MFT SFTP Server
Secure Shell File Transfer Protocol (SFTP) is a network protocol used for the secure transfer of data over the internet. SFTP leverages the full security and authentication features of the Secure Shell (SSH) protocol. This makes it well-suited for exchanging sensitive data between business partners in industries such as finance, healthcare, retail, and advertising. SFTP provides a robust and encrypted means of transferring files, ensuring the confidentiality and integrity of the data being shared. Its widespread adoption across various sectors highlights the importance of secure data transmission in today's interconnected business landscape.
MFT SFTP servers operate over port 22.
To create a MFT SFTP Server Endpoint:
- Click Organizations.
- Select an organization.
- Click Endpoints.
- Click Add Endpoint.
- Enter the name in the Endpoint Name field.
- Select MFT SFTP Server protocol from the Type drop-down.
- Note the example Public Url in order to make the connection.
- Enter a description for the endpoint.
- Click Save.
Once this endpoint type has been integrated into a flow, users can create user accounts directly from the Flow Endpoint.
A unique username and authentication credential (password or SSH) is required for each source and target flow endpoint.
You can optionally use File Sharing to provision a single user account and grant that one account to multiple different folders. Because access and permissions for each folder is strictly controlled, you can use this as a front-end interaction layer for users who cannot manage multiple credentials.
Automated File Transfer can monitor these File Sharing folders as source endpoints to automatically pick up and route files to internal targets or it can use them as target endpoints to drop files back off for the external user.
While this approach solves the single-user constraint, using the File Sharing service as a front-end for the Automated File Transfer service involves bridging two separate applications, which will increase the overall complexity of your workflow configurations.
Resume
The file transfer feature of MFT SFTP Servers necessitates the following requirements:
- Trigger files
- The client must use 'binary' transfer mode
Post-upload operations
MFT does not allow post-upload operations on MFT SFTP internal sources unless the client software employs a temporary file name. This temporary file name must also be set up in the MFT SFTP source's internal flow endpoint, located under the Triggers tab.
Idleness
MFT SFTP assesses the idleness of SFTP sessions by monitoring the time since the last command was received. If an SFTP connection remains open without any command being sent for over 15 minutes (the default timeout), the session will automatically close. To maintain an active SFTP session, it is essential to periodically send a command. For instance, you can request the current directory to keep the session alive.
Allowlisting
All inbound IP addresses connecting to MFT's SFTP service must be allowlisted. For further information, refer to IP Allowlisting.
SFTP (SSH) Host Key
Refer to SFTP SSH host key for more information on MFT's SFTP SSH host key details.
SSH
Using a shell is prohibited because it is frequently exploited for malicious purposes. Additionally, a shell does not serve any function in the context of file transfer.
Supported SSH Ciphers for MFT SFTP Server
MFT SFTP Server supports the following SSH ciphers:
Key Exchange (KEX) Algorithms
ecdh-sha2-nistp384ecdh-sha2-nistp521ecdh-sha2-nistp256curve25519-sha256@libssh.orgdiffie-hellman-group14-sha256ext-info-s
Server host key algorithms
rsa-sha2-256rsa-sha2-512ecdsa-sha2-nistp256ssh-ed25519
Encryption algorithms
aes128-gcm@openssh.comaes256-gcm@openssh.comchacha20-poly1305@openssh.comaes128-ctraes192-ctraes256-ctr
MAC Algorithms
hmac-sha2-256-etm@openssh.comhmac-sha2-256
