Layer7 API Management

Expand all | Collapse all

configuring two factor authentication SFTP

Jump to Best Answer
  • 1.  configuring two factor authentication SFTP

    Posted 04-19-2017 06:21 AM

    I have been asked to setup an SFTP connection to our supplier trough the api gateway.


    I managed to make  a listen port (SSH 2) and associated the port with an published policy.


    The policy is configured to route the ssh request to the supplier external host. It got the following assertions:

    • Configure Message Routing
    • Require SSH Credentials
    • Route via SFTP
      • Authentication: "Pass through username and password credentials in request".


    The connection seemed to work well during testing with username and password or username and private key for authentication. Now our supplier wants us to  user username, password and private key (two factor authentication) tot take it into production. It seems that I'm not able to make it work with a two factor authentication.


    When ever I try to make the connection, the following message is given in the audit logs "No user name found for passing through to SSH server". Its like the api gateway drops the username when using private key and password.


    Does anyone has an idea how to make it work. If not. Is it possible to just use the raw TCP assertion to route the sftp messages?


    I created a new listen port (RAW TCP) and associated it with  an policy containing the Route via RAW tcp.  This time when I try to connect with  the sftp client it wont even connect. Not seeing anything in the logs.

  • 2.  Re: configuring two factor authentication SFTP
    Best Answer

    Posted 04-21-2017 03:45 AM

    HI pedro-sittard-geleen ,


    I suggest a new case be open with CA support as it does not seems like an easy way to do it.



    Seenu mathew