Articles and news

Restrict user with trusted IPs for SFTP and FTPS

Fri 15 February 2019 | security blog

Computer security illustration.

It is common practice to secure a file transfer server using firewall rules which only allow incoming connections from trusted partners.

Let's assume you have a US partner named "ACME Inc", connecting to your server from IP 1.1.1.1 using the user acme-inc, and another German partner called "AlleWerkzeuge AG", connecting to your server from IP 5.5.5.5 using the user alle-werkzeuge-ag.

You can configure your firewall to only allow connections from a list of trusted IPs like 1.1.1.1 and 5.5.5.5, but the firewall doesn't know about usernames. So it will allow the account acme-inc to connect even if the connection is initiated from 5.5.5.5, which is an IP outside of the ACME Inc network.

To complement firewall restrictions, SFTPPlus allows defining a fixed list of trusted IP rules from which it will allow connections for a specific user.

Such a configuration can be defined per user, but also per group, with multiple users inheriting their configuration from the group.

To restrict a specific user to connect through SFTP or FTPS to the file transfer server only from a certain IP (or IPs), you can use the source_ip_filter configuration option in SFTPPlus.

The remote access is denied when the user connects from a source address which is not whitelisted.

Below is a screenshot from our web-based management console demonstrating such a configuration.

Screenshot of SFTPlus account configuration.

Read more about securing your SFTP/FTPS and HTTPS services with SFTPPlus in our documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.45.0

Thu 14 February 2019 | general release

We are announcing the latest release of SFTPPlus version 3.45.0.

New Features

  • It is now possible for SFTP/SCP clients to change their own password using the SSH command execution service. [server-side][sftp][scp] [#5129]
  • It is now possible to transfer files using temporary names, renaming to their initial names once successfully transferred. [client-side] [#5156]
  • Events emitted when a file is closed after a server-side SFTP or SCP transfer now include transferred size, duration, and average speed. [server-side][scp][sftp] [#5196]
  • You can now configure an account to allow authentication only from a specific list of source IP addresses. [server-side][security] [#5201]

Defect Fixes

  • The SFTP/SCP file transfer service no longer generates an internal server error when the SCP protocol is requested as an SSH subsystem. [server-side][scp] [#5129]
  • For move transfers, the removal of the source file is now retried when the operation fails. In previous versions, once the file was transferred, the source removal was attempted only once. [client-side] [#5156-1]
  • The transfer of a file is now retried when the operation to check the existence of the remote file fails. [client-side] [#5156]
  • For the SCP protocol, the event with ID 30042 is no longer emitted when the client is sending the whole file without an end of file marker. In previous versions, if the SCP client uploaded all the file data, but did not send the explicit confirmation for the end of file or stream, SFTPPlus was emitting the event 30042 to inform that the transfer was not complete. [server-side][scp] [#5196]

Deprecations and Removals

  • The events emitted for rename operations now have the destination path as the default path attribute. In previous versions the source path was used. The from attribute will contain the source path. The following event IDs are affected: 60043, 60044, 30025, 30026, 30027 [server-side][client-side] [#5156]
  • Support for FreeBSD 10.x on X86_64 was removed. [#5170]

You can check the full release notes here.

• • •

Get email notifications from your FTP and SFTP servers

Thu 31 January 2019 | article

Introduction

Email notification article banner

SFTPlus can connect to any STMP servers and deliver emails based on the activity, actions and events triggered by a file transfer.

With SFTPPlus you can configure the list of recipients (with CC and BCC), email subject and email body.

The email notification can be use for FTPS or SFTP server monitoring and reporting, or just for critical failure/error conditions.

For example, you can trigger an email notification, whenever a SFTP file upload fails on your file transfer service. In this way, you can automatically monitor the server for new files and be notified when you got new files which failed to be fully uploaded.

Operation principles

An Email client resource is created inside the SFTPPlus configuration in order to define the STMP server address, port and credentials.

For each type / category of email notifications, create a separate Send as email event handlers.

Each event handler has a set of filters which determined the condition under which the emails are triggered. For example, you can trigger on all file upload to your site, or only on uploads from a certain user.

Multiple event handlers can use a single email client resource to deliver the emails.

Integration with Email Delivery Services

Using the standard STMP protocol, SFTPPlus can send email alerts using any of the cloud based email delivery services.

If your SFTP server is hosted with Azure, you might want to use the Sendgrid service. For FTP servers hosted with Amazon EC2 you might want to use the Amazon SES service.

Note that for Amazon EC2, port 25 is throttled. You should use port 587 instead.

Check our dedicated documentation page to see how to configure email alerts in SFTPPlus.

This resource is written as of SFTPPlus version 3.44.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

Email Alerts Services That You Should Use image used in this article was created by Amit Agarwal and is licensed under CC BY 2.0 / Cropped from original.

• • •

HTTPS, FTPS, and SFTP with Docker and OpenShift

Wed 30 January 2019 | blog

For some time, we have been maintaining an MIT-licensed GitHub repository to ease the creation and running of SFTPPlus Docker instances.

Whether you are already a customer of ours, or currently evaluating SFTPPlus, simply head over to our GitHub repository, clone, and follow the instructions to run an SFTPPlus instance in Docker.

To further aid in quickly trying out a version of SFTPPlus in Docker, we are pleased to announce the creation of a SFTPPlus Docker Hub repo.

Docker Hub banner

You can now simply pull from Docker Hub our latest 3.44.0 trial image for Red Hat Enterprise Linux 7.0 / CentOS 7.0 (or other compatible OS'es) with a single command:

docker pull proatria/sftpplus-trial:3.44.0-centos7

In this way, you can evaluate a dockerized FTPS and SFTP server with minimum effort.

The Docker Hub repository only contains the evaluation version. For production use you will most probably want to change the configuration to meet your requirements.

To build your own Docker image, check the scripts and instructions used to build the evaluation image in our aforementioned GitHub repo.

Similar commands can be used to deploy the Debian Linux 8 image pushed to Docker Hub as:

proatria/sftpplus-trial:3.44.0-debian8

To offer a Docker image with minimal disk size, our Docker Hub repository also covers Alpine Linux, a distribution for "power users who appreciate security, simplicity and resource efficiency". To get the Alpine Linux 3.7 image, use:

proatria/sftpplus-trial:3.44.0-alpine37
OpenShift banner

Our Dockerfile and the images derived from it do not require running the process as root inside the container. Therefore, you can deploy them in OpenShift with a single command as well:

oc new-app proatria/sftpplus-trial:3.44.0-centos7

A users guide for deploying SFTPPlus with Docker containers is available in our Docker documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.44.0

Thu 24 January 2019 | general release

We are announcing the latest release of SFTPPlus version 3.44.0.

New Features

  • It is now possible to configure the name associated to the sender email address in the email client resource. [#3069]
  • It is now possible for file transfer users to change the password associated with their accounts via the HTTP / HTTPS protocols. [server-side][http][https] [#5128]
  • It is now possible to configure an email sender event handler with CC and BCC fields. [#5158]
  • It is now possible to monitor OS resources used by SFTPPlus, and trigger an event when their usage hits certain configurable limits. This feature is not available on HP-UX, Windows XP and Windows Server 2003. [#5175]
  • Alpine Linux 3.7 on X86_64 is now a supported platform. [#5179]
  • It is now possible to schedule a transfer based on week days. [client-side][#5184]

Defect Fixes

  • The HTTP/HTTPS file transfer service login page is now accessible in HTML format for Internet Explorer in compatibility mode. [http][https][server-side] [#5188]

Deprecations and Removals

  • The URL of the login page used by the HTTP/HTTPS file transfer service was moved from /login to /__chsps__/login. [server-side][http][https] [#5128]
  • Support for Alpine Linux 3.6 on X86_64 was removed. [#5179]
  • Event with ID 60019 emitted when a transfer has invalid schedule configuration was removed and replaced with the generic event ID. [#5184]
  • The HTTP/HTTPS file transfer API now requires an explicit Accept: application/json header in order to use the JSON variant of the API. Otherwise, it will default to the HTML/WebDAV variant. [http][https][api][server-side] [#5188]

You can check the full release notes here.

• • •