When starting the SSH FTP server for the first time, no users are defined and therefore no access is granted to your server. To initiate creation of SSH FTP users, first activate the preconfigured Local SSH FTP Users local host. See Activating a host from a template. To create a new SSH FTP server login, clone the default "myTradingPartner" or another mailbox. Local SSH FTP user mailboxes can have actions, but unlike remote host/mailbox actions that perform remote host operations, local SSH FTP user actions can only perform local host operations that manipulate files within the user's home directory.
Multiple Local SSH FTP Users local hosts may be created allowing users to be grouped together with the same host properties; however, usernames (that is, Local SSH FTP user mailbox names) will remain unique across all Local SSH FTP Users local hosts.
Configuring local SSH FTP user directories
Configuring access for SSH FTP host users
Use the SSH FTP tab to configure access for SSH FTP host users.
- Acceptable inbound file patterns
- Specify patterns that files must match to be permitted inbound. Patterns can include wildcards and regular expressions. See Using wildcards and regular expressions. If you specify multiple file patterns, separate them with semi-colons (;) or commas (,). Alternatively, enter them on separate lines.
- Users have read-only access
- Restricts SSH FTP users to read-only access of files and directory listings in their home directory. Users with read-only access may only retrieve files or directory listings from their home directory.
- Users can make/remove subdirectories
- Enables SSH FTP users to make and remove subdirectories within their home directory
- Users must connect on a secure port
- Limits users to SSL connections only. When selected, users will able to successfully authenticate only when an FTP/s connection is used.
- IP filter required
- When you select the IP filter required check box, all mailboxes under this host require whitelist IP addresses to be entered. If no whitelist IP addresses are entered for a mailbox, that mailbox is set to not ready. For the mailboxes that have whitelist IP addresses entered, the mailbox user can log in to the mailbox only from the IP addresses configured. If the IP filter required check box is cleared, whitelist IP addresses are not required and the mailbox user can log in from anywhere.
- Password Policy
- Defines the security requirements that will be enforced for all local users. By default, the Password Policy used by all mailbox users is globally defined via the Enforce Password Policy option on the tab. See Other system options.
Field Name |
Description |
---|---|
Acceptable inbound files patterns |
Specified patterns files must match to be permitted inbound. Patterns can include wildcards and regular expressions. See Using wildcards and regular expressions. If you specify multiple file patterns, separate them with semi-colons (;) or commas (,). Alternatively, enter them on separate lines. The following are examples of valid patterns:
|
Users have read-only access |
Restricts SSH FTP users to read-only access of files and directory listings in their home directory. Users with read-only access may only retrieve files or directory listings from their home directory. |
IP filter required |
When you select the IP filter required check box, all mailboxes under this host require whitelist IP addresses to be entered. If no whitelist IP addresses are entered for a mailbox, that mailbox is set to “not ready”. If a mailbox has whitelist IP addresses entered, login to the mailbox is allowed only from the IP addresses configured. If a mailbox does not have any whitelist IP addresses entered, the mailbox user can login from anywhere. If the IP filter required check box is cleared, whitelist IP addresses are not required and mailbox user can log in from anywhere. |
Password Policy |
Defines the security requirements that will be enforced for all local users. By default, the Password Policy used by all mailbox users is globally defined using the Enforce Password Policy option on the Other system options tab. To specify a different set of security restrictions for all mailbox users defined for a particular local user host, select the Override System Level Settings option, select the Enforce Password Policyoption (if not already selected), click Configure, make the desired changes and click Apply. See Enhanced Security for further information on the Password Policy options. To disable Password Policy enforcement for all mailbox users defined for a particular local user host, select the Override System Level Settings option, clear the Enforce Password Policy check box and click Apply. |
Configuring SHH FTP for local SHH FTP mailbox
- Username
- The mailbox alias. This value is used by your trading partner to log in to your FTP server. Specify a value not already in use.
- Password
- The password for the mailbox. This value is used by your trading partner to log in to your FTP server.
- Use Public Key Authentication
- Select the check box to enable public key authentication and specify the name of the file containing the client's authentication certificate (the remote client certificate to be used for authentication). You can click Browse to navigate to and select the file you want to use.
- Use Key From File
- Select the check box to enable use of the client's SSH public key and specify the name of the file containing the key. You can click Browse to navigate to and select the file you want to use.
Note: The file you select could contain multiple keys in the supported formats (RFC 4716 and OpenSSH). A file with multiple keys can contain either RSA or DSA keys of different sizes. The two formats cannot be mixed within a file. Keys must be separated by an
LF
orCRLF
. - LDAP Usergroup
- Select the LDAP Usergroup check box to designate the mailbox as an LDAP user group mailbox and enable the Mailbox LDAP Tab (see Configuring LDAP for Local FTP Mailbox. Many of the other fields on this tab are disabled as are no longer applicable. An LDAP user group mailbox has the following features:
- The mailbox no longer corresponds to a single user, but rather a group of users configured in an external directory server.
- In addition to authenticating usernames and passwords through the external directory server, user home directory paths can also be provided by the directory service, if necessary, by selecting Use LDAP Home Directory. If this option is not selected, and Use Default Root\Username is selected, the VersaLex application dynamically appends the username to the root directory by way of a
%username%
macro variable.
- Unlock
- This button is enabled when the user has too many failed log in attempts. Mouse over the Unlock button to display when the user will be unlocked automatically or you must unlock the user manually. Click Unlock and then click Apply to unlock the user.
- User Home Directory
- Defaults to a username subdirectory under the default root directory defined on the General tab (see Configuring local SSH FTP user directories). To override this path for this user only, clear the Use Default Root\Username check box and click the ... button to change the home directory; or select a custom macro variable from the drop-down list. See Using macro variables Using Macro Variables for a list of the applicable macros (Default Root Directory context).
- Subdirectories
- Click Subdirectories to display the Local User Subdirectories dialog box. This dialog box displays host-level settings (read-only) for the current folder configuration and allows you to specify additional folders at the mailbox level in the
- Pipe Incoming Payload
- Allows for this trading partner to send to your FTP server and redirect, or pipe, the incoming payload out through a different protocol. If the transfer out to the pipe mailbox fails, the transfer into the local mailbox also fails.
- The SSH FTP server supports either public key or password based authentications.
- Password Authentication: Enter the user’s Password. You will be asked to confirm the password when applying (once applied, the displayed length of the masked password will not necessarily represent the actual password length).
- Public Key Authentication using a CA Certificate: Specify the name of the file containing the Client’s Authentication Certificate (the remote client certificate to be used for authentication) by clicking Browse. Find the certificate that matches the one received from your trading partner and click Select.
- Public Key Authentication using a SSH Public Key File: Specify the name of the file containing the Client’s SSH Public Key file by clicking Browse. Find the SSH Public Key file that matches the one received from your trading partner and click Select.
Note: The file selected may contain multiple keys in the supported formats (RFC 4716 and OpenSSH). A file with multiple keys can contain either RSA or DSA keys of different sizes. The two formats cannot be mixed within a file. Keys must be separated by an LF or CRLF.
- To designate the mailbox as an LDAP user group mailbox select the LDAP Usergroup check box. Selecting this check box will enable the Mailbox LDAP tab (see Configuring LDAP for Local HTTP Mailbox) and disable most of the fields above as they are no longer applicable. An LDAP user group mailbox has the following features:
- The mailbox no longer corresponds to a single user, but rather a group of users configured in an external directory server.
- In addition to authenticating usernames and passwords through the external directory server, user home directory paths can also be optionally provided by the directory service by selecting Use LDAP Home Directory. If this option is not selected, and Use Default Root\Username is selected, the VersaLex application will dynamically append the username to the root directory by way of a
%username%
macro variable.
- If the user has too many failed login attempts, then Unlock will be enabled. Holding the mouse over Unlock will display when the user will be unlocked automatically or if it must manually be unlocked. Selecting Unlock and then Apply will unlock the user.
Configuring LDAP for local SSH FTP mailbox
Use the LDAP tab to specify values for this mailbox. The LDAP tab is enabled when you select the LDAP Usergroup check box on the SSH FTP tab.
The values you specify on this tab supersede the values specified on the LDAP Settings or LDAP Server page.
- Override System Settings
- Select the Override System Settings check boxes to enable their related fields.
- Base DN
- The base organizational unit where the users are defined. Contact your directory administrator for the correct Base DN value. (The Base DN value entered here can be overridden in a local user host LDAP mailbox.)
- Search filter
- Optional. Used to limit the amount of information returned from the LDAP server when many users are defined. A more restrictive filter can be specified as a comma separated list. If necessary, contact your directory administrator to determine the appropriate attributes and values. You can override the value entered here in a local user host LDAP mailbox.
- Extend Search Filter
- Used to append rules to the default search system filter. This field is enabled regardless of the status of the Override System Options check boxes.
- List
- Used to display a list of users and their attributes matching the Base DN and Search Filter.
If necessary, Override System Options settings for Base DN and Search Filter (see LDAP server ) in order to match the intended set of users for this mailbox. Or the Extend Search Filter can be used to append rules to the default system search filter.
Use the List button to list the users and their attributes matching the Base DN and Search Filter.
Configuring IP filter for local SSH FTP mailbox
Local SSH FTP mailbox advanced properties
See Setting advanced host properties for information about how to use and set the properties supported in all protocols. Additional available properties specific to Local SSH FTP Users include:
- Email On Check Conditions Met
- Send an email notification after running a CHECK command where the overall conditions of the check are met. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Email On Check Conditions Not Met
- Send an email notification after running a CHECK command where the overall conditions of the check are not met. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Email On Fail
- If an error occurs during a command, email the error condition. See Configuring email or execute based on results.
- Email On Flag
- If a flagged event occurs, email the event. See Configuring email or execute based on results.
- Email On Repetitive Action Failures
- When "Email On Fail" is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times. If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. When the failure is resolved an email alert will be sent.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
- Email On Repetitive Listener Failures
- When "Email On Fail" is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times. If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. If the failure can be associated with a specific host, an email alert will be sent when the failure is resolved. Failure resolution email alerts will not be sent for general Listener failures since it is not possible to determine that these types of failures have been resolved.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
- Email On Successful Copy
- Send an email notification after copying a file using LCOPY. See Configuring email or execute based on results.
- Email On Successful Receive
- Send an email notification after successfully receiving a file. See Configuring email or execute based on results.
- Email On Successful Send
- Send an email notification after successfully sending a file. See Configuring email or execute based on results.
- Execute On Check Conditions Met
- After executing a CHECK command where the overall conditions are met, run a system command. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.Note: Note that if multiple files contribute to the conditions being met, and one of the file macros is in the command (e.g., %file%), the system command will be executed repeatedly - once for each file.
- Execute On Check Conditions Not Met
- After executing a CHECK command where the overall conditions are not met, run a system command. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Execute On Fail
- If an error occurs during a command, run a system command. See Configuring email or execute based on results.
- Execute On Repetitive Action Failures
-
When Execute On Fail is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command. If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after a system restart if the failure occurs again. When the failure is resolved, the Execute On Fail command will be executed again. Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure.
Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts. - Execute On Repetitive Listener Failures
-
When Execute On Fail is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command. If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after every system restart if the failure occurs again. If the failure can be associated with a specific host, the Execute On Fail command will be executed again when the failure is resolved. Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure. Executions of the "Execute On Fail" command for resolution of general Listener failures will not be done since it is not possible to determine that these types of failures have been resolved.
Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts. - Execute On Successful Copy
- After successfully copying a file using LCOPY, run a system command. This command may be used for post-processing the file. See Configuring email or execute based on results.
- Execute On Successful Receive
- After successfully receiving a file, run a system command. This command may be used for post-processing the file. See Configuring email or execute based on results.
- Execute On Successful Send
- After successfully sending a file, run a system command. This command may be used for post-processing the file. See Configuring email or execute based on results.
- Fixed Record EOL Characters
- End-of-line characters to be inserted and/or deleted.
- Fixed Record Incoming Delete EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to look for and delete EOL characters while receiving a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
- Fixed Record Incoming Insert EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while receiving a file.
Fixed Record Incoming Delete EOL and Fixed Record Incoming Insert EOL are mutually exclusive properties.
- Fixed Record Length
- The fixed record length after which end-of-line characters need to be inserted and/or deleted.
- Fixed Record Outgoing Insert EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while sending a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
- High Priority
- Indicates whether incoming and/or outgoing transfers through the mailbox should be treated as high priority. When both high priority and regular priority transfers are active, the high priority transfers get a larger portion of the available bandwidth. Go to
High Priority Transfers Percentage Available Bandwidth
(defaults to 75). See Other system options for more information.
to set the
- Include Failure In Subject Of Email
- When specified, the exception message will be included in the email that is generated on failure.
Note: If the exception message exceeds 256 characters, it will be truncated.
- Interim File Extension
- When applicable, specifies the temporary filename extension that a trading partner's client software uses while transferring a file inbound (e.g. WinSCP .filepart). For the transfer logging feature, the VersaLex application will set the transfer status to Interim Success rather than Success when a transfer with a temporary filename extension is finished. Then, when the trading partner client software renames the file using SFTP to strip off the temporary filename extension, the VersaLex application will insert an additional Success entry into the transfer log with the resulting filename, thus marking the transfer as complete. The dot preceding the extension can be included in the configured value, but it is not required. If multiple temporary filename extensions are used, they can be separated by commas or semicolons.
- LCOPY Archive
- If specified, contains the directory for archiving LCOPY source files.
- Log Individual LCOPY Results To Transfer Logging
- When this option is enabled, a
<send>
and<receive>
result is logged to the transfer log for each file copied.Note: This is a Cleo Harmony and Cleo VLTrader option. - Macro Date Format
- Specifies the date format to be used when the
%date%
macro is used. - Macro Time Format
- Specifies the time format to be used when the
%time%
macro is used. - Maximum Concurrent FTP Logins
- The total number of logins allowed at any one time for this user. With the default value of 0, the number of concurrent connections per user will be limited by the Maximum Concurrent FTP Logins Per User setting. A value other than zero will override the Maximum Concurrent FTP Logins Per User setting for this user. See Specifying Local Listener advanced properties
- Maximum Incoming Transfer Rate (kbytes/s)
- Sets the maximum incoming transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of
0
does not limit the transfer rate. The Maximum Incoming Transfer Rate system setting might also limit the transfer rates. The system Maximum Incoming Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers also affects individual transfer rates. See Advanced system options. - Maximum Outgoing Transfer Rate (kbytes/s)
- Sets the maximum outgoing transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of
0
does not limit the transfer rate. The system setting might also limit the transfer rates. The system Maximum Outgoing Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers will also affect individual transfer rates. See Advanced system options for more information about Maximum Outgoing Transfer Rate. - Outbox Sort
- Controls the order in which multiple files are transferred for a PUT command. If
System Default
is specified, the value set on the tab takes precedence. ForAlphabetical
ordering, the file extensions are not used to determine the sorted order unless they are needed to make the filenames unique. - PGP Compression Algorithm
- Compression method used when OpenPGP packaging (with compression) is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. If
System Default
is specified, the value set on the tab is in effect. - PGP Encryption Algorithm
- Encryption method used when OpenPGP packaging (with encryption) is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. If
System Default
is specified, the value set on the tab takes precedence. - PGP Hash Algorithm
- Signing method used when OpenPGP packaging (with signing) is requested through the Configuring mailbox packaging. If
System Default
is specified, the value set on the tab takes precedence. - PGP Integrity Check
- When OpenPGP encrypting (see Configuring mailbox packaging), include an integrity check on encrypted data. Can be disabled for compatibility with certain OpenPGP implementation.
- PGP Signature Verification
- Indicates whether or not signed inbound PGP messages should verified when inbound OpenPGP packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. In general, this property should be enabled.
- PGP V3 Signature
- Unzip Use Path
- Indicates whether or not zip entry paths should be used for LCOPY -UNZIP operations. When enabled, the entry's path is added to the destination path, unless the entry contains an absolute path. In this case, the absolute path is used in place of the destination path.
- Wait For Execute On
- Indicates whether execution should wait for processing to complete within an Execute On Fail, Execute On Successful Copy,Execute On Successful Receive, or Execute On Successful Send command. Note that this option does not apply to native AS400 execution.
- XML Encryption Algorithm
- The method used to encrypt/decrypt files when XML Encryption packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging . If
System Default
is specified, the value set on the tab takes precedence. - Zip Comment
- Specifies the comment to be added to the zip archive file in LCOPY -ZIP operations.
- Zip Compression Level
- Controls the level of compression for LCOPY -ZIP operations. If
System Default
is specified, the value set on the takes precedence - Zip Subdirectories Into Individual Zip Files
- Indicates whether or not subdirectories should be bundled for LCOPY –ZIP –REC operations. When enabled, each first-level subdirectory (and all of its descendents) will be bundled together into an individual zip file. The name of this zip file may optionally reflect the subdirectory name if an asterisk (
*
) is placed in the destination path. Any files that are directly off the source root directory will not be copied.
Local SSH FTP mailbox packaging
See Configuring mailbox packaging for information about payload file packaging.
Local SSH FTP mailbox action commands
The SSH FTP Server does not independently invoke send and receive actions, but rather acts on the actions of the connected client. Default collect and release actions are provided to allow the server to make sent and received files available for processing.
Collect Action
#Initialize inbound file
LDELETE recvfile.edit
#Merge all files received into recvfile.edit
LCOPY -DEL -APE %inbox%/* recvfile.edi
Release Action
#Release all not yet available files
LCOPY -DEL %outbox%/../* %outbox%
See Composing an action and Local command reference for more information.
SSH FTP Server command reference
The SSH FTP Server allows users to log into the VersaLex application and store and retrieve files using standard SSH FTP (Secure Shell File Transfer Protocol) commands. A full description of the SSH FTP commands can be found in the Internet-Draft draft-ietf-secsh-filexfer-02.txt specification.
The following SSH FTP packet types are accepted and processed by the VersaLex FTP server. The id field of each request or response has been omitted in the following descriptions. See SSH FTP file attributes for information about the <ATTRS attrs> parameter used in some of the commands.
Command | Description |
---|---|
Requests from the Client to the SSH FTP Server | |
SSH_FXP_INIT
<uint32 version> <optional extension data> |
Sent by the client when the transfer protocol starts. The client must be capable of supporting version 3 of the SSH FTP protocol. The server responds with a SSH_FXP_VERSION packet. |
SSH_FXP_VERSION
<uint32 version> <optional extension data> |
Response to the SSH_FXP_INIT request. |
SSH_FXP_OPEN
<string filename> <uint32 pflags> <ATTRS attrs> |
Files are opened or created when the client sends this message where filename field specifies the file name. Thepflags field is a bitmask. The bits are defined as follows:
SSH_FXF_READ 0x00000001 SSH_FXF_WRITE 0x00000002 SSH_FXF_APPEND 0x00000004 SSH_FXF_CREAT 0x00000008 SSH_FXF_TRUNC 0x00000010 SSH_FXF_EXCL 0x00000020 These have the following meanings: SSH_FXF_READ - Open the file for reading. SSH_FXF_WRITE - Open the file for writing. If both this and SSH_FXF_READ are specified, the file is opened for both reading and writing. SSH_FXF_APPEND - Force all writes to append data at the end of the file. SSH_FXF_CREAT - If this flag is specified, then a new file will be created if one does not already exist (if O_TRUNC is specified, the new file will be truncated to zero length if it previously exists). SSH_FXF_TRUNC - Forces an existing file with the same name to be truncated to zero length when creating a file by specifying SSH_FXF_CREAT. SSH_FXF_CREAT must also be specified if this flag is used. SSH_FXF_EXCL - Causes the request to fail if the named file already exists. SSH_FXF_CREAT must also be specified if this flag is used. The server response to this message will be either SSH_FXP_HANDLE (if successful) or SSH_FXP_STATUS (if the operation fails). |
SSH_FXP_CLOSE
<string handle> |
A file is closed when the client sends this request. The server response to this request will be a SSH_FXP_STATUSmessage. The handle parameter is a handle previously returned in response to a SSH_FXP_OPEN orSSH_FXP_OPENDIR. |
SSH_FXP_READ
<string handle> <uint64 offset> <uint32 len> |
Once a file has been opened, it can be read using the SSH_FXP_READ message. Only sequential offsets are supported, and repositioning within an open file is not allowed. In response to this request, the server will read as many bytes as it can from the file (up to 'len'), and return them in a SSH_FXP_DATA message. If an error occurs or EOF is encountered before reading any data, the server will respond with SSH_FXP_STATUS. |
SSH_FXP_WRITE
<string handle> <uint64 offset> <uint32 len> <string data> |
When a file has been opened for writing, it can be written using the SSH_FXP_WRITE message. Only sequential offsets are supported and repositioning within an open file is not allowed. The server responds to a write request with a SSH_FXP_STATUS message. |
SSH_FXP_LSTAT
<string path> |
Used to retrieve the attributes for a named file (identified by the 'path') while not following symbolic links. The server responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS. |
SSH_FXP_FSTAT
<string path> |
SSH_FXP_FSTAT returns status information for an open file (identified by the file handle). The server responds to this request with SSH_FXP_ATTRS or SSH_FXP_STATUS. |
SSH_FXP_SETSTAT
<string path> <ATTRS attrs> |
File attributes may be modified using the SSH_FXP_SETSTAT request where path specifies the file system object (for example, file or directory) whose attributes are to be modified, and attrs specifies the modifications to be made to its attributes. The server responds to this request with a SSH_FXP_STATUS message. |
SSH_FXP_FSETSTAT
<string handle> <ATTRS attrs> |
File attributes on an open file may be modified using the SSH_FXP_FSETSTAT request where handle (must be returned by SSH_FXP_OPEN) identifies the file whose attributes are to be modified, and 'attrs' specifies the modifications to be made to its attributes. The server responds to this request with a SSH_FXP_STATUS message. |
SSH_FXP_OPENDIR
<string path> |
The SSH_FXP_OPENDIR opens a directory for reading where path is the path name of the directory to be listed (without any trailing slash). The server will respond to this request with either a SSH_FXP_HANDLE or a SSH_FXP_STATUS message. |
SSH_FXP_READDIR
<string handle> |
Once the directory has been successfully opened, files (and directories) contained in it can be listed usingSSH_FXP_READDIR requests. The server responds to this request with either a SSH_FXP_NAME or a SSH_FXP_STATUS message. |
SSH_FXP_REMOVE
<string filename> |
Files can be removed using the SSH_FXP_REMOVE message where filename is the name of the file to be removed. The Server responds with a SSH_FXP_STATUS message. |
SSH_FXP_MKDIR
<string path> <ATTRS attrs> |
New directories can be created using the SSH_FXP_MKDIR request where path and attrs specify the directory name and attributes. The server will respond to this request with a SSH_FXP_STATUS message. |
SSH_FXP_RMDIR
<string path> |
Directories can be removed using the SSH_FXP_RMDIR request where path specifies the directory to be removed. The server responds to this request with a SSH_FXP_STATUS message. |
SSH_FXP_REALPATH
<string path> |
The SSH_FXP_REALPATH request can be used to have the server canonicalize any given path name to an absolute path. The server will respond with a SSH_FXP_NAME packet containing only one name and a dummy attributes value. The name is the returned packet will be in canonical form. If an error occurs, the server may also respond with SSH_FXP_STATUS. |
SSH_FXP_STAT
<string path> |
Used to retrieve the attributes for a named file identified by the path. SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT follows symbolic links on the server. The server responds to this request with eitherSSH_FXP_ATTRS or SSH_FXP_STATUS. |
SSH_FXP_RENAME
<string oldpath> <string newpath> |
Files (and directories) can be renamed using the SSH_FXP_RENAME message where oldpath is the name of an existing file or directory, and newpath is the new name for the file or directory. The server will respond to this request with a SSH_FXP_STATUS message. |
SSH_FXP_READLINK
<string path> |
The server does not support reading symbolic links. The server will respond with a SSH_FXP_STATUS error message. |
SSH_FXP_SYMLINK
<string linkpath> <string targetpath> |
The server does not support creating symbolic links. The server will respond with a SSH_FXP_STATUS error message. |
Responses from the SSH FTP Server to Client | |
SSH_FXP_VERSION
<uint32 version> <optional extension data> |
Response to the SSH_FXP_INIT request. The server will respond supplying the lowest of its own (3) and the client's version number. |
SSH_FXP_STATUS
<uint32 status> <string error> <string language> |
SSH_FXP_STATUS response is returned by the server in response to a client request where status indicates the result of the requested operation. The value SSH_FX_OK indicates success, and all other values indicate failure.
SSH_FX_OK -Indicates successful completion of the operation. SSH_FX_EOF - indicates end-of-file condition; for SSH_FX_READ it means that no more data is available in the file, and for SSH_FX_READDIR it indicates that no more files are contained in the directory. SSH_FX_NO_SUCH_FILE - is returned when a reference is made to a file that should exist but does not. SSH_FX_PERMISSION_DENIED - is returned when the authenticated user does not have sufficient permissions to perform the operation. SSH_FX_FAILURE - is a generic catch-all error message; it should be returned if an error occurs for which there is no more specific error code defined. SSH_FX_BAD_MESSAGE - may be returned if a badly formatted packet or protocol incompatibility is detected. SSH_FX_NO_CONNECTION - is a pseudo-error that indicates the client has no connection to the server (it can only be generated locally by the client, and must not be returned by servers). SSH_FX_CONNECTION_LOST - is a pseudo-error that indicates the connection to the server has been lost (it can only be generated locally by the client, and must not be returned by servers). SSH_FX_OP_UNSUPPORTED - indicates that an attempt was made to perform an operation not supported for the server (it could be generated locally by the client if, for example, the version number exchange indicates that a required feature is not supported by the server, or it may be returned by the server if the server does not implement an operation). |
SSH_FXP_HANDLE
<string handle> |
SSH_FXP_HANDLE is the server response to an SSH_FXP_OPEN or SSH_FXP_OPENDIR where handle is an arbitrary string that identifies an open file or directory on the server. The handle is opaque to the client; the client must notattempt to interpret or modify it in any way. |
SSH_FXP_DATA
<string data> |
SSH_FXP_DATA is the server response to an SSH_FXP_READ where data is an arbitrary byte string containing the requested data. The data string may be at most the number of bytes requested in a SSH_FXP_READ request, but may also be shorter if end of file is reached or if the read is from something other than a regular file. |
SSH_FXP_NAME
<uint32 count> repeats count times: <string filename> <string longname> <ATTRS attrs> |
count is the number of names returned in this response, and the remaining fields repeat count times (so that all three fields are first included for the first file, then for the second file, and so on). In the repeated SSH_FXP_ NAMEis the server response to either a SSH_FXP_READDIR or SSH_FXP_REALPATH message where filename is a file name being returned (for SSH_FXP_READDIR, it will be a relative name within the directory, without any path components; for SSH_FXP_REALPATH it will be an absolute path name), longname is an expanded format for the file name, similar to what is returned by ls -l on Unix systems. |
SSH_FXP_ATTRS
<ATTRS attrs> |
SSH_FXP_ATTRS is the server response for returning file attributes. |
VersaLex also supports HTTP PUT, GET, and DELETE methods for sending payload, receiving directory listings and payload, and deleting payload respectively, but the POST methods are recommended. Following are captures of example HTTP requests and responses demonstrating the above methods. While the examples below only show parameters on the POST line, VersaLex does accept requests using the application/x-www-form-urlencoded
and multipart/form-data
Content-types.
Client initial connect request without authorization
POST /server?request=connect HTTP/1.1
Host: test.cleo.com:5080
Connection: Keep-Alive, TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Content-length: 0
VersaLex response (unauthorized; both basic and digest Authentication is enabled)
HTTP/1.1 401 Unauthorized
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:04:13 GMT
WWW-Authenticate: Basic realm="Cleo VLTrader"
WWW-Authenticate: Digest realm="Cleo VLTrader",domain="/server",qop="auth",nonce="0qenmpn44",opaque="4b4c37373332"
Connection: close
Content-Type: text/html
Content-Length: 80
<html><head><title> Unauthorized</title></head><body> Unauthorized</body></html>
Client connect request with digest authorization
POST /server?request=connect HTTP/1.1
Host: test.cleo.com:5080
Connection: TE
TE: trailers, deflate, gzip, compressUser-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Authorization: Digest realm="Cleo VLTrader",username="cleo",uri="/server%3Frequest=connect",nonce="0qenmpn44",response="b4f7542bdedce937de6aa93078fcdf17",opaque="4b4c37373332",cnonce="f5f20437b69ca661e4aedfedb54f5c32",qop="auth",nc="00000001"
Content-length: 0
VersaLex response (authentication successful)
HTTP/1.1 200 OK
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:04:18 GMT
Content-Length: 0
Set-cookie: jSessionId=3513ld61kg8bt; path=/
Connection: keep-alive
Client send (upload) request
POST /server?request=send&directory=inbox%2F HTTP/1.1
Host: test.cleo.com:5080
Connection: TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Cookie: jSessionId=3513ld61kg8bt
Cookie2: $Version="1"
Authorization: Digest realm="Cleo VLTrader",username="cleo",uri=...
Content-type: application/octet-stream; name="test.edi"
Content-length: 1533
...payload...
VersaLex response (send successful)
HTTP/1.1 200 OK
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:19:59 GMT
Content-Type: text/html
Content-Length: 84
Connection: keep-alive
<html><head><title>OK</title></head><body>File successfully uploaded.</body></html>
Client list request
POST /server?request=list&directory=outbox%2Fpayload%2F HTTP/1.1
Host: test.cleo.com:5080
Connection: TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Cookie: jSessionId=3513ld61kg8bt
Cookie2: $Version="1"
Authorization: Digest realm="Cleo VLTrader",username="cleo",uri=...
Content-length: 0
VersaLex response (listing successful)
HTTP/1.1 200 OK
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:04:18 GMT
Content-Type: text/html
Content-Length: 402
Connection: keep-alive
<head><title>'cleo' mailbox</title></head><body><pre><H2>Download</H2>Server directory: outbox/payload/<hr>
2007/05/03 08:43:17 1.497kB <A HREF="/server/outbox/payload/test.edi" >test.edi</A><br>
2007/05/22 08:32:46 4.491kB <A HREF="/server/outbox/payload/test2.edi" >test2.edi</A><br>
2007/05/22 08:33:28 28.444kB <A HREF="/server/outbox/payload/test3.edi" >test3.edi</A><br><hr></pre></body>
Client receive (download) request
POST /server?request=receive&directory=outbox%2Fpayload&filename=test.edi HTTP/1.1
Host: test.cleo.com:5080
Connection: TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Cookie: jSessionId=3513ld61kg8bt
Cookie2: $Version="1"
Authorization: Digest realm="Cleo VLTrader",username="cleo",uri=...
Content-length: 0
VersaLex response (receive successful)
HTTP/1.1 200 OK
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:25:57 GMT
Content-Description: test.edi
Content-Disposition: attachment; filename="test.edi"
Transfer-Encoding: chunked
Content-Type: application/edi-x12; name="test.edi"
Connection: keep-alive
...chunked payload...
Client delete request
POST /server?request=delete&directory=outbox%2Fpayload&filename=test.edi HTTP/1.1
Host: test.cleo.com:5080
Connection: TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3I (Windows XP)
Cookie: jSessionId=3513ld61kg8bt
Cookie2: $Version="1"
Authorization: Digest realm="Cleo VLTrader",username="cleo",uri=...
Content-length: 0
VersaLex response (delete successful)
HTTP/1.1 200 OK
Server: Cleo VLTrader/3.5 (Windows 2000)
Date: Tue, 22 May 2007 17:25:58 GMT
Content-Length: 0
Connection: keep-alive
A web browser can also be used by a trading partner to manually trade with VerasLex's HTTP server. A trading partner would use the VersaLex address and HTTP server resource path to start, for example, https://test.cleo.com:6080/server:
After logging in, a simple web page is displayed to allow uploading and downloading of files.
SSH FTP file attributes
The same encoding is used both when sending and returning file attributes from the server. When sending it to the server, the flags field specifies which attributes are included, and the server will use default values for the remaining attributes or will not modify the values of remaining attributes. When receiving attributes from the server, the flags specify which attributes are included in the returned data. The server normally returns all attributes known to it.
uint32 | flags | |
uint64 | size | present only if flag SSH_FILEXFER_ATTR_SIZE |
uint32 | uid | present only if flag SSH_FILEXFER_ATTR_UIDGID |
uint32 | gid | present only if flag SSH_FILEXFER_ATTR_UIDGID |
uint32 | permissions | present only if flag SSH_FILEXFER_ATTR_PERMISSIONS |
uint32 | atime | present only if flag SSH_FILEXFER_ACMODTIME |
uint32 | mtime | present only if flag SSH_FILEXFER_ACMODTIME |
uint32 | extended_count | present only if flag SSH_FILEXFER_ATTR_EXTENDED |
string | extended_type | |
string | extended_data | ...more extended data (extended_type - extended_data pairs), so that number of pairs equals extended_count |
- Flags specify which of the fields are present. Those fields for which the corresponding flag is not set are not present and not included in the packet.
- The size field specifies the size of the file in bytes.
- The uid and gid fields contain numeric Unix-like user and group identifiers, respectively. The server only supports these fields on Unix systems.
- The permissions field contains a bit mask of file permissions as defined by posix. For non-Unix systems only the owner permissions are supported by the server.
- The atime and mtime contain the access and modification times of the files, respectively. They are represented as seconds from Jan 1, 1970 in UTC.
- The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension mechanism for vendor-specific extensions. This flag is not used by the server.
The flags bits are defined to have the following values:
SSH_FILEXFER_ATTR_SIZE | 0x00000001 |
SSH_FILEXFER_ATTR_UIDGID | 0x00000002 |
SSH_FILEXFER_ATTR_PERMISSIONS | 0x00000004 |
SSH_FILEXFER_ATTR_ACMODTIME | 0x00000008 |
SSH_FILEXFER_ATTR_EXTENDED | 0x80000000 |
Comments
0 comments
Please sign in to leave a comment.