Local SFTP Server

A Local SFTP Server is a type of Endpoint that represents an SFTP server that the system hosts locally to enable secure file transfers.

This Endpoint type provides the essential infrastructure for accepting incoming SFTP connections and initiating file transfers through secure, configurable Pipelines.

It functions as a virtual server that requires proper management for file transfer operations. Local SFTP Server Endpoints function exclusively as a Source Endpoint within a Pipeline of type UDMG as SFTP Server.

Before You Begin

Listener IP Address and Port

The Listener IP Address and Port together define the local listening address for this Local SFTP Server Endpoint:

• Listener IP Address is the local IPv4 address that the UDMG Server binds to for this listener. If you set Listener IP Address to 0.0.0.0, UDMG binds to all IPv4 interfaces on the host. If you set a specific IP (for example, 192.168.1.10), UDMG accepts connections only on that IP.
• Port is the TCP port on that same host where the listener accepts connections.

When creating a new Endpoint, avoid selecting a Listener IP Address/Port pair that is already assigned to another Endpoint (in any Domains) or used by another service.

Although UDMG allows multiple Endpoints to use the same Listener IP Address/Port combination, only one of those Endpoints—and therefore its associated Pipelines—can be active at a time.

The following considerations apply:

• No Cross-Domain Validation: The system does not automatically prevent duplicate Listener IP Address/Port combinations within or across Domains.
• Manual Validation Required: After configuring an Endpoint, always use the Validate button to see if the Listener IP Address/Port combination is already in use by another service (across all Domains). This action does not check if the IP/port can be specifically used by the Endpoint. See Validating the Configuration for more information.

Authentication Method

The Authentication Method specifies how the Local SFTP Server authenticates incoming connections. The available options are:

• Password: Only password-based authentication is accepted.
• Public Key: Only SSH key-based authentication is accepted.
• Password or Public Key: Either password-based or SSH key-based authentication is accepted. This method gives your partners the most flexibility.
• Password and Public Key: Password-based and SSH key-based authentication is required. Use this method only when maximum security is needed and your partners support dual-authentication.

Host Key

Each Local SFTP Server Endpoint requires a Private Key, the SSH Host Key of the server, to be associated with it. Only one key is allowed. The key establishes the server's identity. The Credential (Credential Type: Private Key) must first be created on the Credentials page before it is selected in the configuration. See the SFTP page for information regarding supported and default key types, ciphers, and algorithms.

Adding an Endpoint

To add an Endpoint, follow these steps:

1. From the Sidebar, select Configuration > Endpoints.
2. Click Add Endpoint.
3. Select Local SFTP Server in the Endpoint Type dropdown.
4. Complete the Name and Description details for the new Endpoint.
5. Enter the Listener IP Address and Port.
6. Select the Authentication Method your partners will use to authenticate to the Local SFTP Server.
7. Select the Private Key you created earlier from the Credentials Name (Host Key) dropdown.
8. Optionally select ciphers and other algorithms, or use the default, using the table below as a guide.
9. Choose whether the Endpoint should be enabled to auto-start or require manual restarting.
10. Click Add to create the Endpoint.
11. Click Validate to confirm that the IP address and port combination is not already in use by another service (across all Domains). See Validating the Configuration.
12. Click Start to launch the server. See Starting, Stopping, and Restarting Endpoints.

warning

UDMG allows creating identical Endpoints with unique names, but this practice is strongly discouraged due to potential downstream complications.

Field Descriptions

The following table describes the fields that are configured for the Endpoint:

Name	Description	Specifications	Required
Endpoint Type	Select Local SFTP Server to expose an SFTP listener that receives partners connections.	The type cannot be changed after creation.	Yes
Name	The name of the Local SFTP Server Endpoint.	Must be unique. Must follow the Standard Naming Pattern.	Yes
Description	The description of the Local SFTP Server Endpoint.		No
Listener IP Address	The local IPv4 address that the UDMG Server binds to for this SFTP listener.	Must be in IPv4 format.	Yes
Port	The port number of the Local SFTP Server. The port is likely to be in the ephemeral range for 49152-65535 as per RFC 6335 or 32768-60999 on Linux. The port is in the system range for 1-1023 as per RFC 6335.	Must be between 1 and 65535. Should not be a port already associated with another Endpoint or service.	Yes
Authentication Method	The Authentication Method that Accounts use to authenticate and log in to the Local SFTP Server. Options: Password Public Key Password or Public Key Password and Public Key	Default is Password.	Yes
Credentials Name (Host Key)	The name of the Private Key that is used as the server's SSH host private key.	Must reference an already created Private Key.	Yes
Key Exchange Algorithms	The allowed key exchange algorithms. Options (multi-select): ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 curve25519-sha256@libssh.org curve25519-sha256 diffie-hellman-group16-sha512 diffie-hellman-group14-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 mlkem768X25519-sha256	Defaults are: ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 curve25519-sha256 diffie-hellman-group16-sha512	No
Ciphers	The allowed ciphers. Options (multi-select): aes256-ctr aes192-ctr aes128-ctr chacha20-poly1305@openssh.com aes128-gcm@openssh.com aes256-gcm@openssh.com arcfour256 arcfour128 arcfour aes128-cbc 3des-cbc	Defaults are: aes256-ctr aes192-ctr	No
MACs	The allowed Message Authentication Codes (MACs). Options (multi-select): hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha1	Defaults are: hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-sha1-96	No
Max Number of Concurrent Connections	The maximum number of concurrent connections the server allows. If a maximum value is set, the server rejects new transfers once the limit is reached.	Default = 0, which means unlimited.	No
Auto-Start Endpoint	Endpoint's auto-start status. See Auto-Starting Endpoints.	Default is Enabled.	Yes

Editing an Endpoint

To edit an Endpoint, follow these steps:

1. From the Sidebar, select Configuration > Endpoint.
2. Click the Name field of the Endpoint you want to edit.
3. Click Stop above the Endpoint details. As noted above, configuration changes only take effect following an Endpoint restart or stop/start cycle.
4. Click Edit above the Endpoint details.
5. Click the Name field of the Endpoint you want to edit.
6. Click Stop above the Endpoint details. As noted above, configuration changes only take effect following an Endpoint restart or stop/start cycle.
7. Click Edit above the Endpoint details.
8. Edit details for the Endpoint, using the Field Descriptions table as a guide.
9. Click Update.
10. Click Restart or Stop/Start.

info

Configuration changes remain inactive until the Local SFTP Server Endpoint is restarted and the Account disconnects/reconnects to its client.

After changes are made, restart the Endpoint to apply the changes. All active connections are terminated.

Managing an Endpoint

The Local SFTP Server Endpoint has multiple management capabilities that allow you to manage and validate the Endpoint.

Viewing Endpoint Details

To view the details of an Endpoint, follow these steps:

1. From the Sidebar, select Configuration > Endpoint.
2. Click the Name of the Endpoint you want to view.
3. Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.

Endpoint Metadata

Endpoint details include all parameters given in the Field Descriptions table, plus the following read-only metadata:

Name	Description
UUID	Universally Unique Identifier of this Endpoint.
UUID	Universally Unique Identifier of this Endpoint.
Version	Version number of the configuration. Every change increases the number.
Created	Date and time this Endpoint was created.
Version	Version number of the configuration. Every change increases the number.
Created	Date and time this Endpoint was created.
Updated	Date and time this Endpoint was last updated.
Updated	Date and time this Endpoint was last updated.
Test Status	Status of the Validate Endpoint configuration test. Options: Test not executed Test passed Test error
Runtime Status	The status of the server Endpoint. Options: Running Stopped Error: listen tcp 0.0.0.0:2041: bind: address already in use
Active Sessions	The number of active sessions or connections opened with the Endpoint (i.e., Accounts connected to the Endpoint).
Active Sessions	The number of active sessions or connections opened with the Endpoint (i.e., Accounts connected to the Endpoint).

Validating the Configuration

The configuration can be validated to confirm if the Local SFTP Server Endpoint's Listener IP Address/Port combination is used by another service (across all Domains).

It is important to note that, even if a port is not being used elsewhere in UDMG, it is not necessarily available.

tip

Port 22 is the standard and most common port for SFTP file transfers. Avoid using:

• Ports already taken by other Endpoints.
• Ports 1344, 111, and 81.
• UDMG Server ports (most likely 7070/7071, 8080/8081, 4222/6222) .
• Ports blocked by your IT controls.

To validate the configuration, stop the Endpoint first (click the Stop button) and then click the Validate button. One of the following messages appears:

• Error/Fail: 'Endpoint test has failed. The port #### on address #.#.#.# is already in use.'

  • If validation fails, then the Listener IP Address/Port is not available and should not be used. You must review and modify the Listener IP Address/Port combination.

    info

    If the Endpoint's Runtime Status is Running, then the validation test will fail because the Listener IP Address/Port is being used by that Endpoint.

• Pass: 'Endpoint has passed the test.'

  • If validation passes, the Listener IP Address/Port is not currently being used by another service.

    info

    The test does not confirm if the Listener IP Address/Port can be used by the Endpoint. The Listener IP Address/Port must be available based on your network IT controls, such as firewalls.

Starting, Stopping, and Restarting Endpoints

Local SFTP Server Endpoints function as virtual servers that require proper management for file transfer operations. After initial creation, these Endpoints must be activated before they can process transfers. Endpoints can be initiated through one method:

• Manual Start: Click the Start button on the Details page.

Additionally, configuration changes only take effect following an Endpoint restart or stop/start cycle. Once the Endpoint is running, three control actions are available from the Details page:

• Start: Launches the Endpoint connection when currently stopped.
• Stop: Initiates the shutdown of the Endpoint. New connections are not allowed, while the pending sessions remain until they are disconnected. Utilize the Active Sessions field on the Details page.
• Restart: Executes a complete stop/start sequence to apply configuration changes.

After the initial server creation and initiation, the Endpoint has a Runtime Status indicator that shows the real-time operational state of the server. The current status determines which management actions can be performed. The current state (Runtime Status) of each Local SFTP Server Endpoint is displayed in the Endpoint Record Table and Details page with the following statuses:

• Starting: Server is starting, but not operational yet.
• Running: Server is operational and processing connections.
• Stopped: Server is not running. Especially after a Stop request, it is possible that sessions remain until they disconnect. Utilize the Active Sessions field on the Details page.
• Error: listen tcp 0.0.0.0:2041: bind: address already in use: Server's IP/Port is in use on another Endpoint (across all Domains).

Auto-Starting Endpoints

Local SFTP Server Endpoints can be configured for auto-start functionality, allowing them to launch automatically if the UDMG server is stopped after initial creation or upon startup of the UDMG server. This setting is established during Endpoint creation and can be modified later.

• Enabled: The Endpoint automatically starts without manual intervention after the UDMG server is stopped (Auto-start active).
• Disabled: The Endpoint remains inactive until manually started after the UDMG server is stopped (Auto-start inactive).

To set an to auto-start, follow these steps:

1. From the Sidebar, select Configuration > Endpoints.
2. Click the Name of the Endpoint you want to update.
3. Click Edit.
4. If the Endpoint is currently auto-started, you can remove the auto-start feature by moving the toggle to the left.
5. Click Update.

info

The Auto-Start Endpoint status is reflected as the Enabled field on the Details page.

Deleting an Endpoint

To delete an Endpoint, follow these steps:

1. From the Sidebar, select Configuration > Endpoints.
2. Click the Name of the Endpoint you want to delete.
3. Click Delete above the Endpoint details.
4. You will be asked to confirm the deletion. Click Delete.

warning

UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.