SFTP gateway

About the SFTP gateway fields.

The SFTP Gateway service can be implemented with either Password authentication or Public Key exchange authentication.

The fields for the SFTP Gateway service are as seen in the following figure.

The additional fields for the SFTP Gateway service when authentication method is Public Key are as seen in the following figure.

Before you begin

Ensure that the following pre-requisites are complete before you start using the SFTP gateway with Public Key authentication method.

  • The SFTP client Public Key must be available and upload to the Certificates screen in the ESA Web UI.

  • The DSG Public Key and Private Key must be generated and uploaded to the Certificates screen in the ESA Web UI.

  • The DSG Public Key must be uploaded to the SFTP server.

    Ensure that the DSG Public Key is granted 644 permissions on the SFTP server.

    The DSG supports RSA keys. Ensure that only RSA keys are uploaded to the ESA/DSG Web UI.

The following table describes the additional fields relevant for the SFTP Gateway service.

SFTP tunnel automatically sets the user identity with an authenticated username. Thus, subsequent calls to Protegrity Data Protection transformations actions are done on behalf of the authenticated user.

The following SFTP commands are not supported.

  • df
  • chgrp
  • chown
FieldSub-FieldDescriptionDefault (if any)Notes
Streaming Enabling streaming lets you process a payload in smaller chunks that are broken based on delimiters defined and processed as they are chunked. Using streaming, you no longer must wait for the entire payload to process, and then transmitted.List of file processing delimiters to process file using streaming.Chunk size - 64 kBIf you want to change the chunk size, modify the chunk_size parameter in the Inbound Settings for the tunnel.The Text, CSV, and Binary payloads are supported. If you want to use XML/JSON payload with streaming, ensure you use the Text payload for extract rule.
 FilenameRegular Expression to look for in the payload before applying streaming (e.g. \.csv$). Streaming is applied only to requests where URI matches the regex pattern.Click Test Regex to verify if the regex expression is valid.
 DelimiterRegular Expression used to delimit stream. Rules will be invoked on delimited streams.Click Test Regex to verify if the regex expression is valid.
If the delimiter value is not matched, then the data will be processed in non-streaming mode.
User Authentication Method SFTP authentication method used to communicate between client and server. 
 PasswordEnables password authentication for communication. You must enter password, when prompted, while initiating connection with the SFTP server. 
 Public KeyEnable Public Key method for communication. The SFTP client shares its Public Key with the gateway and the gateway shares its Public Key with the SFTP server. This enables password-less communication between SFTP client and server when gateway is the intermediary.Ensure that the pre-requisites are completed before you start using the SFTP gateway. 
 Inbound Push Public Keys fileSpecifies the file name for the SFTP client Public Key.
 Outbound Push Private Key fileSpecifies the file name for the Gateway Private Key.
 Outbound Push Private Keys file passphraseEnter the passphrase for DSG Private Key. If no value is entered for encrypting the private key, the passphrase value is null. 
Outbound Transport Settings Additional outbound settings that you want to parse during SFTP communication. 

The options for the Outbound Transport Settings field in the SFTP Gateway are described in the following table.

OptionsDescriptionDefault (if any)
window_sizeSSH Transport window size. The datatype for this option is bytes.3145728
use_compressionToggle SSH transport compression.TRUE
max_request_sizeSet the maximum size of the message that is sent during transmission of a file.The maximum limit for servers that accept message size more than the default value is 250 KB.32768
enable_setstatSet to False when using the AWS Transfer for SFTP as the SFTP server.True