have to Configure MFT users and corresponding SFTP directories to be used by remote partners

Go to Administration Tab, configure the user and the SFTP root directory, which will be used by in remote SFTP client session. Note that the userID will be the same as the Public Key Alias, used while importing the public key in Step4.

STEP 7 –>

Now we have to configure the Keystore in MFT console with the private alias we have created in above steps.

Login to MFT console and click on Administration tab.

On the left hand side you will see “keystores”, click on it to configure your keystore.

Provide the key store password for “default keystore” and “SSH  Keystore”.

Embsftp2

Now we have to save the changes by clicking “SAVE” button.

STEP 8–>

Now we have to restart the embedded SFTP Server.

The embedded SFTP Server should be restarted for any embedded server related configuration changes to take effect. In case the SFTP server is not running, it can be started now.

STEP 9–>

Now Create the SFTP Embedded source and use it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s