Thanks again.
Will try and let you know results. Waiting on IS reboot.
password returns the password
pass.phrase is null (not using a passphrase on the key)
Added new alias with password
updated alias to use key
Ran enhancedSFTPClient:login
Could not run ‘login’
com.wm.app.b2b.server.ServiceException: java.lang.NullPointerException
I have 2 identical (minus the alias name) aliases. First one I created works. Second fails. removed the first one, now none of the alias work. Even adding back exact doesn’t work.
this "You need invoke service pub.security.util:createSecureString to convert a String to SecureString, and pass it the these services I mentioned above. " I didn’t understand
Because pass.phrase is null, so you need to use service pub.security.outboundPasswords:updatePassword to set it.
And this service accepts SecureString Object as input, not regular String, so you need to use service pub.security.util:createSecureString to convert a String value to SecureString Object then pass to updatePassword service.
since there is no pass phrase being used, am I supposed to pass the value from the wm.is.admin.sftpclient.password. to the wm.is.admin.sftpclient.pass.phrase.?
Also isInternal should be true, correct?
So if I’m reading correctly:
get password, convert password to secureString, update pass.phrase password value with string.
isInternal should be true, yes.
The wm.is.admin.sftpclient.pass.phrase value should be the same as PassPhrase field when you setup a public key authentication type. And it’s determined when the private key is generated. It’s probably not the same with wm.is.admin.sftpclient.password.
there is no pass.phrase, this is why its null.
Then you could use service pub.security.outboundPasswords:setPassword to force adding one
Am I missing something? password and pass phrase match what was added to the alias. there was no pass phrase used, so that null should be correct.
Ok. So I recreated everything in a new instance.
1st alias, code works
2nd alias, code fails
I create both Alias’s the exact same way.(save password, save key). The first Alias has the password from the first save in the pass phrase of the second save (pass.phrase) The second Alias I create does not save anything in the pass phrase.
This is the message I received when trying to manually update password. wm.is.admin.sftpclient.pass.phrase.FTB. Key does not exist.
Got it.
You have to have the password in the passphrase, which can only be added with the setPassword function (not sure how it works the first time only).
So you can getPassword of the password., convertSecureString, createSecureString, setPassword for pass.phrase. then updatePassword for pass.phrase.
Yes, the passphrase can’t be empty. We actually have the same problem when configure keystore.
So, we’re good now?
I believe so. Not sure what to do if we used pass phrases, but we don’t so I’m not going to go down that path 
Again thanks a lot for the help. it’s appreciated.
Not leveraging SAG implementation using third-party (https://www.sshtools.com/en/) SSH/SFTP library instead, offering support for different sFTP flavors, different authentication methods (key, or password) and much more.
Build small package with wrapper Java-flow-services (login, logout, cd, put, get …) allowing our developers to concentrate on implementing (business) logic.
Hi Xiaowei/Mark,
We are on 9.10 and have a mandated requirement from our partner to use Multi Factor Auth (Both Password and SSH Key) for SFTP. Tried following all the steps and waiting for our admins to update the extended setting watt.security.ope.AllowInternalPasswordAccess=true.
Meanwhile, had quick question.
While migrating to higher env. and eventually to Prod, assume we need to follow the same steps to set-up the alias, updated IS setting and manually set the pass phrase. Could you please confirm.
Could you please let me know if there are any other known issues based on your experience with this approach?
Regards,
Hari