Adding an SFTP Partner
1 What is an SFTP Partner
SFTP is a transport layer protocol used to securely exchange files over SSH. Secure shell encryption offers a high level of protection when transferring files and material via SFTP. The MFT Gateway account can function as an SFTP server on your behalf, enabling message exchanges between you and your trading partners over the SFTP protocol as SFTP clients.
The MFT Gateway only supports SFTP public key authentication. Before you may send and receive messages from SFTP partners, you must add them to MFT Gateway.To represent your business partner, you can create an SFTP partner as needed under your MFT Gateway account.
2 Creating an SFTP Partner
Make sure that the SFTP is selected as a message service from the ‘Organization profile’. To add an SFTP partner, select the ‘Partners’ option from the left navigation menu, then the ‘SFTP’ option tab and the ‘New SFTP Partner’ button in the upper right corner.
Provide a Name for the trading partner. This is a textual identification that allows you to easily identify this partner from others in the system.
Specify a unique SFTP Identifier for the partner, which will serve as your trading partner’s SFTP user name. The MFT Gateway will prefix the given value with your account identity to ensure that your SFTP partner is unique across multiple accounts.
Give an email address(es) to receive Notification Email(s) for incoming SFTP messages or SFTP message sending failures, as per your choice. You can select up to three emails in a comma-separated form.
Expand the Advanced Options option if you would need to configure any advanced configuration options. You can skip this section during the standard set-up. Refer to the Advanced Options section for details on these.
Access for the SFTP partner can be configured via public key authentication by either generating a new key pair or using their existing public key. For both of these options, the MFT Gateway supports PKCS1, PKCS8, and PPK key types.
To generate a new key pair, select the private key type from the Private Key Type drop-down list. By turning on the Add password for private key toggle option, you can set a password for your private key.
To create an SFTP partner using an existing key pair, enable the Enable with existing key pair toggle button and enter or browse the public key to upload.
Once you’ve entered all of the needed information, click the Create button.
You will be returned to the SFTP partner list view after completing the SFTP partner creation procedure. If you decide to generate a new key pair for your SFTP partner, MFT Gateway will automatically download the generated private key.
When connecting to the MFT Gateway SFTP server as a client, the SFTP partner can login programmatically or use several SFTP clients such as FileZilla, WinSCP, and OpenSSH.
To connect to the SFTP client, the SFTP partner should know certain server information about the SFTP trading partner. Some predefined information can be used, while others must be provided, such as:
- Host/IP address of the server: ‘sftp.mftgateway.com’
- Port number of the server: ‘22’
- Authentication Type: Key File
- User Name: Your SFTP partner’s ‘SFTP Identifier’
- Key File: The most recent private key part of the key pair of your trading partner
- For a password-protected private key file: Provide the password that the SFTP partner used to protect the key.
3 Advanced-options
File Structure
As an MFTG user, you should only be able to interact with the directory and its subdirectories listed below. The MFT Gateway by default uses the following file structures to save inbound/outbound message content inside your dedicated S3 bucket:
/SFTP/partners/(SFTP-Partner-ID)/inbox/(Random-Message-ID)/
/SFTP/partners/(SFTP-Partner-ID)/outbox/(Random-Message-ID)/
The MFT Gateway allows you to customize the default file structure with the following options:
Remove Subdirectory With Random Message ID
When you enable this option, you can remove the last subdirectory generated with a random message ID (unique for each message). Consequently, message content will be saved directly under the inbox/outbox directories. It’s important to note that this can introduce the risk of content being overridden.
Add Custom Subdirectory
You can specify your own custom subdirectory under the inbox/outbox for this partner. Once you enable this option and if you specify a custom subdirectory, the file structure will change as follows:
/SFTP/partners/(SFTP-Partner-ID)/inbox/(Custom-Sub-Directory)/(Random-Message-ID)/
/SFTP/partners/(SFTP-Partner-ID)/outbox/(Custom-Sub-Directory)/(Random-Message-ID)/
Notifications
Choose to receive an email notification for events of interest:
- receipt of each incoming SFTP message coming to this SFTP partner
- sending failures; e.g., when MFT Gateway fails to send the SFTP message to that relevant SFTP partner
Other Options
You can provide a description for this trading partner here.