Troubleshooting Outbound SFTP

Troubleshooting SFTP Outbound Connections

Most of the time, outbound SFTP connection issues are caused by one of the following things:

One of the most common issues are Firewall related, Firewalls or other restrictions on the remote server that require an IP address need to be whitelisted.

The outbound server doesn't actually accept SFTP (try FTP instead, with the secure option turned on).

Wrong port, hostname, or other settings.

Please check with your counterparty about any IP Address restrictions or whitelisting that may be in place. If any is in place, please read and follow the below instructions carefully:

If you have a Custom Domain installed on your site, that means Files.com has provisioned two dedicated IP addresses for your site and it will use them by default for outbound connections to the remote server. Provide these 2 IP addresses to your counterparties and ask them to whitelist them in any applicable firewall.

If you do not have a Custom Domain installed on your site, you do not have Dedicated IP Addresses provisioned for your site and Files.com will use its entire pool of IP addresses for connecting outbound to the remote server. If your counterparties maintain an IP Address whitelist, you will need to have them whitelist all of the IPs on this list.

Customers often ask for Dedicated IP addresses as a way to avoid having to ask their counterparty to whitelist a huge list of IP addresses.

We are able to offer that for Remote Server connection purposes via somewhat of a backdoor method, which is adding a Custom Domain to your site. Having a custom domain provides a justification for the dedicated IP address.

Files.com automatically provisions a pair of dedicated IP addresses for every site that has a custom domain enabled. We do that because FTP, unlike HTTP, requires that every custom domain be hosted on a dedicated IP address in order to have a custom SSL Certificate that matches the domain.

This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses. rather than having to whitelist our entire published list of IP addresses (see above).

Dedicated IPs, once provisioned, are used for both inbound connections to your site via your custom domain, as well as outbound connections from Files.com to certain applicable Remote Servers that are used for Remote Server Sync and Remote Server Mount.

By default, Files.com will use your dedicated IP addresses for outbound connections to FTP, SFTP, WebDAV, and S3 Compatible remote servers. However, you can disable the use of your dedicated IP in these circumstances if you need to. (You might do that if your counterparty has already whitelisted the main Files.com IP range, for example.)

Connections made to a remote SFTP server will use the algorithm cipher that is agreed upon by both Files.com and the remote system. Files.com will present a list of algorithm ciphers, starting with the strongest and ending with the weakest, to the remote SFTP server but it is the remote server that decides exactly which algorithms are used for Key Exchange, Server Host Key, Encryption, and MAC. Contact the administrator of the remote SFTP server to determine which SSH algorithm ciphers are supported by that system.