Question & Answer
Question
Your server allows or requires key based SFTP or SCP authentication; however, there is no field in the DataPower configuration to provide key objects for an SFTP or SCP log target upload. Is there a way to use key-based authentication for SCP or SFTP log target uploads?
Answer
When configuring a Log Target object to upload to an SFTP or SCP server, set the following properties:
- In the Target Type field, select "File"
- In the Archive Mode field, select "Upload"
- In the Upload Protocol field, select "SCP" or "SFTP"
When you select these properties, the Destination Configuration section displays.
For SCP and SFTP protocols: File Name, Remote Host, and Remote Login are the only required fields, because the upload will be using key-based authentication. However, the object needs a password (it can be a dummy password) in order to save it.
If no password is specified, Public key authentication can be configured by adding a Public Key Auth policy in the 'default' instance of the User Agent on your current domain.
The Public Key Auth policy associates a set of URLs, determined by a URL Matching Expression, with a Private Key.
The Policy contains two properties:
- A private key that matches a valid public key which is in your authorized_keys file of your server.
- A URL Matching Expression that filters only the URLs to which you wish to apply this Private Key.
If both password and public key authentication are configured on the log target, public key authentication is given the priority.
When testing this configuration, if your upload fails with the error message "Operation Timed Out" then please refer to Technote 1627164, DataPower appliance Log Target upload file fails with the message "Operation Timed Out" when mismatch protocol or port.
Related Information
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21632990