Skip to main content

Remote SFTP Server

A Remote SFTP Server is a type of Endpoint that represents your partner's SFTP server (external). UDMG uses this Endpoint when acting as an SFTP client to connect to your partner's server.

The Endpoint stores connection details such as hostname, port, and authentication credentials, and is used to initiate outbound SFTP transfers. Within a UDMG as Client Pipeline, a Remote SFTP Endpoint can function as either a Source Endpoint (to pull files) or a Destination Endpoint (to push files), enabling secure and automated file exchanges with your partner's SFTP servers.

info

File transfers when UDMG is acting as the client are only initiated via the Transfer API (not via the UI).

A Pipeline with a Remote SFTP Server Endpoint cannot be associated with an Account or Account Group. The Credentials needed to connect and authenticate with your partner's SFTP server are added on the Pipeline.

Before You Begin

IP Address and Port

The IP Address and Port define the connection to your partner's SFTP Server. Obtain these values directly from your partner.

After configuring the Endpoint, click Validate to confirm that UDMG can successfully connect to the server using the specified IP and port. For detailed steps, see Validating the Configuration.

Public Key

Each Remote SFTP Server Endpoint requires a Public Key, which represents the Host Key of your partner's SFTP Server. UDMG uses this key to verify the server's identity during the SSH handshake, protecting against man-in-the-middle attacks. Only one key is allowed.

Obtain the Host Key from your partner and add it as a Credential (Credential Type: Private Key) on the Credentials page before it is selected in the configuration.

Authentication Credentials at the Pipeline Level

While the Remote SFTP Server Endpoint requires your partner's SFTP Server Key to verify its identity (configured at the Endpoint level), client authentication credentials are configured separately at the Pipeline level. This design allows reusing the same Endpoint with different credentials across multiple Pipelines.

info

For more information, refer to UDMG as SFTP Client (Pull Scenario) or UDMG as SFTP Client (Push Scenario).

Adding an Endpoint

To add an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click the Add Endpoint button.
  3. Select Remote SFTP Server as the Endpoint Type.
  4. Complete the Name and Description details for the new Endpoint.
  5. Enter the IP Address and Port you obtained earlier.
  6. Select the Public Key you created earlier from the Credentials Name (Host Key) dropdown.
  7. Optionally select ciphers and other algorithms, or use the default, using the table below as a guide.
  8. Choose whether the Endpoint should be enabled effective immediately.
    • Note: The Endpoint must be added to a Pipeline for the Endpoint to be serviceable.
  9. Click Add.
  10. Validate the connection (connection only, no authentication). See Validating the Configuration.

Field Descriptions

The following table describes the fields that are configured for the Endpoint:

NameDescriptionSpecificationsRequired
Endpoint Type

The type of Endpoint indicates the type of file transfer.

Select: Remote SFTP Server.

Cannot be modified after creation.Yes
NameThe name of the Endpoint.Yes
DescriptionThe description of the Endpoint.No
IP AddressThe IP Address of the external SFTP server. Provided by your partner.Must be in IPv4 format.Yes
PortThe port number of the external SFTP server. Provided by your partner.Must be within 1 and 65535.Yes
Credentials Name (Host Key)The name of the Public Key representing your partner's SFTP server's Host Key.Must reference an already created Public Key.Yes
Key Exchange Algorithms

The allowed key exchange algorithms.

Options (multi-select):

  • ecdh-sha2-nistp521
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp256
  • curve25519-sha256@libssh.org
  • curve25519-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • mlkem768X25519-sha256

Defaults are:

  • ecdh-sha2-nistp521
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp256
  • curve25519-sha256
  • diffie-hellman-group16-sha512
No
Ciphers

The allowed ciphers.

Options (multi-select):

  • aes256-ctr
  • aes192-ctr
  • aes128-ctr
  • chacha20-poly1305@openssh.com
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • arcfour256
  • arcfour128
  • arcfour
  • aes128-cbc
  • 3des-cbc

Defaults are:

  • aes256-ctr
  • aes192-ctr
No
MACs

The allowed Message Authentication Codes (MACs).

Options (multi-select):

  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1

Defaults are:

  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1
  • hmac-sha1-96
No
Enabled Endpoint

Endpoint's enabled status.

See Enabling and Disabling Endpoints.

Default is Enabled.Yes

Editing an Endpoint

Endpoint configuration changes are pushed to all Pipelines referencing the Endpoint with immediate effect.

To edit an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoint.
  2. Click the Name field of the Endpoint you want to edit.
  3. Click the Edit button above the Endpoint details.
  4. Edit details for the Endpoint, using the Field Descriptions table as a guide.
  5. Click Update.

Managing an Endpoint

Viewing Endpoint Details

To view the details of an Endpoint, follow these steps:

  1. From the Sidebar, click Configuration > Endpoints.
  2. Click the Name of the Endpoint you want to view.
  3. Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.

Endpoint details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:

Endpoint Metadata

NameDescription
UUIDUniversally Unique Identifier of this Endpoint.
VersionVersion number of the configuration. Every change increases the number.
EnabledEndpoint's Enabled status. If enabled, field is set to True.
CreatedDate and time this Endpoint was created.
UpdatedDate and time this Endpoint was last updated.
Test Status

Status of the Validate Endpoint configuration test.

Options:

  • Test not executed
  • Test passed
  • Test error

Validating the Configuration

The Endpoint configuration can be validated to confirm if an unauthenticated connection with the external SFTP server can be made. After clicking the Validate button, one of the following messages appears:

  • Error/Fail: 'Endpoint test has failed. The dial tcp 0.0.0.4:2235: i/o timeout.'
    • If validation fails, then the system was not able to make a successful connection with the external SFTP server. Check the Endpoint's configuration, network path, firewall rules, and try again.
  • Pass: 'Endpoint has passed the test.'
    • If validation passes, then the system was able to make a successful connection with the external SFTP server.

Enabling and Disabling Endpoints

Remote SFTP Server Endpoints can be Enabled or Disabled to control their active status and ability to participate in file transfers.

  • Enabled (default): The Endpoint is active and can participate in file transfers.
  • Disabled: The Endpoint is inactive and cannot participate in file transfers.

The status is set during initial creation and changed following these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click the Name of the Endpoint you want to enable or disable.
  3. Click Edit.
  4. Move the Enable Endpoint toggle.
  5. Click Update.
info

Changes to the Endpoint's Enabled status are not active until the Account reconnects.

Deleting an Endpoint

To delete an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click the Name of the Endpoint you want to delete.
  3. Click the Delete button above the Endpoint details.
  4. You will be asked to confirm the deletion. Click Delete.
warning

UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.