Access content export SFTP with RSA encryption configured via FileZilla and WinSCP

Accessing SFTP with RSA reduces the risk of unauthorized access to the data in your content export (CE) file. The process below allows a user to configure an RSA public key that can be used to encrypt the CE output file in order to store the files more securely until they're reviewed by a Compliance Officer.

 

Content export file encryption/decryption

Before this can be done, complete the steps in the Knowledge Article found here on how to configure file encryption/decryption. 

FileZilla

1. From FileZilla, navigate to Site Manager from the File menu (Figure 1):

 

1.png

Figure 1 Site Manager...

 

Note: Pressing CTRL + S will also take you to this menu.

 

2. Click New Site and enter a name of your choice. This example uses the name MyPod-Content-Export (Figure 2):

2.png

Figure 2 Site name

 

3. Configure the SFTP details to the right of the Site Name on the General tab. The recommended configuration is below (Table 1):

 

FileZilla Field Name FileZilla Field Value Comments
Protocol.  SFTP - SSH File Transfer Protocol.  
Host.  sftp.i.qa-us-east-1-p002.qamt.symphony.com

 SFTP Domain in Figure 3.

Port.  22.

 SFTP Domain in Figure 3.

Logon Type.  Key file.  Select the Key file from
 the dropdown menu.
User.

 E.g. 12345.

 Public Key Info in Figure
 3.
Key file.

 E.g. C:\content-keys\privatekey.pem

 

 Choose the private key
 that was saved at the
 creation of the RSA 
 encryption. It will
 automatically load the
 path to it.

Table 1 SFTP details

 

4.png

Figure 3 SFTP Information

 

4. Once completed, click OK to save the configuration. An example is displayed in Figure 4:

 

mceclip0.png

Figure 4 Completed SFTP details

 

5. From Site Manager, select your saved site and click Connect (Figure 5):

6.png

Figure 5 Connect

 

6. The connection to the SFTP server will now be established, allowing the user to download the CE files.

WinSCP

Note: For WinSCP connection, the private key must be in PuTTY format.

Note: The PEM file it will automatically convert to PPK format.

 

1. From WinSCP, navigate to New Session from the Session menu (Figure 6):

7.png

Figure 6 New Session...

 

Note: Pressing CTRL + N will also take you to this menu.

 

2. A login details page will be displayed. If no existing session is stored, this will default to a new site. However, if there are other existing sessions stored, the user will need to select New Site and set up the configuration. The user must now configure the SFTP details. The recommended configuration is below (Table 2):

 

WinSCP Field Name WinSCP Field Value Comments
File Protocol.  SFTP.  SSH File Transfer
 Protocol.
Host.  sftp.i.qa-us-east-1-p002.qamt.symphony.com  SFTP Domain in Figure 7.
Port.  22.

 SFTP Port in Figure 7.

User.

 E.g. 12345.

 Public Key Info in Figure
 7.
Password.  -  Leave this empty.

Table 2 SFTP details

 

4.png

Figure 7 SFTP Information

 

3. Once completed, click Save to save the configuration. An example is displayed in Figure 8:

 

mceclip1.png

Figure 8 Completed SFTP details

 

4. Click Advanced... and in the following window, select Authentication from the SSH menu, then click the 3 dots in the Private key file section (Figure 9):

11.png

Figure 9 Authentication

 

5. If the user generated their own RSA key pair, choose the PPK file. If not, add the PEM file as this will be converted automatically.

 

If the PEM file is selected, the user will see a popup window asking whether to convert the OpenSSH private key to PuTTy format. Click OK to continue to save the newly formatted file.

 

In doing so, the process will ask the user to save the converted PuTTy format file in the same folder location. Name the file putty_privatekey.ppk so the user can identify which key this belongs to and then save it (Figure 10):

13.png

Figure 10 PPK file

 

Note: If the PEM file was selected, confirmation will be displayed stating the key was converted and saved to the file name specified in the directory (Figure 11):

14.png

Figure 11 Confirmation

 

6. Once the key has been added/generated, click OK (Figure 12):

 

15.png

Figure 12 Private key file

 

7. Click Save, set the Site name to be MyPod-Content-Export and click OK (Figure 13):

 

16.png

Figure 13 Save session as site

 

8. Confirmation that the configuration has been saved and is ready for use will be displayed (Figure 14):

 

mceclip25.png

Figure 14 Final configuration

 

9. When the user wishes to connect to the SFTP server to download the CE files in future, select the saved configuration, in this example, MyPod-Content-Export, and click Login.

 

For further assistance with CE and SFTP/RSA encryption, please contact Symphony Support at support@symphony.com