Client Documentation

Start Page › 3. Configuration instructions › 3.2. Remote server connection

3.2. Remote server connection¶

Connection
- server
- port
Authentication
- user
- password
- key
Validating remote SFTP servers
Validating remote FTPS servers

To allow file exchanging.

3.2.1. Connection ¶

3.2.1.1. server ¶

Optional:	No
Default value:	None
Values:	fully qualified domain name or IP address
From version:	1.5.1
To version:	None
Description:	Address of the remote server where the client will connect.

3.2.1.2. port ¶

Optional:	No
Default value:	‘22’ - sftp ‘21’ - ftp/ftps ‘80’ - http ‘443’ - https
Values:	Port as number.
From version:	1.5.1
To version:	None
Description:	Port number for the remote server.

3.2.2. Authentication ¶

3.2.2.1. user ¶

Optional:	No
Default value:	None
Values:	Username as text.
From version:	1.5.1
To version:	None
Description:	Username for the remote server.

3.2.2.2. password ¶

Optional:	No
Default value:	None
Values:	Password as text.
From version:	1.5.1
To version:	None
Description:	Password for the remote server or password for the RSA/DSA key. If DSA/RSA keys are used and they don’t have a password, set this to `''` (empty text).

3.2.2.3. key ¶

Optional:	Yes
Default value:	None
Values:	Path to private RSA/DSA key in Putty format (.ppk) Path to SSL private key.
From version:	1.5.1
To version:	None
Description:	Path to private RSA/DSA key in Putty format (.ppk) For FTP/FTPS transfers, this should be used in case the clientcert does not contain the SSL key.

3.2.3. Validating remote SFTP servers ¶

Before starting any SFTP transfers you have to configure the remote SFTP server fingerprint and store the in the local servers profile. The local servers profile is a database containing all remote SFTP servers that were verified and approved.

To check and add the fingerprint of a remote SFTP server run one of the following commands according to your system.

Linux and Unix:

$ su -c '/opt/SFTPPlus-client/bin/psftp \
SERVER_ADDRESS -P SERVER_PORT' SERVICE_ACCOUNT

Windows:

In order to successfully validate the SFTP server, the Secondary Logon service on the client machine shouldn’t be Disabled and the SERVICE_ACCOUNT should have the “Allow log on locally” policy enabled.

If any of these conditions aren’t met the runas command will fail to execute.

If using local user account for the SFTPPlus service, run:

runas /user:SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT"

If using a domain user account for the SFTPPlus service, run:

runas /user:DOMAIN\SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT"

The runas command shouldn’t be ran with /noprofile parameter.

Note

If the security policies do not allow having the Secondary Logon service enabled or SERVICE_ACCOUNT local logon, these can be reverted to their required state once the SFTP server is successfully validated.

If you are using a public and private key authentication system make sure the keys are correctly configured on both server and client side. To add the fingerprint and check key authentication use:

Linux and Unix:

$ su -c '/opt/SFTPPlus-client/bin/psftp \
SERVER_ADDRESS -P SERVER_PORT -i PRIVATE_KEY_FILE.PPK' SERVICE_ACCOUNT

Windows:

runas /user:DOMAIN\SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT ^
-i PRIVATE_KEY_FILE.PPK"

Replace SERVER_ADDRESS, SERVER_PORT and PRIVATE_KEY_FILE.PPK with the corresponding information. SERVICE_ACCOUNT is the username SFTPPlus Client will be running under.

3.2.4. Validating remote FTPS servers ¶

The FTPS protocol uses the SSL and TLS protocol for secure communication and file transfer between the server and the client.

For verifying the identify of remote FTPS server, the SFTPPlus client uses a Certification Authority certificate and will connect only to servers that present an certificate issued by the same Certification Authority.

For proving the identify on the remote FTPS server, the SFTPPlus client uses client SSL certificates, and the remote FTPS server will only allow connections from clients having certificates issued by a configured Certification Authority.

We recommend storing all SSL certificates and keys in the /opt/SFTPPlus-client/pki folder.

The Certification Authority certificate file is specified using:

cacert =  global.path || 'pki/ca-cert.pem'

The client SSL certificate file is specified using:

clientcert = global.path || 'pki/client-cert-and-key.pem'

More information about working with SSL certificates can be found on the page describing common SSL, PKI and CA operations.

‹ 3.1. General configuration

3.3. File transfer ›

Send us feedback for this page.