In this post we will see how to configure SFTP Embedded transfers in oracle MFT console using public and private key pair based authentication.
For achieving this we have to follow the below steps.
Generate public and private key pair on the SFTP machine and copy the public to oracle MFT server.
We will generate these keys using SSH-KEYGEN utility and copy the .pub file to MFT server.
Command–> ssh-keygen \-t rsa \-b 2048
Generate public and private key pair in the MFT server.
We will generate these keys using SSH-KEYGEN utility.
Command –> ssh-keygen \-t rsa \-b 2048
Now we have to import the private key from MFT machine to MFT server keystore.
For doing this we are using wlst script.
login in your mft server.
login as: testuser
Using keyboard-interactive authentication.
testuser @localhost:~$ pwd
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PRIVATE’, ‘MFTAlias’, ‘/home/oracle/.ssh/sftplocalmft’)
CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PRIVATE’)
‘MFTAlias’, Format PKCS#8, RSA
STEP 4 –>
Now we have to import the public key of remote SFTP host to MFT server.
wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_RemotePub’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
‘MFT_ RemotePub’, Format X.509, RSA
Exiting WebLogic Scripting Tool.
Now login to MFT console , go to Administration tab.
Inside Embedded Servers, go to sFTP tab and enable SFTP by checking the checkbox, Set authentication as Public Key, Set the host key alias as private key alias set during import in Step 3 and save and click on START button.
Now we have to Configure MFT users and corresponding SFTP directories to be used by remote partners
Go to Administration Tab, configure the user and the SFTP root directory, which will be used by in remote SFTP client session. Note that the userID will be the same as the Public Key Alias, used while importing the public key in Step4.
STEP 7 –>
Now we have to configure the Keystore in MFT console with the private alias we have created in above steps.
Login to MFT console and click on Administration tab.
On the left hand side you will see “keystores”, click on it to configure your keystore.
Provide the key store password for “default keystore” and “SSH Keystore”.
Now we have to save the changes by clicking “SAVE” button.
Now we have to restart the embedded SFTP Server.
The embedded SFTP Server should be restarted for any embedded server related configuration changes to take effect. In case the SFTP server is not running, it can be started now.
Now Create the SFTP Embedded source and use it.