Set Up Trading Partner Profiles for SSH/SFTP
After you have gathered and recorded your external trading partner's SFTP server configuration information, you must set up a trading partner profile for them.
- Select Trading Partners > SSH > Remote Profiles.
- Next to Create, click Go!
Complete the following fields using the information collected using the worksheet from
Exchange Information With the SFTP Trading Partner.
Important: The values entered for these parameters in the SFTP Client Begin Session Service configuration override the settings specified here.
Field Description Profile name Name of the SSH remote profile. Remote host External Trading Partner host system (SFTP server IP Address or DNS name).Note: The Remote Host field accepts only alphanumeric and dash characters. Remote port External Trading Partner port number. Known host key Public key used to authenticate remote SFTP servers to the Sterling B2B Integrator SFTP Client.Note: With V5.2.5 and higher, you can check in multiple Known Host Keys and select them from the list to choose keys from the known host key ring. This allows the SFTP Begin Client Session service to connect to different SFTP servers as long as the Known Host Keys for these servers are referenced in the SSH Remote Profile. This can be useful, for example, if you need to send files using SFTP to a load-balanced DNS server with a virtual IP address. Remote user SFTP remote login username.Note: The Remote User field accepts only alphanumeric, dash, underscore, and "$" characters. Preferred Authentication Type Method used to authenticate users. Valid values are: password, public key SSH Password SFTP remote login password.Important: The maximum length for the password in the password field is 55 characters. User Identity Key Private/Public key pair used to identify Sterling B2B Integrator as a user on a remote server. Generate this key within Sterling B2B Integrator and provide the public part of the key to your trading partner. Directory Directory on the trading partner's SFTP server. Character Encoding The encoding format used to encode all outgoing commands and incoming data. If CharacterEncoding is not specified, the default system encoding will be used. Valid value is any valid encoding scheme supported by Java. Optional. Compression Specifies whether data is to be compressed, which reduces the amount of data transmitted as the file is copied from one node to another. The file will be automatically decompressed at the destination. Required. Valid values: None, ZLIB. Default is None. Connection Retry Count The number of times the service will try to connect to the Trading Partner System. Connection retries occur only with TCP/IP related issues. Optional. Valid value is any numeric value from 1 to 50. Default is 1.While using the Connection Retry Count parameter, set the Response Timeout value to wait longer than the total time for Retry Delay and Connection Retry Count parameters. This setting allows the business process to remain active to perform the retries before the session times out and terminates. The following example illustrates the setting where the value of the Response Timeout (300) is greater than the total time taken by Retry Delay and Connection Retry Count parameters (30*5=150):
<assign to="ResponseTimeout"> 300</assign> <assign to="RetryDelay">30</assign> <assign to="ConnectionRetries"> 5</assign>
Retry Delay (secs) Number of seconds the adapter will wait before retrying. Optional. Valid value is any numeric value from 100 to 7200,000 seconds.Note: The minimum value for Retry Delay is 100 seconds. Response Timeout (secs) The maximum number of seconds it can take for the trading partner system to respond before the session times out and terminates. If a number less than 30 is specified, 30 seconds will be used. Optional. Preferred Cipher The cipher the client prefers to use for both client to server and server to client stream encryption. Required. Default is blowfish-cbc.
Sterling B2B Integrator 220.127.116.11 and higher: If you do not want to use CBC ciphers, set the supportCBCCiphers property in security.properties to false. The default value is true.To disable CBC ciphers:
- Stop Sterling B2B Integrator.
- Modify the customer_overrides.properties file to add the following line: security.supportCBCCiphers=false. Or, you can add the line supportCBCCiphers=false to the security.properties file.
- Start Sterling B2B Integrator.
After the CBC ciphers are disabled, they will not be displayed in the Preferred Ciphers field in the SFTP Server Adapter, the SFTP Client Begin Session Service, or the SSH Remote Profile.Valid values are:
Note: You can also specify the SSH ciphers to be used by updating SSHCipherList in the security.properties file.
Preferred MAC (Message Authentication Code) Algorithm The MAC the client prefers to use for stream encryption. Required. Valid values are:
- hmac-sha1-96 (V5.2.5_15 or later)
- hmac-md5-96 (V5.2.5_15 or later)
Default is hmac-sha1.Note: You can also specify the SSH MAC algorithms to be used by updating SSHMACAlgList in the security.properties file.
Local Port Range Any valid port number(s) not being used by another application running on the system. A port in the specified range will be used to establish an SSH channel to the remote SFTP server. Optional. Valid values are:
- (empty) - system selects an available port
- 0 - system selects an available port
- nnnn - use specified port nnnn, for example 9012
- nn-yy - use a port in the range of nn to yy, for example 462-863 would use a port in the range of 462 to 863, inclusive
Multiples of the above values can be specified, separated by commas, for example 9012, 462-863, 4925.
- Click Next.
- Confirm your information and click Finish.