SFTP Configuration and Management
- 13 Nov 2024
- 2 Minutes to read
- Print
- DarkLight
SFTP Configuration and Management
- Updated on 13 Nov 2024
- 2 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Security Setup
Install 1 SSH2 key per environment.
Do not share SSH2 keys across your organization.
Confirm firewall, VPN, or security policies do not block ports or protocols for SFTP and SSH.
Recommended Transmission Frequency
Drop files max every 15 minutes.
Pickup files max every 60 minutes.
Archive files every 60 days otherwise note Relay’s SFTP Folder Management Policy below.
Monitoring/Error Handling
Implement a retry policy if/when a file outbound or file inbound process fails.
Implement a notification policy to your internal technology team and forward this team email to Relay for the same purpose.
Know your 3rd party tools
Clients have used multiple, proprietary 3rd party tools with SFTP, such as Filezilla, Cyberduck, WinSCP, etc.
These tools have different settings and configurations that influence SFTP connectivity and authentication unbeknownst to Relay.
Relay does not support 3rd party tools. If you need additional troubleshooting guidance, reference the applicable help sites:
SFTP Folder Management Policy
It is the policy of Relay Network to maintain files within Relay controlled SFTP folders for 60 days. Files less than 60 days old will remain available in their respective folders for research, re-processing, re-delivery, or troubleshooting.
After 60 days,
input files in /dropoff and any of its sub-folders are deleted.
reports in /pickup/report are deleted.
reject files in /pickup and any of its sub-folders are deleted.
Clients should take the necessary steps to internally archive what is required.
Configuration Setup Detail
The Relay IP addresses:
Relay hosts 3 static IP addresses per environment, that can be whitelisted if required.
IP Addresses:
Production Static IPs: (sftpv3.relayzone.com)
54.163.151.214
3.212.186.15
35.168.138.224
Staging Static IPs (sftp-staging.relaystaging.com)
44.232.142.161
54.70.22.120
52.36.59.231
Relay’s Public PGP Key:
A PGP key is used for encryption/decryption, while an SSH key is used for authentication.
Relay will email Relay’s public PGP key to the client.
Relay’s public PGP key is used to encrypt the client’s customer data files that they send to Relay. (dropoff folders)
Relay will work with the client to test and confirm the PGP key works as expected.
Client will need to provide
SSH2 Keys
SSH2 keys are used for authentication to the SFTP site. Relay uses SSH2 for authentication rather than generic passwords for higher security.
It is preferred to have an SSH2 key per environment:
Production Environment
Staging Environment
After Relay receives and configures the keys for both environments, a username will be provided to the client. A combination of username and SSH2 key will be used to authenticate. No password is required.
We will test the connectivity by requesting a drop-off sample file for each file in use.
Both automated and manual file posting connectivity should be tested.
Client’s Encryption key
Relay will request the clients PGP or GPG (we support both) keys.
The file must be .asc format.
Once received, Relay will test and confirm the keys and add those to your client within the portal.
A sample file that will reject a record can be created to ensure the rejection files are automatically encrypted when delivered to the pickup/XXX folders.
Was this article helpful?