Access content export SFTP with RSA encryption configured via FileZilla and WinSCP

Accessing SFTP with RSA reduces the risk of unauthorized access to the contents of your content export (CE) files. This process allows a user to configure an RSA public key that can be used to encrypt the CE output file in order to store the files more securely until they're reviewed by a compliance officer.

 

Access Content Export SFTP with RSA encryption configured via FileZilla and WinSCP by following these steps:

Content export file encryption/decryption

First, refer to and complete the steps in the Knowledge Article found here on how to configure file encryption/decryption. 

FileZilla

1. From FileZilla, navigate to Site Manager from the File menu (Figure 1):

 

1.png

Figure 1 Site Manager

 

Note: Pressing CTRL + S will also take you to this menu

 

2. Click New Site and enter a name of your choice. This example uses the name MyPod-Content-Export (Figure 2):

2.png

Figure 2 Site Name

 

3. Next, the user must configure the SFTP details to the right of the Site Name on the General tab. The recommended configuration is below (Table 1):

 

FileZilla Field Name FileZilla Field Value Comments
Protocol  SFTP - SSH File Transfer Protocol  
Host  sftp.i.qa-us-east-1-p002.qamt.symphony.com   (example URL)  This URL is available within your       Admin Portal - SFTP Domain. See   Figure 3
Port  22

 This URL is available within your       Admin Portal - SFTP Domain. See   Figure 3

Logon Type  Key file  Select the Key file from the   dropdown menu
User

 E.g. 12345

 It will be available from the   Username section within Public   Key Info, again within Admin   Portal. See Figure 3
Key file

 E.g. C:\content-keys\privatekey.pem

 

 Choose the private key that was   saved at the creation of the RSA   encryption. It will automatically   load the path to it

Table 1 SFTP Details

 

4.png

Figure 3 SFTP Information

 

4. Once completed, click OK to save the configuration. An example is displayed in Figure 4:

 

mceclip8.png

Figure 4 Completed SFTP Details

 

5. From Site Manager, select your saved site and click Connect (Figure 5):

6.png

Figure 5 Connect

 

6. The connection to the SFTP server will now be established, allowing the user to download the CE files

WinSCP

Note: For WinSCP connection, the private key must be in PuTTY format (e.g. ends in extension *.ppk)

Note: The PEM file it will automatically convert to PPK format

 

1. From WinSCP, navigate to New Session from the Session menu (Figure 6):

7.png

Figure 6 New Session

 

Note: Pressing CTRL + N will also take you to this menu

 

2. A login details page will be displayed. If no existing session is stored, this will default to a new site. However, if there are other existing sessions stored, the user will need to select New Site and set up the configuration. The user must now configure the SFTP details. The recommended configuration is below (Table 2):

 

WinSCP Field Name WinSCP Field Value Comments
File Protocol  SFTP  SSH File Transfer Protocol
Host  sftp.i.qa-us-east-1-p002.qamt.symphony.com   (example URL)  Your actual host URL will be   available within your Admin Portal  -   SFTP Domain. See Figure 7
Port  22

 This URL is available within your   Admin Portal - SFTP Port. See   Figure 7

User

 E.g. 12345

 Your actual username will be   available from the Username   section within Public Key Info,   again within Admin Portal. See   Figure 7
Password  -  Leave this empty

Table 2 SFTP Details

 

4.png

Figure 7 SFTP Information

 

3. Once completed, click Save to save the configuration. An example is displayed in Figure 8:

 

mceclip16.png

Figure 8 Completed SFTP Details

 

4. Click Advanced... and, in the next window, select Authentication from the SSH menu and then click the 3 dots in the Private key file section (Figure 9):

11.png

Figure 9 Authentication

 

5. If the user generated their own RSA key pair, choose the PPK file. If not, add the PEM file as this will be converted automatically

 

Note: If the PEM file is selected, the user will see a popup window asking whether to convert the OpenSSH private key to PuTTy format. Click OK to continue to save the newly formatted file. In doing so, the process will ask the user to save the converted PuTTy format file in the same folder location. Name the file putty_privatekey.ppk so the user can identify which key this belongs to, then save it (Figure 10):

13.png

Figure 10 PPK File

 

Note: If the PEM file was selected, confirmation will be shown that the key was converted and saved to the file name specified in the directory (Figure 11):

14.png

Figure 11 Confirmation

 

6. Once the key has been added/generated, click OK (Figure 12):

 

15.png

Figure 12 Private Key File

 

7. Click Save, set the Site name to be MyPod-Content-Export and click OK (Figure 13):

 

16.png

Figure 13 Saving Configuration

 

8. Confirmation that the configuration has been saved and is ready for use will be displayed (Figure 14):

 

mceclip25.png

Figure 14 Final Configuration

 

9. When the user wishes to connect to the SFTP server to download the CE files in future, select the saved configuration - in this example, MyPod-Content-Export - and click Login

 

For further assistance with CE and SFTP/RSA encryption, please contact Symphony Support at support@symphony.com