SSH transfer sites

Note SSH keys generated with the Digital Signature Algorithm (DSA) cannot be used to authenticate SSH transfer sites.

By default, a server-initiated transfer using SSH and a pattern with a wildcard character does not create an extra empty file. To allow a temporary zero-byte file to be created, set the ZeroByteWildcardPullAllowed server configuration parameter to true.

Configuration options

Configuring a SSH protocol transfer site consists of making selections and completing fields for the following:

Site settings

The following table describes the site settings options for a SSH protocol transfer site.

Field Description
Site Settings
Server The host name or IP address of the remote server to connect to for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Port The port on the remote server to be used for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Network Zone

The network zone that defines the proxies to use for transfers through this site.

  • Select none to connect directly to the remote SSH server.
  • Select any to allow SecureTransport to select the proxy connection using a network zone that enables an SOCKS5 proxy.
  • Select Default to use the default network zone proxy configuration. If no default is network zone is defined, transfers from this transfer site fail.
  • Select a specific network zone to use the proxy configuration defined for that zone.

For more information, see Specify TM Server communication ports and IP address for protocol servers on SecureTransport Edge.

Download Folder

The folder on the remote server from which the file are transferred.

Select download folder Advanced Expression to use expression language to evaluate the download folder.

To use the expression language to append dates:

The download folder will be evaluated using the current date when the transfer site is being executed. For example folder_20150130.

Example:

folder_${date("yyyyMMdd")}

Download Pattern Type Select one of two types: Regular Expression or File Globbing. For regular expression syntax, see Regular expressions. File globbing uses simple wildcards to specify a pattern. A question mark (?) matches any one character. An asterisk (*) matches any number of characters.
Download Pattern

The pattern used to match file names to determine whether a file is downloaded.

Select download pattern Advanced Expression to use expression language to evaluate the download pattern.

Using it together with File Globbing Pattern Type selected:

The download pattern will be evaluated using the current date when the transfer site is being executed. For example *_20150130.txt. This will match all files ending with _20150130.txt.

Example:

*_${date("yyyyMMdd")}.txt

Using it together with Regular Expression Pattern Type selected:

The download pattern will be evaluated using the current date when the transfer site is being executed. For example *[a-z]_20150130.txt. This will match all files starting with any combination of letters from a to z and ending with _20150130.txt.

Example:

*[a-z]_${date("yyyyMMdd")}.txt

Allow Overwrite Taken into account when the site is used by Send To Partner step. If checked the value of "Upload folder" will be overwritten with the value of "Overwrite upload folder". For more details see Advanced Routing.
Upload Folder The folder on the remote server to which files are transferred.
Upload Permissions Sets permission of the remote file during SFTP push.

Transfer settings

The following table describes the transfer settings options for a SSH protocol transfer site.

Field Description
Transfer Settings
Transfer Mode Specify whether data is transferred as ASCII or binary. You can also choose to have SecureTransport automatically determine the correct transfer mode. For more information about automatically determining transfer mode, see Client-initiated and server-initiated transfers.
Verify Fingerprint for this Site Select this check box to require SecureTransport to verify the fingerprint for the SSH key against the value you specify below. If the values do not match, the connection is refused.
Fingerprint

The value against which you want to verify the fingerprint from the remote server.

If the partner SSH server has both DSA and RSA keys configured, the fingerprint that SecureTransport must verify for a server-initiated transfer depends on FIPS transfer mode. With FIPS transfer mode enabled, enter the fingerprint for the DSA key. With FIPS transfer mode disabled, enter the fingerprint for the RSA key.

Note The fingerprint value must start with an MD5 formatted hashing algorithm name in the following format: MD5:<certificate_ssh_fingerprint_hash>

Example:

MD5:2d:d2:3d:32:d2:24:f2:2s:1a:2s:1a:23:af:e1:4s:3f

Enable FIPS Transfer Mode

Restrict SSH to use only FIPS 140-2 Level 1 certified cryptographic libraries.

The sender and the recipient must use the ciphers and ciphers suites listed in FIPS transfer mode. If the sender and the recipient do not provide the required ciphers and ciphers suites SecureTransport does not complete the transfer.

Site login credentials

The following table describes the site login credentials options for a SSH protocol transfer site.

Field Description
Site Login Credentials
User Name Username used to log in to the SSH server. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Use Password Select to use a password to log in to the SSH server.
Password Password used to log in to the SSH server.
SSH Key The certificate used to identify the user logging in. You can select a certificate or import a certificate.

Network settings

The following table describes the network settings options for a SSH protocol transfer site.

Field Description
Network Settings
Connection Read/Write timeout The maximum number of seconds the server waits to read a block of data from the partner server, or write a block of data to the partner server. If not specified, its value is 300 seconds. This option corresponds to the SO_RVCTIMEO and SO_SNDTIMO Socket options.
Connection Read Buffer Size The size of the receive buffer in bytes used by the socket open for the transfer. It is used by the platform's networking code as a hint for the size to set the underlying network I/O buffers. Increasing the receive buffer size can increase the performance of network I/O for high-volume connections, while decreasing it can help reduce the backlog of incoming data. This value is also used to set the TCP receive window that is advertized to the remote peer. This option corresponds to the SO_RCVBUF. The value should be a positive integer.
Connection Write Buffer Size The size of the send buffer in bytes used by the socket open for the transfer. It is used by the platform's networking code as a hint for the size to set the underlying network I/O buffers. This option corresponds to the SO_SNDBUF. The value should be a positive integer.
Local Filesystem Buffer Size The size of the buffer in bytes used for reading from the local file system when performing the transfer.
SFTP Message Block Size The SFTP block size value used for the transfer.
Enable TCP_NODELAY Enable or disable Nagle's algorithm for the transfer.

Post transmission send settings

The following table describes the post transmission send settings options for a SSH protocol transfer site.

Field Description
Post Transmission Settings
Send Options
Send File As Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name.
On Temporary Failure

A temporary failure can occur when the transfer is incomplete and a retry occurs. Select one of the three choices: No Action, Delete Destination File, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Destination File removes the file from the new location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.

On Failure A failure occurs when the transfer is incomplete and all retry attempts were unsuccessful. Select one of the three choices: No Action, Delete Destination File, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Destination File removes the file from the new location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.
On Success

Select one of the choices: No Action, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.

Select Allow Overwrite to allow the file move to overwrite an existing file. If Allow Overwrite is not selected, a file transfer that attempts to overwrite an existing file fails.

Allow Overwrite Existing File When enabled and the rename operation fails because the target file exists, SecureTransport will delete the target file and repeat the rename operation.
Note To preserve the original file name when using the Move File To option, use the ${stenv.target} or ${stenv['target']} expression.

Post transmission receive settings

 

The following table describes the post transmission receive settings options for a SSH protocol transfer site.

Field Description
Post Transmission Settings
Receive Options
Receive File As Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name when the transfer is received. You can use the SecureTransport-specific variable ${stenv.site_target} which takes the value from the remote file path. see Expression Language for information on -specific variables.
On Failure A failure occurs when the transfer is incomplete and all retry attempts were unsuccessful. Select one of the three choices: No Action, Delete Source File, or Move File To. Selecting No Action causes the file to stay in the original location. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Source File removes the file from the original location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files from and to provide an expression used to rename the file. To preserve the original file name you can use the SecureTransport-specific named variable ${stenv.target}.
On Success

Select one of the three choices: No Action, Delete Source File, or Move File To. Selecting No Action causes the file to stay in the original location. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Source File removes the file from the original location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files from and to provide an expression used to rename the file.

 Allow Overwrite Existing File When enabled and the rename operation fails because the target file exists, SecureTransport will delete the target file and repeat the rename operation.
Note To preserve the original file name when using the Move File To option, use the ${stenv.target} or ${stenv['target']} expression.

Related topics:

Related Links