SFTP Component Configuration Overview


When you connect to a server using Secure File Transfer Protocol (SFTP), SSH encryption is used to protect the connection between your client machine and the server. This protects your password and your data, preventing an eavesdropper from capturing or stealing them as they travel over the network.

Despite the similarity in name and operation, SFTP is a completely different protocol from FTP and does not support all the same features and commands as FTP. Also, while they are both secure file transfer protocols and have similar names, FTPS (FTP with TLS/SSL) should not be confused with SFTP.

To use SFTP for secure connections, the server you are connecting to must also support SFTP. If you try to connect with SFTP to a server that does not support it, you will receive an error. Your network administrator or service provider can tell you if your server supports SFTP, and what other information you might need to use SFTP.

Password Authentication Versus Key Pair Based Authentication

All the SFTP components support both password-based and key pair-based authentication without password.

In conventional password authentication, you prove who you are by entering the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed, an attacker can learn your password.

Key Pair authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key, but anybody who has your public key can verify that a particular signature is genuine.

First, generate a key pair on your own computer and copy the public key to the server under a certain name. When the server asks you to prove who you are, WinSCP can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password. They only gain one signature. And signatures cannot be re-used, so they have gained nothing.

Note: While using key pair authentication, the private key file path has to be populated in the SFTP component that is invoked. If password based authentication is used, the password field has to be populated while the private key file is left blank. This applies for all SFTP components listed below.

Supported Secure FTP Components

This section lists the supported Secure FTP components that are available in iWay Service Manager.

  • SFTP Listener. A listener that uses the SFTP protocol component and is continuously polling the specified folder on the SFTP server (machine that supports OpenSSH FTP).
  • SFTP Emitter. The SFTP Emitter will emit messages onto a SFTP server. It requires the credentials on the server and the directory to emit as input.
  • Services. The following are the types of SFTP services:
    • SFTP Read (com.ibi.agents.XDSFTPReadAgent). The SFTP Read service is used to read files from a SFTP server (drive on UNIX or Windows). It can also be used in tandem with a file listener to embed file contents (the file picked up by the listener) into the XML file read from the SFTP drive by specifying the tag.
    • SFTP Emit (com.ibi.agents.XDSFTPEmitAgent. The SFTP Emit service is used to write files to an output directory through SFTP (drive on UNIX or Windows). The output file name can be specified completely or using wildcard characters.
    • SFTP File Ops (com.ibi.agents.XDSFTPOpsAgent). The SFTP File Ops (Operations) service emits data using the SSH protocol to a given host:port using various common SFTP commands. It can be used to perform operations, such as Copy, Prepend, Append, Size, and Move.
    • SFTP Directory Contents (com.ibi.agents.XDSFTPDirListAgent). The SFTP Directory Contents service is used to generate an XML document listing the contents of a SFTP directory specified by the user in the Directory parameter.
    • SFTP Direct Transfer (com.ibi.agents.XDSFTPDirectFileTransfer). The SFTP Direct File Transfer service transfers a file directly from the iSM to an SFTP server (drive on UNIX, or Windows), or directly from the SFTP server to the iSM server, without out moving the file through the iSM process flow.
    • SFTP Connection Cache (com.ibi.agents.XDSFTPConnectionCacheAgent). The SFTP Connection Cache service caches a single SFTP connection (both the control and data channels) to an SFTP server. When the connection cache is started, an existing connection from the cache is utilized for any SFTP agent within the iSM process flow that connects to an SFTP server, with the same address and authentication credentials (user ID and password).