SFTP (Outbound to a Remote)


In addition to Files.com's built in SFTP capabilities for accepting inbound connections via the SFTP protocol, Files.com also supports connecting outbound to other services via SFTP, FTP, WebDAV, or any other outbound connection supported by Files.com.

You can even complete the loop and connect to Files.com via SFTP and have Files.com proxy that connection out to another service also using SFTP.

Files.com's Remote Server Mount feature gives you the ability connect a specific folder on Files.com to the remote server in a real time manner.

That folder then becomes a client, or window, accessing the files stored in your remote server or cloud.

Once you configure a Mount, any operation you perform on or inside that folder will act directly on the remote in real time. Whether you are dropping a file into that folder, deleting a file, creating a subfolder, or performing any other file/folder operations your Files.com user has permissions for, those operations will "pass through" to the remote in real time.

This powerful feature enables a wide variety of use cases such as:

  • accessing files on a counterparty (client or vendor)'s cloud without provisioning individual access to individual users.
  • reducing storage costs by leveraging on-premise or bulk storage solutions
  • enabling applications to access 3rd party clouds via Files.com API, FTP, SFTP, or Files.com Apps
  • and many more

Alternatively, Files.com's Remote Server Sync feature give you the ability to push or pull files to or from remote servers. This means that the files will exist in both places at the end of the sync process.

A remote sync can be a "push", where files from your Files.com site are transferred to the remote server, a "pull" where files are transferred from the remote server to your Files.com site, or a two-way "sync" where files that are new or changed in either location are pushed and pulled to maintain a synchronized state between the folder on your Files.com site and that on the remote server.

This integration requires Files.com's Enterprise Connectivity Add-on, which is included for free on the Premier or Enterprise plan.

Add a Remote Server Using the SFTP Protocol

Go to Settings > Integrations and scroll to Remote servers. If you do not see the remote server connection you wish to use listed, click the Add new remote server button and select SFTP.

Port

Most of the time, the default port value of 22 should be used for SFTP. Only use an alternate port if you know the remote server requires it.

IP Addresses Used For Connection

If you have a Custom Domain installed on your site, that means Files.com has provisioned two dedicated IP addresses for your site and it will use them by default for outbound connections to the remote server. Provide these 2 IP addresses to your counterparties and ask them to whitelist them in any applicable firewall.

If you do not have a Custom Domain installed on your site, you do not have Dedicated IP Addresses provisioned for your site and Files.com will use its entire pool of IP addresses for connecting outbound to the remote server. If your counterparties maintain an IP Address whitelist, you will need to have them whitelist all of the IPs on this list.

Customers often ask for Dedicated IP addresses as a way to avoid having to ask their counterparty to whitelist a huge list of IP addresses.

We are able to offer that for Remote Server connection purposes via somewhat of a backdoor method, which is adding a Custom Domain to your site. Having a custom domain provides a justification for the dedicated IP address.

Files.com automatically provisions a pair of dedicated IP addresses for every site that has a custom domain enabled. We do that because FTP, unlike HTTP, requires that every custom domain be hosted on a dedicated IP address in order to have a custom SSL Certificate that matches the domain.

This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses. rather than having to whitelist our entire published list of IP addresses (see above).

Custom domains and, therefore, dedicated IPs are only available on the Power and Premier plans. If you are on a Starter plan, you will need to upgrade to use a custom domain or dedicated IPs.

Dedicated IPs, once provisioned, are used for both inbound connections to your site via your custom domain, as well as outbound connections from Files.com to certain applicable Remote Servers that are used for Remote Server Sync and Remote Server Mount.

By default, Files.com will use your dedicated IP addresses for outbound connections to FTP, SFTP, WebDAV, and S3 Compatible remote servers. However, you can disable the use of your dedicated IP in these circumstances if you need to. (You might do that if your counterparty has already whitelisted the main Files.com IP range, for example.)

Authentication: Password or Private Key

Files.com will authenticate to the remote SFTP server using a username and password or private key.

To use a password, select Password for the Authentication method and enter the password to be used into the Password field.

To use an existing private key, select Existing Private Key and paste the private key into the Private Key field.

If providing a Private Key, Files.com currently requires that you provide it in OpenSSH format.

Support for keys in PuTTY (.ppk) and SSH2 format are coming soon.

To generate and use a new private key, select New Private Key and click Generate key pair. This will generate a new key pair of type RSA, with 4096 bit length, and a SHA-256 hash. The public portion of the new key will be presented to you, with options to copy it to your clipboard and to download it. Send this to the administrator of the remote SFTP server, to be installed for use by the account corresponding with the specified username.

Server Host Key

You can configure a Server Host Key for the remote server. If you do not provide one upon setup, we will automatically detect the server's host key and store it for you.

The host key provides cryptographic authentication of the remote host, ensuring that we are connecting to the same remote server (or pool of servers) every time.

By default, if the server's host key ever changes, Files.com will disable the Remote SFTP connection until you restore it by manually updating the host key. This protects your connection against Man-In-The-Middle attacks, where some other party tries to impersonate your server.

You may also configure Files.com to allow non-matching server host keys. This behavior is insecure and not recommended.

A Server Host Key is not the same as a Public or Private Key pair for user authentication. Those are a separate key related to the user. Server Host Keys apply to the entire remote server and not a specific remote user.

Maximum Number of Connections

You can configure a maximum number of connections that Files.com will make at a time to the remote SFTP server. We recommend the default value of 25, as this will provide the a high level of parallelism, which improves performance.

Some server administrators will request that you reduce this number to reduce the pressure on their server. Be aware that reducing it too low will reduce performance because requests may have to wait for a free connection before they are able to complete.

Files.com will use best efforts to honor the maximum number specified here, though it may still burst above this number on certain occasions, such as when moving the connection to another one of our gateway servers internally. As a cloud-based service, we often reconfigure our network in real time to provide optimized performance. If we ever go above this number, you should expect the connection count to return to the specified number promptly.

Once your Remote Server is added, now you need to integrate it to Files.com as either a Remote Server Mount or Remote Server Sync.

Add Remote Server Mount

Remote Server Mounts are created by mounting them onto an empty folder in Files.com. This folder should ideally not be the Root of your site, although that is supported if you need it.

From the Files icon on the left, navigate to the location where you want the mounted folder to be and create a new folder. Navigate into the newly created folder and click the Folder Settings button on the top right.

Select Remote Server Mount from the list and click Add new remote server mount button. Select the remote server.

Choose the Remote folder, which is the portion of the remote file system that will be mounted into this folder on Files.com. You can either by leave the default "/" (i.e., the remote server's root directory) or click on Choose a different folder link and navigate to the remote folder you want to this folder to connect to.

Click the Save button. The folder will reload and immediately list the remote folders/files from the selected remote path.

Add Remote Server Sync

If you instead prefer to do a Sync with the remote, follow these directions.

  1. From Files, navigate into the folder where you would like to add the remote server sync and click Folder settings > Sync to/from remote server.
  2. Click the Add new remote server sync button to reveal the form.
  3. Select the server you would like to transfer to or from by clicking on the Remote server menu.

Sync direction

Next choose your Sync direction. You have three choices:

  1. Push to the remote server: This option uploads files and folders from your designated folder in your Files.com site to the remote server.
  2. Pull from the remote server: This option downloads files from the remote server and saves them in your designated folder in your Files.com site.
  3. Two-way sync: this option checks for new files, deleted files, and changed modification dates on both servers and then pushes and pulls as needed to keep the folders synchronized on both servers.

Delete or Keep after copying

You have the option to delete files on the source server after a push or pull. Use the After copying menu to select whether you would like files that are successfully transferred to be deleted from or kept on the source server.

Remote path

Enter the remote path to or from which you would like files and folders transferred, starting after the folder/directory your remote user lands in upon authentication.

For example: if the remote server has a folder structure folderA/folderB/folderC, and the user credentials that you have configured your sync server to log in with automatically land that user inside folderA, then to properly configure your sync folder behavior to transfer files to or from folderC, you would enter the path as folderB/folderC.

Reauthenticating

Certain remotes that use OAuth for authentication may require regular rotation of your credentials. When this is needed, you will see an alert in the top left of the web interface. You can click the link in that alert to re-authenticate and re-establish the connection to the remote.

Troubleshooting SFTP Outbound Connections

Most of the time, outbound SFTP connection issues are caused by one of the following things:

  • Most common: Firewalls or other restrictions on the remote server that require an IP address to be whitelisted
  • The outbound server doesn't actually accept SFTP (try FTP instead, with the secure option turned on)
  • Wrong port, hostname, or other settings

Please check with your counterparty about any IP Address restrictions or whitelisting that may be in place. If any is in place, please read and follow the below instructions carefully:

IP Addresses Used For Connection

If you have a Custom Domain installed on your site, that means Files.com has provisioned two dedicated IP addresses for your site and it will use them by default for outbound connections to the remote server. Provide these 2 IP addresses to your counterparties and ask them to whitelist them in any applicable firewall.

If you do not have a Custom Domain installed on your site, you do not have Dedicated IP Addresses provisioned for your site and Files.com will use its entire pool of IP addresses for connecting outbound to the remote server. If your counterparties maintain an IP Address whitelist, you will need to have them whitelist all of the IPs on this list.

Customers often ask for Dedicated IP addresses as a way to avoid having to ask their counterparty to whitelist a huge list of IP addresses.

We are able to offer that for Remote Server connection purposes via somewhat of a backdoor method, which is adding a Custom Domain to your site. Having a custom domain provides a justification for the dedicated IP address.

Files.com automatically provisions a pair of dedicated IP addresses for every site that has a custom domain enabled. We do that because FTP, unlike HTTP, requires that every custom domain be hosted on a dedicated IP address in order to have a custom SSL Certificate that matches the domain.

This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses. rather than having to whitelist our entire published list of IP addresses (see above).

Custom domains and, therefore, dedicated IPs are only available on the Power and Premier plans. If you are on a Starter plan, you will need to upgrade to use a custom domain or dedicated IPs.

Dedicated IPs, once provisioned, are used for both inbound connections to your site via your custom domain, as well as outbound connections from Files.com to certain applicable Remote Servers that are used for Remote Server Sync and Remote Server Mount.

By default, Files.com will use your dedicated IP addresses for outbound connections to FTP, SFTP, WebDAV, and S3 Compatible remote servers. However, you can disable the use of your dedicated IP in these circumstances if you need to. (You might do that if your counterparty has already whitelisted the main Files.com IP range, for example.)

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2022 Files.com. All right reserved

FILES.COM

  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact

CONTACT & SUPPORT

support@files.com

(800) 286-8372

Monday–Friday

9am–8pm Eastern