SFTP (NON EDI-X12)
SFTP Overview
EXCHANGE offers another type of file transfer in a secure manner via the Internet for NON EDI-X12 files. This document will serve to outline the information necessary for file transmissions to/from the EXCHANGE.
Connectivity and Transmission Protocols
Client connectivity to/from the EXCHANGE:
- Internet
Internet – This can be supported by using SFTP over your internet connection.
Or EXCHANGE can SFTP connect to the client’s SFTP server to initiate the push/get file transfer.
Access Method |
NON-PCI |
PCI |
||
Internet |
DNS Name / Host IP Address |
Port Number |
DNS Name / HostIP Address |
Port Number |
SFTP via SSH |
esftp.aafes.com |
22 |
sftp.aafes.com |
22 |
NOTE: IP addresses are provided for the purpose of client firewall configuration. EXCHANGE recommends the use of DNS names wherever possible.
User Sign-On
Access to the EXCHANGE SFTP server requires the authentication of users of Public Key Authentication. This information will be provided to clients during the installation phase. The UserID will follow the format below.
UserID format: svc_clientname
Public Key Authentication
Clients may utilize Public Key Authentication (also called non-interactive authentication via the use of SSH Identities) if they connect using the Secure File Transfer Protocol (i.e. SFTP) via SSH. This method of authentication eliminates the need for clients to reset their password every 60 days. Clients will need to generate a key pair on their server and send the public key to the EXCHANGE. EXCHANGE will load the client’s public key to the assigned SFTP server.
Transmitting Files
Uploading to Exchange
Clients have the option to “push” files to EXHANGE.
EXCHANGE supports incoming files in text format, compressed format (i.e. gzip files) or PGP-encrypted format. All transmission methods supported by EXCHANGE are secure protocols where the “path” or “tunnel” is encrypted so PGP file encryption is optional. However, PGP file encryption is supported for those clients wishing files “at rest” to be encrypted as well. Zip files should have a ‘.gzip’ file extension however cannot be used simultaneously with PGP encrypted file. Encrypted files must have a ‘pgp’ file extension. Upon initial set-up, EXCHANGE will send their PGP public key to the client so the client can encrypt their incoming file if they choose to do so.
Downloading from exchange
Clients have the option “pull” files from EXCHANGE. Files that are pulled from the EXCHANGE must be deleted after successfully transmission by the client.
Clients may choose to have output files “pushed” and “pulled” from their SFTP server. The following information will be needed to configure this option.
SFTP (SSH) Information needed for File “PUSH” OR “PULL”
Value |
Description |
Host / DNS Name: |
The Host URL or DNS Name of the client’s server. |
Port: |
The port number to connect to. |
File Path: |
The final path to transmit the file to. |
File Name: |
Preferable to allow date timestamp to be included in the filename. |
UserID: |
The UserID on the client’s server. |
Method of SSH supported: |
Does the client support OpenSSH. |
SFTP via SSH file push requires the use of Public Key Authentication (sometimes called non-interactive authentication via the use of SSH Identities). EXCHANGE will send a public key to the client. The client will have to load this key to their server(s).
File Encryption
EXCHANGE provides support for PGP encryption to add an additional layer of security. If clients wish to utilize file encryption, EXCHANGE will provide their public PGP key to the client for files transmitted to the EXCHANGE. Clients will need to provide their public PGP key to EXCHANGE for those files that the client will receive.
File Retention
All files transmitted into or out of the EXCHANGE will be deleted and no data will be stored.