SSH Tectia

Secure File Transfer

The SSH Tectia Client and Server products allow organizations to replace plaintext FTP connections with secure file transfers in cross-platform environments. Unattended, automated file transfers between servers can be secured with the versatile command-line SFTP and SCP tools. The third-generation high- performance Secure Shell protocol implementation, SSH G3, provides unparalleled SFTP throughput and scalability, eliminating processing bottlenecks and helping to meet critical deadlines.

SSH Tectia Server is capable of handling also the OpenSSH SCP legacy file transfer mechanism that OpenSSH uses instead of the standard SFTP protocol. The OpenSSH SCP can interoperate with the SSH Tectia Server running on any platform.

With the optional EFT Expansion Pack, users of SSH Tectia Client and SSH Tectia Server can expand the baseline functionality to perform enhanced file transfer (EFT) operations that require higher encryption performance, more comprehensive manageability, APIs for application-level integration, and additional reliability features such as checkpoint/restart. In addition, the EFT Expansion Pack incorporates an FTP-SFTP conversion module to facilitate secure replacement of FTP without the need to modify file transfer scripts or applications.

Secure File Transfer API

The EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server on Linux, Solaris, and Windows platforms includes a complete client-side SFTP API (application programming interface) for Java and C. The SFTP API enables seamless integration of secure file transfers to custom and third-party applications and also to third-party file transfer management systems. Through the API, all SFTP functionalities can be integrated to other applications: file transfers can be triggered from applications, real-time information can be received as file transfers proceed, and full access to return codes is provided.

For sample use cases, see Integrating an Extranet Application with SFTP, Securing Data Warehouse Communications with SFTP, and Protecting a Healthcare Application with SFTP. More detailed information can be found in the API documentation that comes with the product.

Checkpoint/Restart

Checkpoint/restart is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server. When the client starts transferring a file for the first time, it starts from the beginning of the file. When the file transfer has been progressing for some time (a configurable amount of time or data), the client creates a checkpoint entry for that particular file in the checkpoint database (simply a file in a directory). This entry includes the state of the transfer at the specified time: file timestamps and sizes, their positions in the files, etc.

If for some reason the file transfer is canceled (the user aborts the transfer or the connection is lost), the last known state of the transfer is saved in the checkpoint entry. If the file transfer is now restarted, the client uses the existing checkpoint entry to check whether it can continue from the known position. There are two criteria that have to be fulfilled for the restart:

  1. The source file modification timestamp must be the same as in the checkpoint entry.

  2. The destination file timestamp must not be earlier than the last known timestamp (it is possible that the last file transfer has changed the file after the last checkpoint).

If these criteria are fulfilled, the file transfer can continue from the last known position without any extra delays.

Note, however, that checkpoint/restart does not compare source and destination file contents. Therefore the system does not notice if someone changes the destination file between the checkpoint and the restart, and the resulting destination file is not identical with the source file.

When the file has been successfully transferred, the checkpoint entry is removed. The next file transfer for the same file starts again from the beginning even though a destination file exists. Source and destination file contents are never compared if checkpoint/restart is used.

Streaming

The EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server incorporates a protocol extension in the Secure File Transfer Protocol (SFTP), enhancing file transfer performance.

The streaming extension causes the file contents to be transferred between SSH Tectia Server and Client using a separate data channel instead of the SFTP channel that carries the SFTP commands, thereby avoiding some bottlenecks of the protocol. All data transferred is still encapsulated into the secure SecSh transport connection, meaning that this enhancement does not have any security implications. The SFTP streaming protocol extension is fully backward compatible with all earlier SSH Tectia Client and Server versions.

Prefix

The prefix functionality adds a prefix to a filename during the file transfer and thus renames it. The prefix is removed after the file has been successfully transferred and the file has its original name again. This prevents unintentional usage of the file before it has been fully transferred to the destination. This feature is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server.

FTP-SFTP Conversion

FTP-SFTP conversion enables converting unsecured FTP traffic into secure SFTP. No changes to the FTP client application are needed. This feature is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server on Linux, HP-UX, Solaris, and Windows platforms.

For more information, see FTP-SFTP Conversion and FTP-SFTP Conversion.