SFTP Server

Learn how to protect your sensitive data while using Secure File Transfer Protocol

What is an SFTP Server?

Media
 
Text

An SFTP server provides a way for organizations to securely exchange sensitive files over a network. SFTP (or Secure File Transfer Protocol) helps ensure data integrity and security by using encryption and authentication during the file transfer process.

An encrypted tunnel is created between the SFTP server and any trading partners, which protects all data, user ids, passwords and commands that flow over the connection. Secure FTP is critical for compliance with PCI DSS, HIPAA, HITECH, SOX and state privacy laws.

GoAnywhere MFT, an enterprise-level file transfer solution, allows your trading partners to securely exchange files with your organization using SFTP (SSH File Transfer Protocol) and SCP (Secure Copy) protocols. The solution also supports the latest SSH 2.0 protocol standard and allows for both password and SSH key authentication.

Through GoAnywhere’s SFTP client, organizations can exchange files between their local system and a remote server, with data encrypted via the SSH protocol.

Image
SFTP Server

How to Set Up an SFTP Server

Text
  1. Create or import your SFTP private key following best security practices relating to key algorithm and size.
  2. Assign your unique private SSH key to the SFTP service and start the service listener.
  3. Ideally, bind your SFTP to an internal server location and use GoAnywhere Gateway in the DMZ to close off all inbound ports from the internet to your internal network.
  4. Create a User Account for your trading partner and grant them access to the folder(s) they should upload or download files to/from.
  5. Specific to authentication, best practice is typically key-based or 2FA. You should import your partner's public SSH key to the Key Management System and associate that key to their user account. A strong password requirement along with their key creates two-factor
  6. Connect to your SFTP and login using the user account credentials and key you assigned to the user profile and test uploading or downloading data.
Text

SFTP Server Features:

  • Highly scalable with no restrictions on the number of trading partners
  • Support for multiple listeners with configurable port numbers
  • Remote administration and monitoring through a browser-based interface
  • Robust security and granular permission controls
  • Multiple authentication methods; database, Active Directory (AD), LDAP and IBM i
  • Administrators can view active sessions for logged-in users
  • Event triggers to automatically process files or send email notifications
  • Support for client requests to resume file transfers
  • Configurable settings for maximum number of sessions, maximum login failures and idle timeouts
  • ZLIB compression to reduce bandwidth requirements
  • Ability to accept or reject files with certain extensions
  • Allows only strong NIST-certified encryption algorithms when in FIPS 140-2 Compliance mode
  • Can be installed in the private network without opening inbound ports, when paired with GoAnywhere Gateway in the DMZ

SFTP Logging

Audit trails (logs) are generated for all SFTP and SCP sessions in GoAnywhere MFT to meet auditing and compliance requirements. This detail includes commands issued, messages, IP addresses, user ids and file names transferred. Log messages can additionally be sent to a SYSLOG server using UDP or TCP connections.

SSH Key Management

Intuitive graphical screens are provided in GoAnywhere MFT to allow for the management of SSH Keys. This Key Manager can be used to create SSH public and private keys, import and export keys, and view keys. Both RSA and DSA key types are supported with key lengths up to 4096 bits.

High Availability Planning with SFTP

When it comes to file transfers, it’s critical that organizations are able to complete them without disruption. Businesses can choose from either active-passive and active-active high availability plans.

Active-passive plan

Active-passive plan failure downtime for trading partners can run from a few seconds to a few hours depending on what how organizations start the passive system.

Active-active plan

Active-active plan failure downtime is most commonly zero because there is always a backup system that can take over in a moment of system failure. These high availability plans can help organizations minimize and avoid downtime, meet SLAs, and increase user satisfaction.

Setting SFTP Algorithms On Your SFTP Server

The SFTP server in GoAnywhere MFT provides support for the following standards:

Protocol

  • SSH 2.0

Ciphers (Symmetric Encryption Algorithms)

  • AES-128
  • AES-192
  • AES-256
  • Triple DES (DESede)
  • Blowfish

MAC Algorithms

  • HMAC-SHA1
  • HMAC-SHA2-256
  • HMAC-MD5

Key Exchange Algorithms

  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256

Compression

  • ZLIB

GoAnywhere Gateway

GoAnywhere Gateway helps you share essential documents with trading partners, clients, and vendors without storing data in the DMZ. Exchange files without opening inbound ports to your private network, and keep the locations and identities of your internal systems hidden.

Learn more about the DMZ Secure Gateway >

FAQs

An SFTP server provides a way for organizations to securely exchange sensitive files over a network. SFTP (or Secure File Transfer Protocol) helps ensure data integrity and security by using encryption and authentication during the file transfer process.

SFTP servers use a single data channel with encryption applied to login credentials as well as encrypting files for a secure connection.

By using SSH (Secure Shell) to establish secure connections between the client and server via user ID and password, pre-set key authentication, or a combination of both, SFTP servers can securely transfer and manage business-critical and sensitive files.

  • High scalability, with no restrictions on number of trading partners
  • Remote administration and monitoring
  • Flexibility when it comes to authentication via database, Active Directory, LDAP and IBM i
  • Security is superior to an FTP server and includes granular permission controls
  • Automation of file processing via event triggers streamlines the exchange of data
  • Reduces bandwidth requirements and limitations via ZLIB compression
  • Customization can be achieved via configurable settings
  • Eases meeting compliancerequirementswhen used with the FIPS 140-2 compliance mode
  • Can keep all data out of the DMZ and in an organization’s private (no need to open inbound ports)
  1. Create or import your SFTP private key following best security practices relating to key algorithm and size.
  2. Assign your unique private SSH key to the SFTP service and start the service listener.
  3. Ideally, bind your SFTP to an internal server location and use GoAnywhere Gateway in the DMZ to close off all inbound ports from the internet to your internal network.
  4. Create a User Account for your trading partner and grant them access to the folder(s) they should upload or download files to/from.
  5. Specific to authentication, best practice is typically key-based or 2FA. You should import your partner's public SSH key to the Key Management System and associate that key to their user account. A strong password requirement along with their key creates two-factor
  6. Connect to your SFTP and login using the user account credentials and key you assigned to the user profile and test uploading or downloading data.

SSH stands for Secure Shell. It is a network protocol that can create a secure connection between two computers (or a client and a server). SSH acts as a secure channel using encryption and authentication to protect data exchanged. Public key encryption authenticates the remote computer.

See the benefits of an SFTP server for yourself

Request a Quote