IBM BPM, V8.0.1, All platforms > Authoring services in Integration Designer > Services and service-related functions > Access external services with adapters > Configure and using adapters > IBM WebSphere Adapters > FTP > Plan for adapter implementation > Security > Support for SFTP protocol
Server verification
Server verification is a method where the client verifies the identity of the server before establishing the connection.
The adapter performs the server verification when the SFTP protocol is enabled. The adapter checks the SFTP server that it is trying to establish a connection with to see whether it is a trusted server or not.
Server verification requires a host key file as the input. The host key file must be available on the adapter workstation with the host keys of the trusted servers added to it. The entries in the host key file have to adhere to OpenSSH format of the KNOWN_HOSTS file.
The adapter verifies the server by comparing the host key presented by the server with the host keys present in the host key file. The adapter connects to the server only if the host key of the server is available in the host key file. If the host key of a trusted server is different from the one that is present in the host key file, then the host key entry in the host key file has to be modified to reflect the new entry.
While configuring the adapter to work with an SFTP server running on a non-standard port (other than port number 22), the host key must be in the following format in the host key file.
[Hostname]:Portnumber hostkeyentry
The following is an example of host key when a non-standard port is used.
[9.186.116.151]:2022 ssh-rsa AAAB3NzaC1yc2EAAAABIwAAAIEA2mRkaED9+e2WtJ/ ECkVTpT8Lg9MKutmPqNAXOr7u5SOIjEry984mG4v79f6VkvjYS2PApwHvUSqxWm761CzsgV+8fs/ yDpYfLPXoHskF9Hp5RknWXpIC9BfzM+mov0BA/VCFBr2d77ELEeVANQT5zNfDiOCOnT0BT2MpcvcgYKc=If the server is not trusted (the host key is not present in the host key file), the adapter does not connect to the server, and the connection request fails, indicating that a connection was attempted to a non-trusted server and connection cannot be established due to security reasons.
If you want to provide both the host name and the IP address, specify them, separating them with a comma, in the host key entry.
Next topic: Public key authentication
Related tasks: