SFTP/FTP/FTPS

Available when using an authoring Data Collector version 3.22.0 or later.

To create an SFTP/FTP/FTPS connection, the basic stage library, streamsets-datacollector-basic-lib, must be installed on the selected authoring Data Collector.

For a description of the SFTP/FTP/FTPS connection properties, see SFTP/FTP/FTPS Connection Properties.

After you create an SFTP/FTP/FTPS connection, you can use the connection in the following stages:
Engine Stages
Data Collector 3.22.0 or later
  • SFTP/FTP/FTPS Client origin
  • SFTP/FTP/FTPS Client destination
  • SFTP/FTP/FTPS Client executor

Credentials

The SFTP/FTP/FTPS connection can use several methods to authenticate with the remote server. From the Credentials tab, configure the authentication required by the remote server.

Authentication options differ for each protocol:

  • For all protocols, select an authentication method to log in to the remote server. Choose the method based on the protocol and remote server requirements:
    • None - The stage does not authenticate with the server.
    • Password - The stage authenticates with the server using a user name and password. You must specify the user name and password.
    • Private key - The stage authenticates using a private key. Use only with the SFTP protocol. You must specify the private key, either in a local file or in plain text.
  • For the SFTP protocol, the stage can require that the server be listed in a known hosts file. You must specify the path to the known hosts file that contains the host keys for the approved SFTP servers.
  • For the FTPS protocol, the stage can use certificates to authenticate with the server. You must specify the keystore file and password. You can also configure the stage to authenticate the server by specifying a truststore provider. For more information about keystores and truststores, see Keystore and Truststore Configuration.

SFTP/FTP/FTPS Connection Properties

When creating an SFTP/FTP/FTPS connection, configure the following properties on the SFTP/FTP/FTPS tab:
JDBC Property Description
Resource URL URL to access the remote server. Use the appropriate format:
  • SFTP protocol:

    sftp://<host name>:<port number>/<path>

  • FTP protocol:

    ftp://<host name>:<port number>/<path>

  • FTPS protocol:

    ftps://<host name>:<port number>/<path>

You can omit the port number from the URL if the server uses the standard port number: 22 for SFTP, or 21 for FTP or FTPS.

You can optionally include the user name to log in to the SFTP, FTP, or FTPS server in the URL. For example, for the FTP protocol, you can use the following format: ftp://<user name>:<password>@<host name>/<path>.

You can enter an email address as a user name.

Note: If you enter a user name in the resource URL and configure password or private key authentication on the Credentials tab, the value entered in the URL takes precedence.
Protocol Protocol to use to connect to the server:
  • SFTP
  • FTP
  • FTPS
Enable Proxy Enables using a proxy to connect to the remote server.
Note: Enabling a proxy is supported by Data Collector 4.2.0 or later.
Proxy Type Type of proxy to use: HTTP or SOCKS.
Proxy URL URL of the proxy.

On the Credentials tab, configure the following properties, as needed:

Credentials Property Description
Authentication Authentication method to use to log in to the remote server:
  • None - Does not authenticate with remote server.
  • Password - Authenticates with the remote server using a user name and password.
  • Private key - Authenticates with an SFTP server using a private key.

Default is None.

Username User name to log in to the remote server.
Tip: To secure sensitive information, you can use credential stores or runtime resources.

Available when using password or private key authentication.

Password Password to log in to the remote server.
Tip: To secure sensitive information, you can use credential stores or runtime resources.

Available when using password authentication.

Private Key Provider Source that provides the private key:
  • File - Reads the private key from a local file.
  • Plain-Text - Reads the private key from a plain-text field.

Available when using private key authentication.

Private Key File Full path to the local private key file used to log in to the remote server.

Available when using private key authentication with a file private key provider.

Private Key Private key used to log in to the remote server.

Available when using private key authentication and providing a plain text private key.

Private Key Passphrase Passphrase used to open the private key.

Available when using private key authentication and providing a plain text private key.

Use Client Certificate for FTPS Authenticates with the FTPS server using a client certificate.

Select this option when the FTPS server requires mutual authentication. You must provide a keystore file that contains the client certificate.

Available when using FTPS.

Use Remote Keystore Enables loading the contents of the keystore from a remote credential store or from values entered in the stage properties.

Available when using a client certificate for FTPS.

Private Key Private key used in the remote keystore. Enter a credential function that returns the key or enter the contents of the key. For more information, see credential functions.

Available when using a client certificate for FTPS.

Certificate Chain Each PEM certificate used in the remote keystore. Enter a credential function that returns the certificate or enter the contents of the certificate.

Using simple or bulk edit mode, click the Add icon to add additional certificates.

Available when using a client certificate for FTPS.

FTPS Client Certificate Keystore File Full path to the keystore file that contains the client certificate.

Available when using a client certificate for FTPS.

FTPS Client Certificate Keystore Type Type of keystore file that contains the client certificate.

Available when using a client certificate for FTPS.

FTPS Client Certificate Keystore Password Password to the keystore file that contains the client certificate. A password is optional, but recommended.
Tip: To secure sensitive information, you can use credential stores or runtime resources.

Available when using a client certificate for FTPS.

FTPS Truststore Provider Method that the destination uses to authenticate the certificate from the FTPS server:
  • Allow All - Allows any certificate, skipping authentication.
  • File - Authenticates certificate with a specified truststore file.
  • Remote Truststore - Authenticates certificate with a truststore file built from specified certificates. For more information, see Remote Keystore and Truststore
  • JVM Default - Authenticates certificate with the JVM default truststore.

Available when using FTPS.

Trusted Certificates Each PEM certificate used in the remote truststore. Enter a credential function that returns the certificate or enter the contents of the certificate. For more information, see credential functions.

Using simple or bulk edit mode, click the Add icon to add additional certificates.

Available when using a remote truststore as the FTPS truststore provider.

FTPS Truststore File Full path to the truststore file that contains the server certificate.

Available when using a file as the FTPS truststore provider.

FTPS Truststore Type Type of truststore:
  • Java Keystore file (JKS)
  • PKCS-12 (p12 file)

Available when using a file as the FTPS truststore provider.

FTPS Truststore Password Password to the truststore file. A password is optional, but recommended.
Tip: To secure sensitive information, you can use credential stores or runtime resources.

Available when using a file as the FTPS truststore provider.

Strict Host Checking Requires that the SFTP server is listed in the known hosts file. When enabled, the destination connects to the server only if the server is listed in the known hosts file.

Requires the known hosts file to include an RSA key.

Available when using SFTP.

Known Hosts File Full path to the local known hosts file. Required if strict host checking is selected.

Available when using strict host checking.