SFTP

<< Click to Display Table of Contents >>

Navigation:  Data transfer >

SFTP

SFTP stands for Secure File Transfer Protocol or SSH File Transfer Protocol. Despite the similarity in name to FTP, it is a completely different protocol. SFTP is a subsystem of SSH (Secure Shell). This means that first an encrypted connection to an SSH server is established and then the SFTP subsystem is used for data transfer. This type of transfer is considered to be particularly secure and also has the advantage that, similar to OFTP, all communication takes place via one connection and thus only one port is used wich eases network configuration and security. With FTP, on the other hand, there is one connection for the command channel and further connections for the actual data transfers, which may make securing your own network via firewall rules more complicated.

 

!MC5 distinguishes between the SFTP Client module and the SFTP Server module. With the SFTP Client module you can connect to other SFTP servers, transfer data to them and "fetch" data from them. Incoming connections are not possible with the SFTP Client. The SFTP Server module is required for this. It allows your partners to actively connect to !MC5 using any SFTP client, transfer files to you or "fetch" files from you. However, the SFTP Server module cannot be used to actively connect to a partner.

 

In most cases, one of the partners is always server, the other client. This means that either the communication is only one-way or one of the partners has to dial the other partner regularly or on request in order to pick up any files that may be available. To avoid this, it can also happen that both sides act as client as well as server: This way, each of the partners can actively transfer data to the other and does not have to wait for ready data to be "fetched". Which of these three combinations you require must always be clarified on a case-by-case basis with the respective partner.

 

The SFTP modules of !MC5 are especially designed for the (automated) transfer of EDI data (MFT = Managed File Transfer).

 

For the SFTP Server module special attention was paid to security:

 

!MC5 only allows the use of the SFTP subsystem of SSH. Shell access as well as other SSH subsystems are principally not available.

Logged in users can only "see" the files provided for them, but no other directories. Also files uploaded by the user are not shown to the user, so after the upload a file cannot be changed by the user.

Users cannot create directories or change to other directories.

Received data is always stored only in the input directory set for the respective partner. If a file with the same name already exists there, the newly received file is saved with an appended counter.

As with all other communication modules, there is no standard or administration access. Only created users can log in.

 

A "normal" SFTP server is an SSH server that implements the SFTP subsystem, among other things. Often there is access to a secure shell via the same access, which could also be used to execute programs (SSH is widely used in the Unix/Linux world to configure and operate systems remotely). The respective SFTP subsystems often allow extensive access to the server's file system. With the SFTP Server module, you therefore do not run the risk of accidentally making your SFTP access a security hole through incorrect configuration.