SFTP Connections
SFTP connections to connect to SFTP servers
Binary Snaps use SFTP (Secure File Transfer Protocol) connections to connect to SFTP servers. The primary use cases in Binary Snaps are:
- Reading files from remote SFTP servers using Reader Snaps (Directory Browser, File Reader and Multifile Reader).
- Writing files to SFTP destinations using Writer Snaps.
- Moving and archiving files between different locations.
- Downloading files from remote FTP servers via SFTP to local share folders.
You can configure the following SFTP settings in the global properties. These settings are used when using the SFTP protocol with File read, write, and browse type Snaps.
| SFTP Setting | Description |
|---|---|
sftpSessionTimeoutSec |
The session objects are stored in the internal cache of the
Snaplex node for up to the value in seconds of this property.
When the SFTP file protocol is used in any Binary Snap, the
session cache is examined and, if any session has been idling
for longer than this property value, the session object is
closed and removed from the cache. Default value: 3600 |
cacheSftpSessions |
If Default value: True |
maxSftpChannels |
The maximum number of concurrent channels open per session
(default value is 1). You can obtain the correct
value to specify for Typically, multiple concurrent channels can be opened in each
session. You can use each channel to perform a
read/write/get command. The maximum number of concurrent
sessions per client IP address is also limited by the SFTP
server settings. For example, if the maximum number of
sessions allowed is 8 and |
enableJschLogger |
Enable or disable extra logging from SFTP Default value: False |
SFTP_TIMEOUT_MILLIS |
The number of milliseconds to wait for an SFTP connection to be established Default value: 30000 |
SFTP_CONNECTION_RETRY |
The number of times to retry a connection Default value: 3 |
SFTP_RETRY_DELAY_MILLIS |
The delay between retries, in milliseconds Default value: 1000 |
ftpsDelayBeforeClosing |
Set to 1 or more if an FTPS file is truncated after being written by a File Writer Snap without any error. Default value: 0, (time unit is in seconds) |
ftpDelayBeforeClosing |
Set to 1 or more if an FTPS file is truncated after being written by the File Writer Snap without any error. Default value: 1, (time unit is in seconds) |
|
Note: As these options are configured through the
jcc.jvm_options entry in global
properties, the JCC needs to be restarted for the change to
take effect. |
|
Supported SFTP properties
| Value | What it does |
|---|---|
-Dsftp.kex=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) acceptable kex (key
exchange algorithms) list for the connection negotiation to the
SFTP server. Example: -Dsftp.kex=diffie-hellman-group1-sha1 |
-Dsftp.server_host_key=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported
server_host_key algorithms list for the connection negotiation
to the SFTP server. Example: -Dsftp.server_host_key=ssh-rsa |
-Dsftp.client_pubkey=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported
PubkeyAcceptedAlgorithms list for the connection negotiation to
the SFTP server. Example: -Dsftp.client_pubkey=ssh-rsa |
-Dsftp.cipher=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported cipher
algorithms list for both s2c (server to client) and c2s (client
to server) for the connection negotiation to the SFTP server.
Example: -Dsftp.cipher=aes128-ctr |
-Dsftp.mac=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported mac
algorithms list for both s2c (server to client) and c2s (client
to server) for the connection negotiation to the SFTP server.
Example: -Dsftp.mac=hmac-sha1 |
-Dsftp.check_ciphers=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported CheckCiphers
list for the connection negotiation to the SFTP server.
Example: -Dsftp.check_ciphers=aes256-ctr |
-Dsftp.check_kexes=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported CheckKexes
list for the connection negotiation to the SFTP server.
Example: -Dsftp.check_kexes=diffie-hellman-group14-sha1 |
-Dsftp.check_signatures=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported
CheckSignatures list for the connection negotiation to the SFTP
server. Example: -Dsftp.check_signatures=ecdsa-sha2-nistp256 |
-Dsftp.check_macs=<algorithm(s)> |
Appends to the client’s (SnapLogic’s) supported CheckMacs
list for the connection negotiation to the SFTP server.
Example: -Dsftp.check_macs=hmac-sha2-256 |
Troubleshooting for SFTP connections
When you experience any connectivity issues with your SFTP connection, it might be because of the use of the deprecated algorithms. You can address such exceptions based on their cause, as follows:
| Exception | Resolution |
|---|---|
Caused by: com.jcraft.jsch.JSchAlgoNegoFailException:
Algorithm negotiation fail
|
This occurs when the client and server cannot agree on
cryptographic algorithms. Possible causes include unsupported or
disabled algorithms, or a mismatch in KEX/Cipher suites.
|
Caused by: com.jcraft.jsch.JSchException: Auth fail for
methods 'publickey,password'
|
Likely due to incorrect usernames, private key mismatches,
or server-side permission issues (e.g.,
authorized_keys). Set the following properties in the node: Key:
Value:
|
java.io.IOException: Failed to get SFTP session
connected
|
You can either remove or increase the timeout value in the
JVM options from your Snaplex settings.
|
Caused by: java.io.IOException: Failed to get SFTP
session connected at
com.snaplogic.snap.api.fs.sftp.SftpSessionProducer.connectSession
|
Set the following property in the node to resolve
negotiation failures during the session producer phase:
|
com.jcraft.jsch.JSchException: Auth cancel for methods
'password,publickey,keyboard-interactive'
|
Authentication was cancelled by the server or client. Verify that the credentials provided match the authentication methods allowed by the SFTP server. |