Accepting requests via SSH2 on the Layer 7 Gateway
search cancel

Accepting requests via SSH2 on the Layer 7 Gateway

book

Article ID: 42895

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Solution

Background

Support for the SSH File Transfer Protocol?for inbound and outbound message processing was introduced in version 6.1.5 of the Layer 7 Gateway. This allows the Gateway to accept connections via SSH2?and accept files per the SSH File Transfer Protocol. It also allows the Gateway to connect to a remote server accepting SSH2 connections and forward files as an outbound request message. The latter is outside the scope of this tutorial.

Inbound Implementation

Accepting requests over any protocol requires a new Listen Port. As of version 6.1.5, SSH2 is an acceptable value for the?Protocol?field of the Listen Port properties dialog. An example dialog is show below:

<Please see attached file for image>

A screen capture displaying the listen port properties within the Layer 7 Policy Manager.

Ensure that a valid Port number is set and that the listen port is?Enabled. An operator or administrator can also specify optional settings via the?Other Settings?that enforce certain requirements on the open listen port. For example: A port can be configured to allow Secure Copy?but not SFTP. They are separate implementations of SSH2 and the port can be restricted to one, the other or both. Each of these implementations have a specific set of commands that can be enabled or disabled as required by the administrator or operator. An example of these settings is displayed below:

<Please see attached file for image>

A screen capture displaying the Other Settings tab of the SSH2 listen port properties dialog.

Specific settings for inbound timeouts and concurrency limitations are settable in this dialog. The inbound listen port can also be configured to use a specific RSA private key that is separate from the default Gateway SSL key. For more information on this process, please consult the Layer 7 Policy Manager User Manual for the section titled "Stored Password Properties."

Finally, there are other advanced settings that can be used to further restrict access over the listen port. The?Advanced tab allows an administrator to specify a maximum message size or to bind the port to a specific published service. It is recommended--although not required--to bind the port to a particular service as this allows a client application to connect to the Gateway via SSH2 over a specific port and access a particular service without additional work. If multiple services need to support inbound SSH2 then it is recommended that additional listen ports be created. These settings are illustrated below:

<Please see attached file for image>

A screen capture display the Advanced tab of the Listen Port properties dialog

Once this is complete, the port specified will be initialized and accessible from remote hosts. Requests to this port will be resolved per the configuration (either through service resolution or to a particular service if resolution is bypassed). A service policy can be c onfigured in any manner to handle this request.

Attachments:

Environment

Release:
Component: APIGTW

Attachments

1558722805672000042895_sktwi1f5rjvs16wlx.jpeg get_app
1558722803805000042895_sktwi1f5rjvs16wlw.jpeg get_app
1558722801928000042895_sktwi1f5rjvs16wlv.jpeg get_app
1558534547869TEC0000001050.zip get_app
Powered by Wolken Software