SFTP on Landmark 11.0.x

Looking for any details, gotchas etc on how to get SFTP working from Landmark 11.0.x to vendor SFTP.

I worked with support and together we were unable to get it working, but it sure seems like it should. Anyone using SFTP in IPA's?

Inquiry Tab Placement.docx

Find more posts tagged with

Process Automation (IPA) - General Discussions

Accepted answers

All comments

lrjurgen

We get the following error (scrubbed) when testing the connection with a known good username/password (tested in FileZilla):

Error for 'Test Connection'

com.lawson.bpm.eprocessserver.interfaces.LPSException: FileTransfer sftpgun: Login error Auth fail : Server servername.vendor.cloud at [remote node Node:LPA/17x.x.x.x:58771-7236 on host SERVERALIAS] com.lawson.bpm.processflow.utility.SFTPHelper.connectpasswd(SFTPHelper.java:173) at com.lawson.bpm.eprocessserver.grid.TestConnectionsImpl.testFileTransferConnection(TestConnectionsImpl.java:270) at com.lawson.bpm.eprocessserver.grid.IpaProxyImpl.testFileTransferConnection(IpaProxyImpl.java:1049) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.invoke(ProxyServerImpl.java:3255) at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.processRequest(ProxyServerImpl.java:2986) at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.runThread(ProxyServerImpl.java:2909) at com.lawson.grid.util.thread.PooledThread.run(PooledThread.java:135) at java.lang.Thread.run(Thread.java:748)

kyle-tucker

We're using it currently and how the key files were created, and the ports associated were gotchas. I believe we had to use OpenSSH to create the key files and we had issues using ports that weren't 22. We are Multitenant and may be on a slightly different version though.

We also had to get IP addresses whitelisted on both sides to get things working.

lrjurgen

Interesting, we have not tried using keys and are definitely using non-standard ports...

russel-cornelson

Good afternoon Lance,
Do you have an open ticket with support still? If so please send me the incident # to russel.cornelson@infor.com

There is a bunch of things that can make these connections fail; invalid port, private key not in openssh format; invalid hostkey; firewall rules preventing connection, incompatible cipher suites/hmacs/etc But those fail with specific error messages. In the log that you added...

You are getting a very specific error message: Login error Auth fail

That is a pretty specific error message...

you got connected to the server so I know its not a port issue, i know its not host key, i know its not firewall, i know its not incompatible cipher suites/etc

That leaves...
Invalid username
Invalid password
Incompatible Authentication Methods
- In SFTP there are a few different authentication methods "publickey / password / keyboard-interactive"
  - note in this case its server side which uses publickey; but from client side that is private key.
- IPA can handle public key and password; its it's current implementation
  - note i have a ticket to have keyboard-interactive added to the product so it would work in the future.

The single most likely cause of a "Login error Auth fail" coming from IPA when the same credentials work on FileZilla is that the SFTP server you are attempting to connect to supports "publickey and keyboard-interactive" but not password. That means in the current release of Infor Process Automation the only work around available to you is to connect with "username and privatekey"

If you have never setup a user/private key connection this KB should help:
https://support.infor.com/espublic/EN/AnswerLinkDotNet/SoHo/Solutions/SoHoViewSolution.aspx?SolutionID=2040849&kb_accessed_from=KBViews

ADDITIONAL NOTES
- I do have a jar file that I created that is a SFTP test jar that uses a similar implementation of SSH/SFTP that we use in IPA; except it includes debug logging of the connection. That debug log returns the authentication methods that the server are expecting and what the preferred method is for the SFTP client as well as a bunch of other information. But this site won't let me upload an executable jar.

lrjurgen

Hello Russel,

The incident was 16740839 but it is closed (unresolved).

Looking back on my incident, it was way back in September, I worked with Jason Vance. I forgot that we had used the jar file you mentioned, and he determined it was in fact interactive authentication. It sounds like there is an enhancement request, but there was no date on it yet as of the ticket. Sounds like maybe I'm stuck for the time being?

Event Log Notes: The enhancement request exists but we don't have an expected date when this will be resolved at this time.

Meeting Summary: Using the stj.jar attached we were able to determine the Sftp server is using keyboard-interactive authentication which will not work using IPA.

russel-cornelson

Yeah, keyboard interactive ... set up privatekey authentication. Does the SFTP vendor you are connecting to support username/key to authenticate?

If not; and you just have 1 vendor to send a file to I can give you a workaround that you could leverage from ST or On-Premise.

lrjurgen

Unfortunately it is difficult to get details from this vendor and their setup is all or nothing from what they have told us. We are on-premise, I am all ears for any workarounds that I can use from IPA. We're using MoveIT for now but relying on external resources (and timing) can be an uncontrolled break point in processes that rely on getting data from external sources and I'd like to remove those if possible.

Copyright © 2025 Infor. All rights reserved.