AnsweredAssumed Answered

How to get the CA API gateway to act as an SSH Server

Question asked by sachinchitran on Feb 6, 2018
Latest reply on Dec 24, 2018 by Stephen_Hughes

Good day!


I am trying to have an SSH server going in the CA gateway and have gone through every article around it on the CA platform, forums and other materials available online. i am trying to use an SFTP client (WinSCP) to do the various

operations (say LIST, PUT, GET) against the SSH Server for it process and respond back appropriately.



Please find below the list of steps that I have already followed to get the SSH server going.

  1.  To handle the inbound SFTP message, configured an internal SSH server running on a CA API Gateway listen port using the "SSH2" protocol
  2. To test "Password authentication", created an internal user in the gateway (not a user who can login through the Policy Manager) - planning to use Internal Identity Provider for now
  3. For Public key authentication, configured the "SSH tab" of the user to have the correct public key
  4. Used "Require SSH credentials" and "Authenticate against internal Identity Provider" to verify the caller




  1. When I connect using the SFTP client (WinSCP in this case), I get the following error:

    Is there an assertion that I need to use to return a valid response? I have mostly done HTTP(s) based work
    on the CA API gateway and remember using "Return Template Response" for returning a custom response. However I am not sure if we have something similar here or if the underlying SSH listener takes care of it already (which does not seem to be the case).
  2. Does the Gateway support a LIST, PUT and GET commands for SFTP? I can see that my first request is a "LIST" for which I get the error as shown above. When configuring the SSH2 listener, I have enabled LIST, PUT and GET but I am not sure if there is something I need to learn/understand here.
  3. What should I do to save a PUT command when the client tries to send a file?  I assume that will be available as part of the request.mainPart context variable
  4. Where does the the physical file reside once the gateway receives it? Does the Gateway has means of storing it in dedicated SFTP folders/directories? I can see that the current SSH path is "/" - is it possible to have custom paths
  5. Is it possible for the SSH request received to have an AD based authentication instead of the Internal Identity Provider?

I have gone through a lot of posts to get a good understanding of the SSH fundamentals however am not sure how to get it working from an API gateway point of view. I will be very grateful for any support or feedback in this regard to get me going in the right track. Looking forward to the community for some guidelines here.


Thank you for your time. Cheers.


Kind regards,