Add an FTP or SFTP Server

You can add an FTP server or SFTP server as a delivery channel from the Administration page.

If the destination file name supplied to the scheduler contains non-ascii characters, UTF-8 encoding is used to specify the file name to the destination FTP server. Your FTP server must support UTF-8 encoding or the job delivery will fail with "Delivery Failed" error message.

Publisher doesn't support FTP over TLS / SSL (FTPS). You can't use FTP over TLS or SSL for delivery. Use SFTP for secure file transfer.

  1. From the Administration page, under Delivery, select FTP, and then click Add Server.
  2. Enter the server name, host name, and port number for the FTP or SFTP server.
    The default port for FTP is 21. The default port for Secure FTP (SFTP) is 22.
  3. To enable Secure FTP (SFTP), select Use Secure FTP.
  4. If the FTP server is behind a firewall, select Use Passive Mode .
  5. In the Host Key Fingerprint field, enter the host key. The value must match the fingerprint calculated from server's host key at runtime. If it doesn’t match, an exception error is thrown. When you connect the first time, the Delivery Manager API allows you to retrieve the server key fingerprint.
  6. Optional: In the Filter Command field, specify a custom filter to apply a file conversion such as encryption.
    To specify a custom filter, pass the native Operating System command string with the two placeholders for the input and output file name, {infile} and {outfile}.

    For example, to set up encryption of the file using a Filter Command, enter the following:

    gpg -e -r myKey -o {outfile} {infile}


    myKey is the ID to gpg key (such as real name, email address, or fingerprint).

    The Filter command field doesn’t support quotes. Therefore you cannot use certain valid gpg formats that include spaces, for example: "myname <>"). You must specify the ID in a single string with no spaces.

  7. Select Create files with Part extension when copy is in process to create a file on the FTP server with a .part extension while the file is transferring.
    When the file transfer is complete, the file is renamed without the .part extension. If the file transfer doesn't complete, the file with the .part extension remains on the server.
  8. Optional: Enter the security information.
    1. If your server is password protected, enter the User name and Password.
    2. Select the Authentication Type: Private Key or Password
    3. Depending on the authentication type selection, select the private key file or specify the private password.
  9. Optional: Enter the host, port, user name, password, and authentication type (None, Basic, Digest) of the proxy server.
  10. Optional: To deliver PGP encrypted documents to the FTP server:
    1. From the PGP Key list, select the PGP keys you uploaded in Security Center.
      This step updates the filter command in the Filter Command field.
    2. To sign the encrypted document, select Sign Output.
      This step adds a -s parameter to the existing filter command in the Filter Command field.
    3. If you want to deliver PGP encrypted document in ASCII armored format, select ASCII Armored Output.
      This step adds a -a parameter to the existing filter command in the Filter Command field.
  11. In the Access Control section, deselect Public.
  12. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  13. Click Test Connection.
  14. Click Apply.

SSH Options For SFTP

Secure File Transfer Protocol (SFTP) is based on the Secure Shell technology (SSH). Publisher supports the following SSH options for SFTP delivery.

Key Exchange Method (Diffie-Hellman) Server Public Key Encryption (Cipher Suites) Message Authentication Code (MAC)
  • diffie-hellman-group14-sha1

  • diffie-hellman-group-exchange-sha256

  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group1-sha1

  • diffie-hellman-group14-sha256

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • ssh-rsa (up to 2048 bit)

  • ssh-dss (1024 bit)

  • rsa-sha2-256

  • rsa-sha2-512

  • aes128-ctr

  • aes192-ctr

  • aes256-ctr

  • aes128-cbc

  • 3des-cbc

  • blowfish-cbc

  • hmac-sha1

  • hmac-sha2-256

  • hmac-sha2-512

The following algorithms are available only when Publisher is running on a JVM on which the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are installed:

  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • rsa-sha2-256
  • rsa-sha2-512
  • aes192-ctr
  • aes256-ctr
  • hmac-sha2-256
  • hmac-sha2-512