SFTP Overview

EXCHANGE offers another type of file transfer in a secure manner via the Internet for NON EDI-X12 files. This document will serve to outline the information necessary for file transmissions to/from the EXCHANGE.

Connectivity and Transmission Protocols

Client connectivity to/from the EXCHANGE:

  • Internet

InternetThis can be supported by using SFTP over your internet connection.

Or EXCHANGE can SFTP connect to the client’s SFTP server to initiate the push/get file transfer.

Access Method




DNS Name / Host IP Address

Port Number

DNS Name / HostIP Address

Port Number






NOTE:  IP addresses are provided for the purpose of client firewall configuration.  EXCHANGE recommends the use of DNS names wherever possible.

User Sign-On

Access to the EXCHANGE SFTP server requires the authentication of users of Public Key Authentication.  This information will be provided to clients during the installation phase.  The UserID will follow the format below.

UserID format:      svc_clientname

Public Key Authentication

Clients may utilize Public Key Authentication (also called non-interactive authentication via the use of SSH Identities) if they connect using the Secure File Transfer Protocol (i.e. SFTP) via SSH.  This method of authentication eliminates the need for clients to reset their password every 60 days.  Clients will need to generate a key pair on their server and send the public key to the EXCHANGE.  EXCHANGE will load the client’s public key to the assigned SFTP server. 


Transmitting Files

Uploading to Exchange

Clients have the option to “push” files to EXHANGE. 

EXCHANGE supports incoming files in text format, compressed format (i.e. gzip files) or PGP-encrypted format.  All transmission methods supported by EXCHANGE are secure protocols where the “path” or “tunnel” is encrypted so PGP file encryption is optional.  However, PGP file encryption is supported for those clients wishing files “at rest” to be encrypted as well.  Zip files should have a ‘.gzip’ file extension however cannot be used simultaneously with PGP encrypted file.    Encrypted files must have a  ‘pgp’ file extension.  Upon initial set-up, EXCHANGE will send their PGP public key to the client so the client can encrypt their incoming file if they choose to do so. 

Downloading from exchange

Clients have the option “pull” files from EXCHANGE.  Files that are pulled from the EXCHANGE must be deleted after successfully transmission by the client.
Clients may choose to have output files “pushed” and “pulled” from their SFTP server.  The following information will be needed to configure this option. 

SFTP (SSH) Information needed for File “PUSH” OR “PULL”



Host / DNS Name:

The Host URL or DNS Name of the client’s server.


The port number to connect to.

File Path:

The final path to transmit the file to.

File Name:

Preferable to allow date timestamp to be included in the filename.


The UserID on the client’s server.

Method of SSH supported:

Does the client support OpenSSH.

SFTP via SSH file push requires the use of Public Key Authentication (sometimes called non-interactive authentication via the use of SSH Identities).  EXCHANGE will send a public key to the client.  The client will have to load this key to their server(s).

File Encryption

EXCHANGE provides support for PGP encryption to add an additional layer of security.  If clients wish to utilize file encryption, EXCHANGE will provide their public PGP key to the client for files transmitted to the EXCHANGE.  Clients will need to provide their public PGP key to EXCHANGE for those files that the client will receive. 

File Retention

All files transmitted into or out of the EXCHANGE will be deleted and no data will be stored. 

Contact Information

Please contact the EXCHANGE group email IT-EDI@aafes.com for any assistance regarding your production files. 

Back to top