Electronic Data Interchange
sFTP Communication Protocol
sFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. sFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and authenticates both the server and the user.
Features of sFTP :
- It encrypts the data.
- It executes the command.
- It secures and compresses the data for transmission.
- It provides authentication to username and password.
- It improves uploading and downloading files functionality.
- It also provides authentication to the public key.
sFTP Trading Partner – Process Setup:
| FTP Details | Test Environment | PRD environment |
|---|---|---|
| Host Name | < Test sFTP Server Domain Name > | < PRD sFTP Server Domain Name > |
| (Bunch of) IP Address | Set of Test sFTP Server IP address | Set of PRD sFTP Server IP address |
| User Name | < Test sFTP Server User Name > | < PRD sFTP Server User Name > |
| Password | < Test sFTP Server Pass Auth > | < PRD sFTP Server Pass Auth > |
| Public SSH | < Test Env Public SSH Key > To be shared with Trading partner when establishing connection | < PRD Env Public SSH Key > To be shared with Trading partner when establishing connection |
| Private SSH | < Test Env Private SSH Key > Not to be shared with any Trading partner | < PRD Env Private SSH Key > Not to be shared with any Trading partner |
| Port No | < Test sFTP Server Port No > Port no 22 is always used in sFTP | < PRD sFTP Server Port No > Port no 22 is always used in sFTP |
| Folder Details | Separate Folder – Inbound Flows Separate Folder – Outbound Flows | Separate Folder – Inbound Flows Separate Folder – Outbound Flows |
sFTP Authentication – Types
- SSH Authentication: This uses SSH key to authenticate sFTP connection instead of usual user ID and password.
- Basic Authentication: This requires just user ID and password from sFTP client user to connect to the sFTP server.
sFTP Working:
sFTP used port no 22 which represents SSH server. It is convenient that sFTP uses only one port because administrators spend less time configuring firewalls to allow sFTP transfers.
Below are two vital points to know about sFTP
- Before Any files are transmitted through sFTP, the connection is encrypted
- There is no way to send files through sFTP communication protocol – Unencrypted.
Three step working process of sFTP
Step 1: Verification of client by Server:
When sFTP client initiates a connection, it starts by verifying the server identity by below two possible scenario
- Verifying the public key manually when the client sFTP server is accessing the sFTP server for the first time.
- Without any manual or user intervention, the client sFTP server validates the sFTP server when tried not for the first time.
Step 2: SSH Session Key Generation:
The sFTP client server and sFTP server agree on a session key that will encrypt and decrypt the data. This key is randomly generated and known as “symmetric key” because it is used for encryption and decryption
Step 3: The server Authenticates the client:
The server authenticates the client using an SSH key pair. A key pair is made of a public key, which both parties know, and a private key, which should only be known to the right client.
To verify that the client has the right private key, the server uses a random number it picks and the shared session key. It calculates the MD5 hash of this value. (MD5 is a hashing algorithm that produces a unique, fixed-length string.)
If the client’s MD5 hash matches the server’s, it proves that the client has the private key. SSH authentication is complete.
sFTP Communication Protocol Testing:
In sFTP Protocol testing, we need to get Domain name and SSH key of the trading partner system ready.
For sending test files from our sFTP to trading partner sFTP, we need a sFTP Push and for grabbing files from Trading partner sFTP server to our sFTP, we need sFTP Pull.
“sFTP push” – If we are successful enough to send files to the trading partner sFTP server – directory, then this sFTP communication testing is successful. We will be keying in sFTP URL and Trading partner credentials either their Public key or password shared along with public key with port no 22. If we are able to login into the trading partner server and try to push files through a secure tunnel connection, then the “sFTP Push” step is successful.
“sFTP Pull” – By creating one more fresh successful sFTP connection or in the same previous sFTP connection, if we are able to pull and retrieve a plain text file, ‘sFTP Pull” is completed.
Advantages of sFTP
- Speed and Efficiency – sFTP limits lots of file transfer time by supporting large file transfers easily and also multiple files transfer in one shot.
- Data Security – Several security measures like Single-Port Transfer, Data Encryption, Authentication, Data Integrity Checks are made available through sFTP file transfer
- Achieving Compliance – Regulations like HIPAA, GDPS need encryption as basic criteria to get certified for file transfer. sFTP is one of the cheapest way to achieve this.
DisAdvantages of sFTP
- Difficult to Manage – Too Many protection secure layers makes it difficult to manage.
- Security Threat – As the sftp file transfer is made only through one single port no, it becomes vulnerable for cyber attacks.
- No record for acknowledgements – There is no proof for sharing if file has been transferred without any data loss to trading partner system
Categories
- Artificial Intelligence (1)
- Business Intelligence (12)
- Cloud computing (1)
- Digital Data Analytics (3)
- Electronic Data Interchange (27)
- Internet of Things (1)
- Mobile app (1)
Recent post
