Skip to main content
Feedback

External SFTP Server

MFT's External SFTP Server endpoint establishes a relationship for sending files and messages between MFT and an external partner, using the SFTP protocol. You can send files from MFT to an external, partner-owned destination. You can also use MFT's External SFTP Server endpoint to retrieve files from a partner's SFTP server.

To create an external SFTP Server endpoint:

  1. Click Organizations.

  2. Select an organization.

  3. Click Endpoints.

  4. Click the Add Endpoint.

  5. In the Endpoint Name field, enter the name.

  6. Select External SFTP Server protocol from the Type drop-down.

  7. In the Host field, enter the host information.

    info

    The Host field is limited to 80 characters.

  8. Enter the port in the Port field.

  9. Enter the username for the SFTP site in the User field.

  10. For Auth type, select one of the following:

    • SSH Key
    • User Password
    • User Password and SSH Key

  11. In the Password field, enter the password for the SFTP host account.

    The Password field appears based on the Auth Type you select.

  12. Select an SSH key from the SSH Keys drop-down if required.

    If your SSH key is not in the drop-down selection, you must add it to the organization in the SSH Keys section. Refer to SSH keys.

  13. Enter a description for the endpoint.

  14. Click the Save.

MFT uses the SSH.NET Library for connecting to External SFTP servers - refer to Supported SSH ciphers for MFT SFTP External servers for list of currently supported ciphers.

caution

Using MFT's SaaS service for outbound connections might require the allowlisting of our IP addresses by the respective target endpoints. This proactive step ensures seamless and secure communication, allowing our service to interact with designated external systems and deliver optimal performance reliably.

Supported SSH Ciphers for MFT SFTP External Servers

SFTP External Servers supports the following SSH ciphers:

Encryption methods

Supports the following encryption methods:

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • chacha20-poly1305@openssh.com
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • 3des-cbc

Key exchange methods

Supports the following key exchange methods:

  • mlkem768x25519-sha256
  • sntrup761x25519-sha512
  • sntrup761x25519-sha512@openssh.com
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group16-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1

Public key authentication

Supports the following private key formats:

  • RSA in
    • OpenSSL traditional PEM format ("BEGIN RSA PRIVATE KEY")
    • OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
    • http://ssh.com format ("BEGIN SSH2 ENCRYPTED PRIVATE KEY")
    • OpenSSH key format ("BEGIN OPENSSH PRIVATE KEY")
    • PuTTY private key format ("PuTTY-User-Key-File-2", "PuTTY-User-Key-File-3")
  • DSA in
    • OpenSSL traditional PEM format ("BEGIN DSA PRIVATE KEY")
    • OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
    • http://ssh.com format ("BEGIN SSH2 ENCRYPTED PRIVATE KEY")
  • ECDSA 256/384/521 in
    • OpenSSL traditional PEM format ("BEGIN EC PRIVATE KEY")
    • OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
    • OpenSSH key format ("BEGIN OPENSSH PRIVATE KEY")
    • PuTTY private key format ("PuTTY-User-Key-File-2", "PuTTY-User-Key-File-3")
  • ED25519 in
    • OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
    • OpenSSH key format ("BEGIN OPENSSH PRIVATE KEY") -PuTTY private key format ("PuTTY-User-Key-File-2", "PuTTY-User-Key-File-3")

Private keys in OpenSSL traditional PEM format can be encrypted using one of the following cipher methods:

  • DES-EDE3-CBC
  • DES-EDE3-CFB
  • AES-128-CBC
  • AES-192-CBC
  • AES-256-CBC

Private keys in OpenSSL PKCS#8 PEM format can be encrypted using any cipher method BouncyCastle supports.

Private keys in http://ssh.com format can be encrypted using one of the following cipher methods:

  • 3des-cbc

Private keys in OpenSSH key format can be encrypted using one of the following cipher methods:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • chacha20-poly1305@openssh.com

Host key algorithms

Supports the following host key algorithms:

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • rsa-sha2-512
  • rsa-sha2-256
  • ssh-rsa
  • ssh-dss

Message authentication code

Supports the following MAC algorithms:

  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha1-etm@openssh.com

Compression

Supports the following compression algorithms:

  • none (default)
  • zlib@openssh.com
On this Page