search

ibm-messaging / mq-container-mft

Samples for integrating MQ MFT in Cloud scenarios
13 stars 12 forks source link

MFT Bridge Agent on CP4I over Openshift - SSH Key Authentication with SFTP not Supported #16

Open josephsadek opened 1 month ago

josephsadek commented 1 month ago

I am contacting you regarding an issue with the MFT Bridge Agent deployed on Cloud Pak for Integration (CP4I) over Openshift. The current image version of the Bridge Agent does not seem to support SSH key authentication with SFTP.

Current Situation:

We are using MFT Bridge Agent on CP4I deployed on an Openshift cluster. We are attempting to configure the Bridge Agent to connect to an SFTP server using SSH key authentication. However, the current Bridge Agent image does not appear to have the functionality to achieve this. Desired Outcome:

We would like to be able to configure the MFT Bridge Agent to connect to SFTP servers using SSH key authentication for secure file transfer.

Request:

Please confirm if the current MFT Bridge Agent image version supports SSH key authentication with SFTP. If not supported, please advise on the following: Is there a planned update to the Bridge Agent that will include SSH key authentication support for SFTP? Are there any workarounds or alternative configurations that can be used to achieve secure file transfer with SFTP using the current Bridge Agent image?

ShashikanthRaoT commented 1 month ago

@josephsadek Thanks for raising the issue.

Just to get more clarification on the requirement: I am assuming you meant to use the ssh privatekey of the sftp server to connect to sftp server. Along with the private key you need password for the private key and host key as well. This support is already available in the non-container MFT but not in container. The private key and others are provided through ProtocolBridgeCredentials.xml file in non-container world - as an example here:

    <tns:agent name="agentName">
        <tns:server name="sftp server name">
            <tns:user name=".*" serverUserId="<sftpuserid>" hostKey="<hostKey>">
                <tns:privateKey associationName="<some assoc name>" keyPassword="<password for private key>"> 
-----BEGIN RSA PRIVATE KEY-----
< private key added hre>
-----END RSA PRIVATE KEY-----
                </tns:privateKey>
            </tns:user>
        </tns:server>
    </tns:agent>

Please confirm if this what you are looking for.

Thank you.

josephsadek commented 1 month ago

Hi Shashikanth,

Thnaks for your feedback, I looking for use private key and host key on MFT in container.

ShashikanthRaoT commented 2 weeks ago

The issue reported above has been fixed in the latest MQ 9.4.0.0 MFT image - icr.io/ibm-messaging/mqmft:latest. SSH Private key can now be used for connecting SFTP servers. Please see details in https://github.com/ibm-messaging/mq-container-mft/blob/master/docs/custompbacred.md on how to supply SSH private key through a configMap. Please test with the latest image.

Thank you