Adding a Global SFTP/SCP Service

Using MFT Server, both SFTP and SCP are provided through a single service - SFTP/SCP.

 

SCP is similar to SFTP in that it also runs over SSH and has its security capabilities. However, SCP is only designed specifically for file transfers. Unlike SFTP, it doesn't have the ability to create directories, list directories, delete directories, delete files, and so on.

 

To add an SFTP/SCP global service, navigate to the Settings > GLOBAL SERVICES > Listeners > Listeners tab and click the Add button.

 

When the Global Service Protocol dialog appears, expand the Protocol drop-down list and select SFTP/SCP. After that, click OK.

 

That will bring up the Add "SFTP/SCP" Global Service dialog, as depicted in the image below.

 

 

 

Specify the following settings:

 

Host/IP - The IP address that this service will listen on. 0.0.0.0 means any available IPv4 IP address/network interface on the physical server, while :: means any available IPv4 or IPv6 IP address.

 

Port - The port number that this service will listen on. The default port number of SFTP/SCP is 22.

 

Private Key - The private encryption key that SFTP/SCP will use for encrypted communications. This is sourced from the Keys module in the top menu bar.

 

Authentication - Choose among:

 

  • password

  • publickey

  • password OR publickey

  • password AND publickey

 

Password AND publickey are considered 2-factor authentication.

 

For more information, see Setting SFTP/SSH authentication mode

 

Click Add or Add/Start to proceed.

 

The newly added SFTP/SCP service will be added to Settings > GLOBAL SERVICES > Listeners > Listeners  grid. If you selected Add/Start, the service will have a status of running if no errors were encountered.

 

In most cases, these settings will suffice. For those who wish to customize their SFTP/SCP service even further, there are more advanced settings for SFTP/SCP in the Settings > GLOBAL SERVICES > Listeners > SFTP/SCP tab. For more information about these settings, see below.

 

 

Software version - The SSH version banner displayed when connecting.  Note, it is important that this not contain any spaces.

 

Startup banner - The banner to display to SFTP clients prior to displaying SSH version banner.

 

Authentication banner - The banner to display to SFTP clients prior to displaying authentication prompt.

 

Connection timeout - The time in minutes that client connection may remain inactive before server forcefully disconnects client.

 

Connection send buffer - The size of send buffer.  Default is send buffer size for JVM.

 

Connection receive buffer - The size of receive buffer.  Default is the receive buffer size for JVM.

 

Enable TCP_NODELAY - When checked, this setting disables Nagle's algorithm

 

TCP Backlog - This option allows you to set the OS internal queue for incoming TCP connection initialization packets.

 

Disable expanded longname format for SSH_FXP_REALPATH - May be required for some SFTP clients that cannot handle long paths in SSH_FXP_REALPATH packets.

 

Algorithms - Lists all algorithms and ciphers, their order of preference and whether they are enabled.