EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP hangs

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#16166
Posted: 04/01/2011 10:44:35
by Phil Kay (Standard support level)
Joined: 02/13/2009
Posts: 4

I have an SFTP Upload Task in SSIS. This was working for some time, now the vendor is asking us to use a key when we send the data that we previously did not have to do.

In the SFTP connection manager I have changed my port from 10022 to 10021, set the Authentication to Both, set the path to the private key and changed the host address to a new host.

When I hit Test Connection the application stops responding and I eventually kill Visual Studio using task manager.

When I try to debug the package it hangs on opening the connection. Below is what shows in the output window.
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Starting SFTP Upload Task
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Using SecureBlackbox.NET library 7.0.0.155
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Setting BizCrypto license key
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: BizCrypto.SqlServer2008.Addons: Could not load file or assembly 'BizCrypto.SqlServer2008.Addons, Version=7.0.0.155, Culture=neutral, PublicKeyToken=5a62fa96d0ac431a' or one of its dependencies. The system cannot find the file specified.
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Loading private key
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Private key successfully loaded
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Failed to load key, error 3330.
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Loading trusted keys
Information: 0x0 at BizCrypto SFTP Upload Task, SFTP Upload Task: Opening connection
#16167
Posted: 04/01/2011 11:50:37
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

The log shows that an error occurs during private key processing. Error 3330 is usually returned if the supplied file does not contain a valid private key. So the first thing to check is to ensure that you are specifying a correct path to a private key (it must be private key, not a public one). It might also make sense to check that key password (if any) is assigned to the SSHPrivateKeyPassword property.

Besides, the log shows that the version you are using is a little outdated. Please upgrade to the latest BizCrypto version (7.2.173) to get improved performance and compatibility.
#16168
Posted: 04/01/2011 12:54:45
by Phil Kay (Standard support level)
Joined: 02/13/2009
Posts: 4

It is a .pfx key (I believe this is a private and not a public key from the extension).

I can double click on the key file which brings up an import key wizard. It prompts for the password and imports successfully so I beleive the password is correct. I have reentered the password in the SFTP connection manager a couple times to make sure I didn't type it wrong on accident.

I also upgraded to version 7.2.0.171.

I am still getting the same 3330 error. Any other ideas on what would cause the key not to load?

thanks
#16169
Posted: 04/02/2011 05:17:24
by Ken Ivanov (EldoS Corp.)

PFX files usually contain private keys for X.509 certificates (not for SSH keys). Does your SSH/SFTP server require you to authenticate with X.509 certificate instead of an SSH private key?
#16172
Posted: 04/04/2011 09:04:00
by Phil Kay (Standard support level)
Joined: 02/13/2009
Posts: 4

Yes, they want to authenticate using the certificate and a login/password. Is this possible with SFTP or do we need to use a different protocol?

thanks
#16173
Posted: 04/04/2011 09:30:42
by Eugene Mayevski (EldoS Corp.)

In general SSH (the protocol over which SFTP works) supports X.509 authentication using based on several incompatible standards. Due to this incompatibility X.509 is rarely used in SSH/SFTP. If the user wants to authenticate with X.509 certificates, it's likely that they meant FTPS (FTP over SSL/TLS) which is a completely different story.

Given that the port number is 10021, I guess it's a "remapping" of port 21, which is a standard port for FTP and explicit FTP-over-SSL (similar to 10022 to be remapping of standard SSH port 22). So please try using FTPS adapter instead of SFTP.


Sincerely yours
Eugene Mayevski
#16177
Posted: 04/04/2011 16:19:30
by Phil Kay (Standard support level)
Joined: 02/13/2009
Posts: 4

So I switched over to FTPS and it got passed the certificate issues. I got hung up on some 226 error for a while but found turning the "Use SSL Session Resumption" on got everything working.

thanks for all your help with this.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 4542 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!