Skip to main content
Delphix

KBA1803 - Testing FTP and SFTP Masking Connectors

 

At a Glance  

Applicable to: Applicable to File Masking using (S)FTP Connection in all Delphix Masking versions.
This document is based on 5.3.2.0.
Errors: * Connection refused.
* Invalid Hostname.
* Invalid Port.
* Incorrect Credentials.
* Invalid Folder.
* File Access Permission.
Tools: * Masking Engine (investigation of logs).
* Command Line FTP and SFTP Clients.
Protocols
and supported
by Delphix: 
FTP  * Supported by all platforms.
* Security issues.
SFTP * SSH FTP (supported by Masking Engine and Unix-Like OSs).
* Windows requires special 3rd party SFTP server.
FTPS * FTP over SSL (supported by Windows IIS).
* Not supported by Masking Engine.
FTP over SSH * Not supported by Masking Engine.
Simple FTP * Not supported by Masking Engine.

Issue - Connection Error

When testing the connection in the Connector popup in the GUI there are two responses: 

  • Success - Connection Succeeded!
    • If you still have issues if this test is successful, please look at File Access below. 
  • Error - Connection Failed. Please check Connection Parameters. 
    • This page is for you!

Masking UI - File Connector Test.png

Troubleshooting

Investigating - using the logs

Troubleshooting using the GUI means that we need to access the logs to investigate the issue. 

To access the logs go to: Admin and Logs - the most recent logs are at the bottom so scroll down to access them. Alternatively, select Export to export them to a text file.

 

NOTE: The logs will have the stack trace with quite a few 'at...such.and.such' - ignore these, those are for code debugging. 

Masking UI - Admin Logs.png

Troubleshooting - using (s)ftp client 

It might be better to test the (s)ftp connection outside the masking engine. One benefit with this method is that it will enable you to look at the connection details on the screen and test them at the same time.

The standard steps for testing a connection are described below: 

Steps:
  1. Check if host is reachable
    • Ping server with the FTP service.
    • Detail needed: [hostname]
  2. Check connection and authentication.
    • Connect to the FTP service using FTP client
    • Details needed: [hostname], [user], and [password]
  3. Check that the folder with the files to mask is accessible.
    • CD to the folder with the files.
    • Detail needed: [folder
  4. Check that files can be read.
    • Get a file from the ftp server.
    • Detail needed: [file] (a small test file)
  5. Check that files can be written. 
    • Put a file to the ftp server.
    • Detail needed: [file] (a small test file)
  6. Quit

Below are connection examples using the command line program called 'sftp' on macOS and ftp' on Windows.

Command line: sftp (Mac)
Ref Example command
1

2



3

4


5


6
$ ping [hostname]

$ sftp [user]@[hostname] 22
Password:[password]
Connected to [hostname].

sftp> cd [folder]

sftp> get [file]
Fetching [foler]/[file] to [file]

sftp> put [file]​
Uploading [file] to [folder]

sftp> quit

 

Command line: ftp (Windows)
Ref Example command
1

2







3


4





5





6
C:\> ping [hostname]

C:\> ftp [hostname]
Connected to [hostname].
220 (vsFTPd 3.0.3)
User ([hostname]:(none)): [user]
331 Please specify the password.
Password: [password]
230 Login successful.

ftp> cd [folder]
250 Directory successfully changed.

ftp> get [file]
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for [file] (8 bytes).
226 Transfer complete.
ftp: 8 bytes received in ...

ftp> put [file]
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp: 8 bytes sent in ...

ftp> quit

Error strings in logs and tests

Detailed below are errors from failed connections and is used as examples to assist with troubleshooting - check the error message in the logs or the ftp client and search for it below. 

Note: These errors have been generated by creating as similar connections as possible. There are differences in the return code/message due to type of protocol and type of connection. 

Connection refused/closed

The service is not accepting connection. 

Cause and resolution 

The FTP/SFTP service is not correctly configured, available or enabled. This error is seen when a connection is made to a server that does not have this service (for example connecting SFTP to a Windows box without 3rd party software installed). 

Masking Engine Logs

Trying to access incorrectly configured (disabled) service. 

2018... ERROR common.utils.VFSUtility - Error ::
...FileSystemException: Could not connect to SFTP server at "sftp://[hostname]/".
...
Caused by: ...FileSystemException: Could not connect to SFTP server at "[hostname]".
...
Caused by: ...JSchException: Auth fail

Trying to access a host which does not have ssh installed. 

2018... ERROR common.utils.VFSUtility - Error ::
...FileSystemException: Could not connect to SFTP server at "sftp://[hostname]/".
Caused by: ...FileSystemException: Could not connect to SFTP server at "[hostname]".
...
Caused by: ...JSchException: java.net.ConnectException: Connection refused (Connection refused)
...
Caused by: ...ConnectException: Connection refused (Connection refused)
Command line: sftp (Mac)

Trying to access incorrectly configured (disabled) service. 

$ sftp user@hostname
subsystem request failed on channel 0
Connection closed

Trying to access a host which does not have ssh installed. 

$ sftp user@hostname
ssh: connect to host [hostname] port 22: Connection refused
Connection closed
Command line: ftp (Windows)

Trying to access an incorrectly configured FTP service. 

C:\>ftp hostname
> ftp: connect :Connection refused

Parameter: Invalid Hostname

When the server name (hostname) is incorrect the following error messages will be returned. 

Masking Engine Logs

Logs when the hostname is invalid.

2018... INFO, .sftp.SftpClientFactory - Connecting to inval_host port 22
2018... ERROR common.utils.VFSUtility - Error ::
...FileSystemException: Could not connect to SFTP server at "sftp://inval_host:22/".
...
Caused by: ...FileSystemException: Could not connect to SFTP server at "inval_host".
...
Caused by: ...JSchException: java.net.UnknownHostException: inval_host
Command line: sftp (Mac)

Trying to access an invalid host (inval_host).

$ sftp -P 22 user@inval_host
ssh: Could not resolve hostname inval_host: nodename nor servname provided, or not known
Connection closed
Command line: ftp (Windows)

Trying to access an invalid host (inval_host).

C:\>ftp inval_host
Unknown host inval_host.
ftp>

Parameter: Invalid Port

If the port number is incorrect the following error messages are seen.

Masking Engine Logs

Connection using an incorrect port number (here 222).

2018... INFO, .sftp.SftpClientFactory - Connecting to hostname port 222
2018... ERROR common.utils.VFSUtility - Error ::
...FileSystemException: Could not connect to SFTP server at "sftp://hostname:222/".
...
Caused by: ...FileSystemException: Could not connect to SFTP server at "hostname".
...
Caused by: ...JSchException: java.net.ConnectException: Connection refused (Connection refused)
Command line: sftp (Mac)

Connection using an incorrect port number (here 222).

$ sftp -P 222 user@hostname
ssh: connect to host hostname port 222: Connection refused
Connection closed

Parameter: Incorrect Credentials

If the ftp username or password is incorrect the follow error messages are seen.

Masking Engine Logs

Connection established but username/password failed. 

2018... INFO, common.utils.VFSUtility - User wrong_user, Mode sftp: Testing on hostname:22//tmp
2018... INFO, .sftp.SftpClientFactory - Connecting to hostname port 22
2018... INFO, .sftp.SftpClientFactory - Connection established
...

2018... ERROR common.utils.VFSUtility - Error ::
...FileSystemException: Could not connect to SFTP server at "sftp://hostname/".
...
Caused by: ...FileSystemException: Could not connect to SFTP server at "hostname".
...
Caused by: ...JSchException: Auth fail
Command line: sftp (Mac)

Connection established but failed due to incorrect username/password. 

$ sftp wrong_user@hostname:22
wrong_user@hostname's password: wrong_password
Permission denied, please try again.
Command line: ftp (Windows)

Connection established. The authentication failed due to incorrect username/password. 

...
User (hostname:(none)): wrong_user
331 Please specify the password.
Password: wrong_password
530 Login incorrect.
Login failed.

Parameter: Invalid Folder

If the folder where the files to be masked are stored is incorrect then the following error messages are shown.

Masking Engine Logs

This is a special case - when this happens there are no errors thrown in the logs on the Masking Engine. The only error is that the connection test in the GUI is just not successful.

2018... INFO, common.utils.VFSUtility - User user, Mode sftp: Testing on hostname:22//wrong_folder
...
2018... INFO, .sftp.SftpClientFactory - Disconnecting from hostname port 22
Command line: sftp (Mac)

The cd to the 'wrong_folder' is returning an error. 

sftp> cd /wrong_folder
Couldn't stat remote file: No such file or directory
Command line: ftp (Windows)

The cd to the 'wrong_folder' is returning an error. 

ftp> cd /wrong_folder
550 Failed to change directory.

Extended tests: File Access

These tests are additional tests that can be done using the ftp client. The two tests are: 

  • get file
  • put file

Note: There are only error details from FTP and SFTP connection below since these two tests are not tested when testing the connection in the GUI. In saying that, File Access permissions are needed in order to mask files.

Get File

This tests if file permissions has been granted to read a file from the specified folder. Please check the file permissions on the ftp server.

Command line: sftp (Mac)

No permission to open file. 

sftp> get [file]
Fetching /[folder]/[file] to [file]
remote open("/[folder[/[file]"): Permission denied
Command line: ftp (Windows)

No permission to open file. 

ftp> get [file]
200 PORT command successful. Consider using PASV.
550 Failed to open file.

Put File

This tests if file permissions has been granted to write a file in the specified folder. It could also be that write is not granted in (s)ftp service configuration. Please check both.  

Command line: sftp (Mac)

No permission to write file. 

sftp> put [file]
Uploading [file] to /[folder]/[file]
remote open("/[folder]/[file]"): Permission denied
Command line: ftp (Windows)

No permission to write file. 

ftp> put [file]
200 PORT command successful. Consider using PASV.
550 Permission denied.