What is an SFTP Server?
An SFTP server provides a way for organizations to securely exchange sensitive files over a network. SFTP (or Secure File Transfer Protocol) helps ensure data integrity and security by using encryption and authentication during the file transfer process.
An encrypted tunnel is created between the SFTP server and any trading partners, which protects all data, user ids, passwords and commands that flow over the connection. Secure FTP is critical for compliance with PCI DSS, HIPAA, HITECH, SOX and state privacy laws.
GoAnywhere MFT, an enterprise-level file transfer solution, allows your trading partners to securely exchange files with your organization using SFTP (SSH File Transfer Protocol) and SCP (Secure Copy) protocols. The solution also supports the latest SSH 2.0 protocol standard and allows for both password and SSH key authentication.
Through GoAnywhere’s SFTP client, organizations can exchange files between their local system and a remote server, with data encrypted via the SSH protocol.
How to Set Up an SFTP Server
- Create or import your SFTP private key following best security practices relating to key algorithm and size.
- Assign your unique private SSH key to the SFTP service and start the service listener.
- Ideally, bind your SFTP to an internal server location and use GoAnywhere Gateway in the DMZ to close off all inbound ports from the internet to your internal network.
- Create a User Account for your trading partner and grant them access to the folder(s) they should upload or download files to/from.
- Specific to authentication, best practice is typically key-based or 2FA. You should import your partner's public SSH key to the Key Management System and associate that key to their user account. A strong password requirement along with their key creates two-factor
- Connect to your SFTP and login using the user account credentials and key you assigned to the user profile and test uploading or downloading data.
SFTP Server Features:
- Highly scalable with no restrictions on the number of trading partners
- Support for multiple listeners with configurable port numbers
- Remote administration and monitoring through a browser-based interface
- Robust security and granular permission controls
- Multiple authentication methods; database, Active Directory (AD), LDAP and IBM i
- Administrators can view active sessions for logged-in users
- Event triggers to automatically process files or send email notifications
- Support for client requests to resume file transfers
- Configurable settings for maximum number of sessions, maximum login failures and idle timeouts
- ZLIB compression to reduce bandwidth requirements
- Ability to accept or reject files with certain extensions
- Allows only strong NIST-certified encryption algorithms when in FIPS 140-2 Compliance mode
- Can be installed in the private network without opening inbound ports, when paired with GoAnywhere Gateway in the DMZ
SFTP Logging
Audit trails (logs) are generated for all SFTP and SCP sessions in GoAnywhere MFT to meet auditing and compliance requirements. This detail includes commands issued, messages, IP addresses, user ids and file names transferred. Log messages can additionally be sent to a SYSLOG server using UDP or TCP connections.
SSH Key Management
Intuitive graphical screens are provided in GoAnywhere MFT to allow for the management of SSH Keys. This Key Manager can be used to create SSH public and private keys, import and export keys, and view keys. Both RSA and DSA key types are supported with key lengths up to 4096 bits.
High Availability Planning with SFTP
When it comes to file transfers, it’s critical that organizations are able to complete them without disruption. Businesses can choose from either active-passive and active-active high availability plans.
Active-passive plan
Active-passive plan failure downtime for trading partners can run from a few seconds to a few hours depending on what how organizations start the passive system.
Active-active plan
Active-active plan failure downtime is most commonly zero because there is always a backup system that can take over in a moment of system failure. These high availability plans can help organizations minimize and avoid downtime, meet SLAs, and increase user satisfaction.
Setting SFTP Algorithms On Your SFTP Server
The SFTP server in GoAnywhere MFT provides support for the following standards:
Protocol
Ciphers (Symmetric Encryption Algorithms)
MAC Algorithms
Key Exchange Algorithms
Compression
GoAnywhere Gateway
GoAnywhere Gateway helps you share essential documents with trading partners, clients, and vendors without storing data in the DMZ. Exchange files without opening inbound ports to your private network, and keep the locations and identities of your internal systems hidden.