Bloomberg SFTP Authentication
This document explains the Bloomberg SFTP authentication failure observed while connecting through an SFTP client. The error occurred during public key authentication and was further validated from the Bloomberg Enterprise Console monitoring screen.
Error observed:
“Authenticating with public key ‘rsa-key’. Authentication failed.”
The root cause identified was that the connecting public IP was not added to the Bloomberg IP Allowlist.
Authentication log (see session log for details): Using username "<Username>".
Authenticating with public key "rsa-key". Authentication failed.
Step 1: Review the Bloomberg SFTP Monitoring Screen
The Monitoring screen shows the current SFTP connection activity, including uploads, downloads, login attempts, logout activity, and alerts.
In this case, the dashboard shows one critical alert under authentication failure. This confirms that the SFTP connection reached Bloomberg, but the connection was rejected during authentication.
The event displayed is:
“Authentication Failure: IP not in allowlist”
This clearly indicates that the issue is not with the SFTP client alone. The Bloomberg server rejected the request because the source public IP address was not authorized.
Step 2: Validate the Error from the SFTP Client
The SFTP client shows the following error:
“Authenticating with public key rsa-key”
“Authentication failed”
This means the client attempted to authenticate using the configured SSH private key, but Bloomberg rejected the login.
At this stage, the possible causes are:
1. Public IP not allowlisted
2. Incorrect username
3. Public key not mapped to the Bloomberg SFTP user
4. Wrong private key selected in the SFTP client
5. Incorrect SFTP environment, such as UAT instead of PROD
Step 3: Open the Authentication Failure Details
The detailed alert confirms the exact failure reason:
“IP authentication failure”
“Auth Type: IP”
“IP Address: 2.51.115.227”
This confirms that Bloomberg rejected the connection because the source public IP was not added to the SFTP IP allowlist.
Action required:
The same public IP address must be added under the Bloomberg Enterprise Console IP Allowlist section.
Step 4: Add the Public IP Address in Bloomberg IP Allowlist
Navigate to:
Enterprise Console → SFTP → IP Allowlist
Select Internet and enter the public IP address.
Example:
IP Address: 2.51.115.227
CIDR Mask: /32
Host: 1
Alias: Palane_Test
Use /32 when allowing one specific public IP address.
After entering the details, click “Add Internet IP”. Once saved, retry the SFTP connection.
Step 5: Add or Validate the SSH Public Key
Navigate to:
Enterprise Console → SFTP → Credentials → SSH Key
Paste the SSH public key in OpenSSH single-line format.
The key should normally start with:
ssh-rsa
Bloomberg recommends that the SSH key should be at least 2048-bit RSA, preferably 4096-bit. The public key must be in OpenSSH single-line format and mapped to the correct SFTP user.
Important:
Only the public key should be shared or uploaded. The private key must remain secure and should be used only in the SFTP client.
Final Checklist1. Confirm Bloomberg SFTP username is correct.
2. Confirm SFTP hostname and port are correct.
3. Confirm whether the connection is for UAT or PROD.
4. Confirm the public IP is added in Bloomberg IP Allowlist.
5. Confirm the SSH public key is added in Bloomberg Credentials.
6. Confirm the private key used in the SFTP client matches the uploaded public key.
7. Confirm the key format is OpenSSH single-line format.
8. Retry the connection after saving the IP and SSH key configuration.
Conclusion:
Connect to the SFTP of the bloomberg
Root Cause:
The Bloomberg SFTP connection failed because the source public IP address was not added to the Bloomberg IP Allowlist.
Resolution:
The public IP address was added under Bloomberg Enterprise Console → IP Allowlist with /32 CIDR, and the SSH public key was validated under Credentials.
No comments:
Post a Comment