none
Logic Apps SFTP / Private Key format RRS feed

  • Question

  • Hi,

    I'm having problems when I'm updating my SFTP API Connection directly to the existing API Connection. During execution, SFTP action fails with the following error

    { "status": 401, "message": "Invalid SSH private key provided.\r\nclientRequestId: e4521afb-8fdc-4d98-b82a-4b1654dae514", "source": "sftp-logic-cp-westeurope.logic-ase-westeurope.p.azurewebsites.net" }

    However, if I create a new connection from the Logic App Designer, the copy-pasted key is accepted. Key has been created with puttygen.

    Is there a trick I should use to be able to change the existing connection with a valid key? The designer immediately checks the key and does not accept "rubbish", but the API Connection editor does seem to accept everything...

    BR,

    Esa

    Monday, August 21, 2017 11:34 AM

Answers

  • Tried to update the API Connection with ARM template and that worked without problems - so it seems that the edit mode has some kind of bug... at least this is a workaround currently.
    Thursday, August 24, 2017 12:06 PM

All replies

  • Hi,

    You need to create API connection for SFTP connector or you can update API connnection information within your resource group . So instead of manually updating the logic app designer try to update within the SFTP API Connection and see if it works .

    Thanks

    Abhishek 


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    Monday, August 21, 2017 10:59 PM
  • Hi,

    I tried exactly to do that (update the SFTP API connection from portal) but that failed during runtime. It seems that the API Connection modification does no error checking, but working in designer does. 

    But the strangest thing was that while the designer accepted my pasted private key, the API Connection failed with the exactly same pasted key. So should the API Connection key be in some specific format (e.g. base64 coded or something else, I couldn't find this from docs) when I update it? 

    Or the other way around - does the designer convert / do some other handling to the private key value before storing it to the API Connection?

    BR,

    Esa

     


    Tuesday, August 22, 2017 8:10 AM
  • Hey you might try the ...\Peek Code option on the SFTP shape to see if it is doing anything to the SSH key value. I have found the code behind like this does not always match what you expect to see. 

    Also, there is an option for disabling the SSH key checking. You might check this and see if this changes anything at run-time. 

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline

    Wednesday, August 23, 2017 9:12 PM
  • Thanks for the tip, Ben.

    Peek code shows something extra in the last line that's not visible in the code view, but (unfortunately) can't figure out anything specific on that - so it just seems to get the authentication parameter probably from the API Connection...

    {
    "inputs": {
    "host": {
    "connection": {
    "name": "@parameters('$connections')['sftp']['connectionId']"
    },
    "api": {
    "runtimeUrl": "https://logic-apis-westeurope.azure-apim.net/apim/sftp"
    }

    },

    "method": "post",
    "path": "/datasets/default/files",
    "queries": {
    "folderPath": "/sftp/out/",
    "name": "@{item()?['Name']}.tmp"
    },
    "body": "@body('Get_file_content_using_path')",
    "authentication": "@parameters('$authentication')"
    }
    }

    I found out that when I try to use the updated API Connection again in Logic App, it makes the verification and says that key is invalid, so that's at least a way to verify the updated key before runtime use if there is a need to update the key. In my scenario we have deployed Logic Apps with ARM templates but we don't have our authentication keys ready for all environments yet, so updating is required - haven't tried to deploy the key in template directly afterwards yet if that would solve the problem.

    BR,

    Esa 


    • Edited by Esa Vanhanen-Varho Thursday, August 24, 2017 6:00 AM Accidentally cut a line in original post...
    Thursday, August 24, 2017 5:59 AM
  • Tried to update the API Connection with ARM template and that worked without problems - so it seems that the edit mode has some kind of bug... at least this is a workaround currently.
    Thursday, August 24, 2017 12:06 PM
  • Can you kindly share the ARM template parameterValues of the API connection that you updated.  I tried this parameters using base64 and utf-8 but on sshPrivateKey property but its still failing.  I am not even sure if sshPrivateKey is a valid object/property.

               "type": "Microsoft.Web/connections",
                "apiVersion": "2016-06-01",
                "location": "[variables('logicAppLocation')]",
                "name": "[parameters('sftp_name')]",
                "properties": {
                    "api": {
                        "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('logicAppLocation'),'/managedApis/sftp')]"
                    },
                    "displayName": "[parameters('sftp_displayName')]",
                    "parameterValues": {
                        "hostName": "[parameters('sftp_hostName')]",
                        "userName": "[parameters('sftp_userName')]",
                        "portNumber": "[parameters('sftp_portNumber')]",
                        "giveUpSecurityAndAcceptAnySshHostKey": true,
                        "sshPrivateKey": "[parameters('sftp_sshPrivateKey')]",
                        "sshPrivateKeyPassphrase": "[parameters('sftp_sshPrivateKeyPassphrase')]",
                        "sshHostKeyFingerprint": "[parameters('sftp_sshHostKeyFingerprint')]",
                        "disableUploadFilesResumeCapability": false
                    }



    Tuesday, June 4, 2019 10:46 AM