/n software Connectors for MuleSoft

Questions / Feedback?

SCP Configuration

The connector accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the connector, access to these internal properties is provided through the Other property.

SCP Configuration Settings

FilePermissions:   Specifies the permissions of a file to be set after a successful upload.

This may be set to an octal value representing the permissions of a file to be set after a successful upload. For example:

FilePermissions=0777
Note: When using the SCP connector this must be a 4 digit value. The SFTP connector will accept a 3 digit value.
KeyRenegotiationThreshold:   Sets the threshold for the SSH Key Renegotiation.

This property allows you to specify the threshold, in the number of bytes, for the SSH Key Renegotiation. The default value for this property is set to 1 GB.

Example (for setting the threshold to 500 MB):

SSHComponent.Config("KeyRenegotiationThreshold=524288000")

LogSSHPackets:   If True, detailed SSH packet logging is performed.

This setting can be enabled to assist in debugging. When set to True the connector will include detailed information about the SSH level packets in the log. The default value is False.

RecursiveMode:   If set to true the connector will recursively upload or download files.

When a filemask is specified in LocalFile (sending) or FileMask (receiving) this setting specifies if sub-directories and files are transferred as well. By default this value is False and only files in the specified directory will be transferred. If set to true recursion will be used to transfer all child folders and files.

When sending, LocalFile should contain the path and filemask of a location on disk from which files will be uploaded. For instance "c:\files\*.txt".

When receiving, the ReceivedFilePath message context property is populated and provides the remote path from which the file was downloaded. Note that the server may not always return the expected files depending on the FileMask specified. A value of "*" should always work, however more complex filemask values may not be handled by the server as expected.

ServerResponseWindow:   The time to wait for a server response in milliseconds.

After an operation is complete the server may still return an error. This setting controls the amount of time the connector will wait for an error to be returned. This value is specified in milliseconds. The default value is "20".

SSHAcceptServerHostKeyFingerPrint:   Instructs the connector to accept the server's host key with this fingerprint.

This may be set to a comma-delimited collection of 16-byte MD5 fingerprints that should be accepted as the host's key. You may supply it by HEX encoding the values in the form "0a:1b:2c:3d". Example:

SSHAcceptServerHostKeyFingerprint=0a:1b:2c:3d
SSHEncryptionAlgorithms:   A comma-separated list containing all allowable compression algorithms.

During the SSH handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client.

At least one supported algorithm must appear in this list. The following encryption algorithms are supported by the component:

aes256-cbc256-bit AES encryption in CBC mode
aes192-cbc192-bit AES encryption in CBC mode
aes128-cbc128-bit AES encryption in CBC mode
3des-cbc192-bit (3-key) triple DES encryption in CBC mode
aes256-ctr256-bit AES encryption in CTR mode
aes192-ctr192-bit AES encryption in CTR mode
aes128-ctr128-bit AES encryption in CTR mode
3des-ctr192-bit (3-key) triple DES encryption in CTR mode
cast128-cbcCAST-128 encryption
blowfish-cbcBlowfish encryption
arcfourARC4 encryption
arcfour128128-bit ARC4 encryption
arcfour256256-bit ARC4 encryption
aes256-gcm@openssh.com256-bit AES encryption in GCM mode.
aes128-gcm@openssh.com128-bit AES encryption in GCM mode.

The default value is "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,arcfour256,arcfour128,arcfour,cast128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com".

SSHKeyExchangeAlgorithms:   Specifies the supported key exchange algorithms.

This may be used to specify the list of supported Key Exchange algorithms used during SSH negotiation. The value should contain a comma separated list of algorithms. Supported algorithms are:

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
The default value is: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp384,ecdh-sha2-nistp521.
SSHMacAlgorithms:   Specifies the supported Mac algorithms.

This may be used to specify an alternate list of supported Mac algorithms used during SSH negotiation. This also specifies the order in which the Mac algorithms are preferred. The value should contain a comma separated list of algorithms. Supported algorithms are:

  • hmac-sha1
  • hmac-md5
  • hmac-sha1-96
  • hmac-md5-96
  • hmac-sha2-256
  • hmac-sha2-256-96
  • hmac-sha2-512
  • hmac-sha2-512-96
  • hmac-ripemd160
  • hmac-ripemd160-96
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
The default value is hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-96,hmac-sha2-512-96,hmac-ripemd160-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com.
SSHPublicKeyAlgorithms:   Specifies the supported public key algorithms.

This setting specifies the allowed public key algorithms. This list controls only the public key algorithm used when authenticating to the server. This list has no bearing on the public key algorithms that can be used to authenticate the client. The default value is ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss.

This setting specifies a list of signature algorithms that may be used when authenticating to the server using public key authentication. This applies only when public key authentication is performed by the client.

The setting should be a comma separated list of algorithms ordered by preference. At runtime the connector will evaluate each algorithm in the order specified here. If the algorithm is applicable to the certificate specified in SSHCert it will be used. If the algorithm is not applicable the connector will evaluate the next algorithm. Possible values are:

  • ssh-rsa (default)
  • ssh-dss (default)
  • rsa-sha2-256 (default)
  • rsa-sha2-512 (default)
  • ecdsa-sha2-nistp256 (default - windows only)
  • ecdsa-sha2-nistp384 (default - windows only)
  • ecdsa-sha2-nistp521 (default - windows only)
  • x509v3-sign-rsa
  • x509v3-sign-dss

The default value in Windows is ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519.

Note that ECDSA algorithms are only supported in Windows.

General Configuration Settings

AbsoluteTimeout:   Determines whether timeouts are inactivity timeouts or absolute timeouts.

If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.

LocalHost:   The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

The LocalHost configuration contains the name of the local host as obtained by the Gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the connector initiate connections (or accept in the case of server connectors) only through that interface.

If the connector is connected, the LocalHost configuration shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

TcpNoDelay:   Whether or not to delay when sending packets.

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.

By default, this config is set to false.

UseInternalSecurityAPI:   Tells the connector whether or not to use the system security libraries or an internal implementation.

By default the connector will use the system security libraries to perform cryptographic functions. Setting this to True tells the connector to use the internal implementation instead of using the system's security API.

Copyright (c) 2022 /n software inc. - All rights reserved.
/n software Connectors for MuleSoft - Version 20.0 [Build 8165]