SFTP connection
The SFTP connection represents a single account, including login credentials. If you have multiple systems, you need a separate connection for each.
Connection tab
Remote Directory (Optional) - Refers to the directory (relative or absolute directory path) on the SFTP server where the connector reads files from or writes files to.
If you leave this field blank or specify a relative directory path, the connector uses the default working directory configured as the base folder on the SFTP server. You can override this value using the Remote Directory input document property. Additionally, if both the target directory document property and Remote Directory connection properties are set, the connection property overrides the document property.
Host - Refers to a domain name or IP address of the SFTP host.
Port - This refers to the command port on which the SFTP server listens for incoming connections from the SFTP client. The default port is 22.
User Name - This field refers to the account's username on the SFTP server. It is mandatory if the Authentication Type is username and password.
Password - This field refers to the password of the account on the SFTP server. It is mandatory if the Authentication Type is username and password.
Key Authentication - Click the drop-down to select the method of authentication to be used:
- None - (Default) no keys will be used during authentication, meaning only username and password are used to authenticate the user.
- Key File Path - keys will be used by their local paths defined in the fields below (Key File Path, Key File Password)
- Key File Content - keys will be used by the content of the fields defined below (Key Content, Key Content Password, Public Key Content)
Key File Path - Refers to the system path where the key is located on the server on which the runtime is running. This is a client key for authentication as the client. It is not for the server identification. This is a required field for SSH private key authentication. This field is mandatory if Authentication Type is using a Public Key. The key file is typically found here: C:\Users\<user_name>\.ssh\id_rsa. The path-based authentication works for the SSH key file generated using many kinds of generation techniques, like ssh-keygen, putty keygen, etc.
Store your client SSH keys in a folder other than the SFTP connector and not in the runtime installation directory folders because these folders may be overwritten during updates.
Key File Password - This field refers to the password used to protect the key file. It is a required field for SSH private key authentication if a passphrase protects the key. It is also mandatory if Authentication Type is using a Public Key and if the key file is password protected.
Key Content - Specify the private key content of the client system. A user can get this content from the client SSH key file. For more information about SSH key file generation and private key, refer to the Generating an SSH Key task topic.
Key Content Password - Password for the Key Content
Public Key Content - Specify the public key content of the client system. A user can get this content from the client SSH key file. For more information about SSH key file generation and public key, refer to the Generating an SSH Key task topic.
Key Pair Name - Specify the name of the SSH key pair used on the server. Your server admin can provide this information.
- If selected, authentication will be performed based on private & public key content specified, and the Client SSH Key File Path provided will be ignored.
- If cleared, authentication will be performed based on the key file placed in the specified Client SSH Key File Path.
Use Connection Pooling - This setting controls the usage of the connection pooling feature. If selected, the connector maintains a memory cache of connections and reuses the existing connections each time a new connection is requested. The connection pooling settings, like idle time, maxWait time, minIdle connections, etc., are managed in the back end. And, when a connection pool has not been used in the last three hours and has no active connections, the idle connections will be cleared off automatically. Connection pooling may help to increase performance by using resources more efficiently.
The netstat commands can be used to find the status of active connections on the server.
watch -n1 "netstat -ant \| grep ':22.\*' \| nl \| tail -n 20“ — Runs every second for the latest 20 TCP connections.
netstat -ant \| grep -c "172.31.0.24:22.\*ESTABLISHED“ — Provides the count of the established TCP connections.
netstat -nato \| grep 22 — Provides the status of the established TCP connections.
Use Proxy - Select if you want to use a proxy to connect to the SFTP server.
The SFTP connector does not support the Proxy feature in the Cloud.
Choose Proxy Type - Proxy type for connecting to the SFTP server.
Proxy Host - Refers to the proxy hostname of the proxy server to connect to the SFTP server.
Proxy Port - Refers to the proxy port of the Proxy server to connect to the SFTP server.
Proxy Username - Refers to the proxy Username that can be provided to connect to the SFTP server.
Proxy Password - Refers to the proxy password.
Known Host Entry - (Optional) Specify the hostname and SSH public key content of the SFTP server for the connector to verify/match against the associated private key and to ensure a secure connection is established to the expected server. Format for Known Host Entry value: <hostname> <algorithm> <public key content>. If the host server's public content already contains the algorithm string prefixed to the key content, e.g., ssh-rsa-AAAAB3Nza, then you only need to provide <hostname> <public key content>. The <public key content> value is stored in the /home/<user>/.ssh/known_host file (or in the Windows registry) and is matched against subsequent connection attempts. Copy the value of your specific host entry from your known_host file into the Known Host Entry field mentioned above.
While making a connection, if this field is populated, strict host key checking is enabled and this populated value will be compared to the host key provided by the server in order to proceed with connection negotiation.
If the Known Host Entry field is not populated, the known host validation will be skipped, meaning strict host key checking will be disabled.
The connector does not read the known_host file directly, and nothing needs to be added to the known_host file as part of this process. The specific host's public key will be in the known_host file if the user has previously connected to that server via an external SFTP client and accepted it. If there is not an entry in the host file already, you would have to manually access the server (outside of Boomi), accept the host into the known_host file, and then use the string for the connector, or you would have to get the public key from the SFTP vendor.
Connection Timeout (ms) - Refers to the number of milliseconds the connector waits to complete the connection handshake until it times out. If the field is blank, the connection uses the network timeout settings for the runtime or operating system.
If the SFTP server configuration includes a connection timeout value, it overrides the value provided here.
Read Timeout (ms) - Refers to the number of milliseconds that the connector waits to complete the FTP data transfer until it times out. If you leave this field blank, the connection uses the network timeout settings for the runtime or operating system. The read timeout property is for individual network read operations and not a timeout for the entire file transfer.
If the SFTP server configuration includes a connection timeout value, it overrides the value provided here.
Advanced Configuration tab
The advanced configurations on this page correspond directly to settings applied to the JSch session during client connection negotiation. Please do not modify the contents of this configuration unless you are confident in its implications. Reference the JSch README for a complete list of possible config keys and ways to configure your connection to utilize older algorithms.
Key Exchange (KEX) - This field specifies the Key Exchange (KEX) algorithms that JSch will propose to the server during connection negotiation. It allows the client and server to securely agree on a shared secret without transmitting it over the network, even if the network is being monitored. The default value is curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
Server Host Key - This field specifies the algorithms that JSch will accept for the server's host key. The server host key is used to authenticate the server to the client, ensuring that the client is connecting to the correct server. The default value is ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
Cipher (s2c) - Specifies the encryption algorithm used to secure data sent from the server to the client. The default value is aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
Cipher (c2s) - Specifies the encryption algorithm used to secure data sent from the client to the server. The default value is aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
MAC (s2c) - Message authentication code (MAC) algorithm used to verify the integrity and authenticity of data received from the server to the client. The default value is hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
MAC (c2s) - Specifies the message authentication code (MAC) algorithm used to ensure the integrity and authenticity of data sent from the client to the server. The default value is hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Compression (s2c) - Compression algorithms used to compress data sent from the server to the client. There is no default value.
Compression (c2s) - Compression algorithms used to compress data sent from the client to the server. There is no default value.
Language (s2c) - Preferred language for responses from the server to the client.
Language (c2s) - Preferred language for requests from the client to the server.
Check Kexes - A list of KEX which should be first checked for availability. All KEX in this list which are not working will be removed from the Key Exchange (KEX) field. The default value is sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512
Check MACs - A list of MACs which should be first checked for availability. All MACs in this list which are not working will be removed from the mac.s2c and mac.c2s There is no default value.
Check Ciphers - A list of ciphers which should be first checked for availability. All ciphers in this list which are not working will be removed from the ciphers.s2c and ciphers.c2s. The default value is chacha20-poly1305@openssh.com
Check Signatures - A list of signatures which should be first checked for availability. All signatures in this list which are not working will be removed from the Server Host Key. The default value is ssh-ed25519,ssh-ed448
SFTP Custom Configuration
Any key value pairs provided here will override their default configurations in the Jsch library.
Click Add Property and enter the Key name, Value and select Encrypt if you want to encrypt the key. Click the Remove icon if you want to remove the key from the custom configuration.
Test Connection
You can test your connection settings before you use or save the connection in a process. The Test Connection ensures that your specified settings are correct, valid, and accessible. If the test connection is successful, you can save the connection. Otherwise, review and correct any incorrect settings, then test again.
You can only run the Test Connection against containers associated with your account (local runtimes, runtime clusters, and runtime clouds).
