The SFTP Gateway service can be implemented with either Password authentication or Public Key exchange authentication.
The fields for the SFTP Gateway service are as seen in the following figure.
The additional fields for the SFTP Gateway service when authentication method is Public Key are as seen in the following figure.
Before you begin
Ensure that the following pre-requisites are complete before you start using the SFTP gateway with Public Key authentication method.
The SFTP client Public Key must be available and upload to the Certificates screen in the ESA Web UI.
The DSG Public Key and Private Key must be generated and uploaded to the Certificates screen in the ESA Web UI.
The DSG Public Key must be uploaded to the SFTP server.
Ensure that the DSG Public Key is granted 644
permissions on the SFTP server.
The DSG supports RSA keys. Ensure that only RSA keys are uploaded to the ESA/DSG Web UI.
The following table describes the additional fields relevant for the SFTP Gateway service.
SFTP tunnel automatically sets the user identity with an authenticated username. Thus, subsequent calls to Protegrity Data Protection transformations actions are done on behalf of the authenticated user.
The following SFTP commands are not supported.
df
chgrp
chown
Field | Sub-Field | Description | Default (if any) | Notes |
---|---|---|---|---|
Streaming | Enabling streaming lets you process a payload in smaller chunks that are broken based on delimiters defined and processed as they are chunked. Using streaming, you no longer must wait for the entire payload to process, and then transmitted.List of file processing delimiters to process file using streaming. | Chunk size - 64 kBIf you want to change the chunk size, modify the chunk_size parameter in the Inbound Settings for the tunnel. | The Text, CSV, and Binary payloads are supported. If you want to use XML/JSON payload with streaming, ensure you use the Text payload for extract rule. | |
Filename | Regular Expression to look for in the payload before applying streaming (e.g. \.csv$). Streaming is applied only to requests where URI matches the regex pattern. | Click Test Regex to verify if the regex expression is valid. | ||
Delimiter | Regular Expression used to delimit stream. Rules will be invoked on delimited streams. | Click Test Regex to verify if the regex expression is valid. If the delimiter value is not matched, then the data will be processed in non-streaming mode. | ||
User Authentication Method | SFTP authentication method used to communicate between client and server. | |||
Password | Enables password authentication for communication. You must enter password, when prompted, while initiating connection with the SFTP server. | |||
Public Key | Enable Public Key method for communication. The SFTP client shares its Public Key with the gateway and the gateway shares its Public Key with the SFTP server. This enables password-less communication between SFTP client and server when gateway is the intermediary.Ensure that the pre-requisites are completed before you start using the SFTP gateway. | |||
Inbound Push Public Keys file | Specifies the file name for the SFTP client Public Key. | |||
Outbound Push Private Key file | Specifies the file name for the Gateway Private Key. | |||
Outbound Push Private Keys file passphrase | Enter the passphrase for DSG Private Key. If no value is entered for encrypting the private key, the passphrase value is null . | |||
Outbound Transport Settings | Additional outbound settings that you want to parse during SFTP communication. |
The options for the Outbound Transport Settings field in the SFTP Gateway are described in the following table.
Options | Description | Default (if any) |
---|---|---|
window_size | SSH Transport window size. The datatype for this option is bytes. | 3145728 |
use_compression | Toggle SSH transport compression. | TRUE |
max_request_size | Set the maximum size of the message that is sent during transmission of a file.The maximum limit for servers that accept message size more than the default value is 250 KB. | 32768 |
enable_setstat | Set to False when using the AWS Transfer for SFTP as the SFTP server. | True |