cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
MicahBrewer123
Regular Visitor

SFTP - SSH (BadGateway) Error

Hello. 

 

I have a very simple flow but I'm getting a badgateway error. 

 

Flow

  1. Get an Email Attachment from the specified shared mailbox.
  2. Save email to SFTP.

MicahBrewer123_0-1658426251620.png

The error I'm getting is not helpful, so perhaps there is some way to view a more detailed error.

MicahBrewer123_1-1658426321849.png

So here's the background. The SFTP I'm trying to hit is a customer-owned SFTP. They recently updated their public IP, but I'm not using the IP, I'm using DNS, so I don't think that would impact me. 

 

I can hook this same process to another SFTP server and it runs successfully within one sec of receiving the email. That said, I think it is an issue on the SFTP side of things but don't have enough info to tell them what the issue is. I can hit their SFTP with Filezilla and WinSCP. I've tried to use the new IP with no success. 

 

Any thoughts on what the issue might be but possibly easier to answer, any direction on finding more detail on the actual error?

 

Thanks all!

5 REPLIES 5
PhilipTreacy
Resolver I
Resolver I

Hi @MicahBrewer123 

 

I'm not entirely clear on whether you've successfully used their new IP address to access their SFTP. I'm assuming you are accessing this SFTP server from the public side of their network?

 

You said that:

 

I can hit their SFTP with Filezilla and WinSCP.  What IP address did you use?

 

I've tried to use the new IP with no success. Using what program?  The flow? You just said you could hit their SFTP using FileZilla and WinSCP.

 

Have you confirmed that DNS returns the correct, new IP address?

 

A bad gateway error can be misleading sometimes.  But it usually indicates an invalid response was received by a server you were communicating with.  Could just be that whatever IP address you are trying to connect to did not respond as PA expected an SFTP server should.

 

regards

 

Phil

 

 

Hi @PhilipTreacy. Thank you for the response!

 

To try to be more clear. I have accessed the SFTP with Filezilla and WinSCP using both the new IP and the DNS, which is returning the new IP when I ping it. That said, when I connect using the IP, I get an unknown server warning (below image from WinSCP.

 

MicahBrewer123_0-1658491537138.png

 

Once I saw this, I thought perhaps the reason PA isn't connecting is because of this warning, so I took the MD5 value and dropped it in the SSH host key finger-print but no change. My SFTP-SHH configuration is below.

 

Name: Client SFTP
Host: ftp2@somehost.com
Username: myusername
Password: j1g**************
SSH Private Key: disabled
SSH Private Key Passphrase: disabled
Port: 22
SSH host key finger-print: bb:60:04:**:**:**:**:**:**:**:**:**:**:**:**:**
Root folder path: /

 

Thanks again for your help!

Micah

After writing this and posting it, I decided (since I don't know all that much about host key finger-prints, to change from the MD5 value to the SHA-256 (DCjoM***) value. Also no luck. Do I need to somehow "declare" the "ssh-rsa 2048" algorithm in PA? Something like "ssh-rsa 2048 DCjoM*****"?

 

I'm just guessing at this point. Thanks.

PhilipTreacy
Resolver I
Resolver I

Hi @MicahBrewer123 

 

The warning about the unknown server just means that it thinks it has never connected to that server before, and hasn't stored the server's host key in its cache.  This is a normal message to get if you've never connected to a server before, or stored its host key.

 

You can Disable SSH host key validation if you are sure you know what server you are connecting to.

 

In your screen shot you have SSH Private Key and SSH Private key Passphrase marked as disabled.  Shouldn't these be enabled if you are using SSH?  Otherwise you are just using normal non-encrypted FTP?

 

Have you got the server's Private Key and Passphrase?

 

Regards

 

Phil

 

 

Since SSH Private Key and SSH Private key Passphrase are not marked as required, my assumption was that they are not required. Perhaps the ability to only use username and password is the reason the deprecated SFTP connection was deprecated, because I can use this in the same way.  That said, I'm able to connect to other SFTPs only using u/p. I can try getting SSH info from server host and see if that helps.

 

I would love for this to be a simple 'lack of knowledge' issue on my part.

 

Thanks,

Micah

Helpful resources

Announcements
Register for a Free Workshop.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (1,824)