SFTP Server Connector

Version 20.0.7396

SFTP Server Connector

Each SFTP Server Connector defines a unique client profile that can be used to authenticate to the ArcESB SFTP Server.


The Arc SFTP Server is primarily configured in the application’s Profile page. Once the SFTP Server is configured, an SFTP Server Connector should be created for each user that should have access to the server. The SFTP Server Connector defines a user’s credentials (Username, Password and/or Public Key) and provides a unique home directory on the server.

Each user’s home directory contains a ‘Send’ folder, where clients can download files, and a ‘Receive’ folder, where clients can upload files. These folders can be renamed in the Advanced section of the SFTP Server Connector configuration panel. SFTP clients are not given permissions to the root of the SFTP Server, meaning that SFTP clients should always cd into the ‘Send’ (to download) or ‘Receive’ (to upload) directories after connecting.

The SFTP Server also supports Windows/AD authentication; more details can be found in the Windows Authentication section.

Profile Configuration

The SFTP Server Profile must be configured before connections can be established with individual SFTP Server connectors.

SFTP Server Tab

Server Configuration

Server implementation settings.

  • Port The port on which the SFTP Server will listen for incoming connections.
  • Server Certificate The certificate that identifies the server.
  • Certificate Password The password required to access the Server Certificate.
  • Login Banner The banner to be presented to SFTP clients when connecting to the server.
  • Root Directory The root directory for the server. Subfolders will be created within the root for individual client profiles (i.e. for each configured SFTP Server connector). Each client profile includes a Send Folder, where clients can download files from the server, and a Receive Folder, where clients can upload files to the server.
  • Allowed Files Filter A glob pattern that determines which files will be accepted by the SFTP server. Multiple patterns can be specified in a comma-delimited list (e.g. *.x12,*.edi), and negative patterns can be specified to exclude certain file patterns (e.g. -*.txt).
  • Use Windows Authentication If enabled, Windows/AD authentication is used in place of individual SFTP Server connectors. Please see the Windows Authentication section for more information.


Settings related to server logging.

  • Enable Server Log Whether to maintain server-side logs for incoming SFTP connections.
  • Log Debug Info Whether to log additional information about SFTP connections and transmissions that are useful for debugging.
  • Rotate Log Files The number of days that the server should maintain a logfile before a new file is started.
  • Delete Log Files The number of days that the server should maintain logs before the logfile is deleted.

Connector Configuration

After the SFTP Server Profile has been configured, SFTP Server connectors can be created in the Flows page and configured for a specific trading partner.

Settings Tab

User Configuration

Credentials for authenticating to the local SFTP server.

  • User The username credential for logging in to the local SFTP server.
  • Authentication Mode The type of authentication to use with the SFTP server.
  • Password The password credential for logging in to the SFTP server.
  • Public Key The public key certificate corresponding to the private certificate the client will use during public key authentication.


Settings related to the read/write permissions the configured client has for the Send and Receive folders.

  • Send Directory Permissions Whether the client should have read/write permissions for the Send directory, where files should be downloaded.
  • Receive Directory Permissions Whether the client should have read/write permissions for the Receive directory, where files should be uploaded.

Advanced Tab

Local Folders

Settings related to the folders where clients will upload and download files.

  • Send Folder Files placed in the Send folder are available to be downloaded by clients.
  • Receive Folder Files uploaded by the client should be placed in the Receive folder. Files will remain in the Receive folder or be passed along to the next connected connector in the flow.

Other Settings

Settings not included in the previous categories.

  • Move File After Send Whether files in the Send folder should be moved to the Sent folder after they are downloaded by the client.
  • Log Debug Info Whether enhanced logging is enabled for the connector. When requesting support, it is recommended to generate a debug log and provide this along with the support request.
  • Parent Connector The connector from which settings should be inherited, unless explicitly overwritten within the existing connector configuration. Must be set to a connector of the same type as the current connector.
  • Temp Receive Extensions Files with a matching extension are not recorded in the Receive table and do not fire the After Receive event until after they are renamed. Specified as a comma-delimited list of extensions.
  • Allowed Files Filter A glob pattern that determines what files can be uploaded to directories for this user. Overrides the setting of the same name in the SFTP Profile page when specifying filters per-user is required. Multiple patterns can be specified in a comma-delimited list (e.g. *.x12,*.edi), and negative patterns can be specified to exclude certain file patterns (e.g. -*.txt).
  • Timeout The duration the server will wait for a connection response before throwing a timeout error.
  • Log Messages Whether the log entry for a processed file will include a copy of the file itself.
  • Save to Sent Folder Whether files processed by the connector should be copied to the Sent folder for the connector.

Establishing a Connection

Each configured SFTP Server connector represents a single trading partner’s connection parameters. The trading partner should connect to the SFTP server using the server settings from the Profile page (port, server certificate, etc) and the authentication settings in the dedicated SFTP Server connector (User, Password).

Each trading partner has a separate pair of Send and Receive directories that are subfolders of the root. The partner should download files from the Send folder and upload files to the Receive folder. The client is not permitted to upload or download files from the root.

Windows Authentication

When Windows Authentication is enabled in the SFTP Server Profile tab, individual SFTP Server connectors are not required to grant login access to the SFTP Server. Instead, the Windows Security Group that should be granted access to the server is specified within the SFTP Server profile.

WHen using Windows Authentication, the Root Directory profile setting supports the %User% and %Domain% macros to establish separate root directories for separate users within the security group. When using Windows Authentication, users are permitted to upload/download files in the root directory (note that this is not true when using SFTP Server connectors for authentication).

Once files are uploaded to the user-specific folder, they can be entered into the Arc flow using file operations within a Script connector, or by setting the Send/Input Folder for a connector to the user-specific folder where files will be uploaded.