Your browser does not allow storing cookies. We recommend enabling them.


Requirements for FTP-SFTP Conversion

The FTP-SFTP conversion feature requires the connection capture component. Select the FTP-SFTP conversion and TCP tunneling option during the installation. See the installation instructions in Chapter 2.

The FTP-SFTP conversion rules are defined in the Tectia configuration GUI, or in the Connection Broker configuration file ssh-broker-config.xml, in the filter-engine element. See the section called “The filter-engine Element”.

When a global configuration file exists, and it includes the filter-engine element, those settings are applied. On Unix, the global configuration is stored as /etc/ssh2/ssh-broker-config.xml, and on Windows as "<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config.xml", where <INSTALLDIR> indicates the Tectia installation directory on Windows (see Directory Paths).

Only if no global configuration files are available, the settings are read from the user-specific configuration file.

For configuration examples, see these sample files:

  • etc/ssh2/ssh-broker-config-example-capture.xml and etc/ssh2/ssh-broker-config-example.xml on Unix

  • "<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example-capture.xml" and "<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example.xml" on Windows


When transferring ASCII text files over FTP-SFTP conversion, make sure that you have selected the correct line break convention in the connection profile that you use in the FTP-SFTP conversion. Use Unix compatible (LF) line breaks if the target server is on a Unix host, and Windows compatible (CRLF) line breaks if the target server is on a Windows host.

For defining the file transfer settings on Windows, refer to Defining File Transfer Settings.

For defining the file transfer settings on Unix, see the host-type attribute in the section called “The profiles Element”.

The destination host must have a Secure Shell Server installed. Also note that the host key for the server must already be saved as a known host key on Tectia ConnectSecure. To save the host key, connect to the server with sshg3 and save the host key sent by the server. For instructions, see First Login to a Remote Host.

When enabling FTP-SFTP conversion, consider also how the server host keys will be handled. You can choose between strict host key checking and accepting even unknown keys for the current session. For configuration instructions, see Managing Host Keys.


Consider carefully before enabling Accept unknown host keys. Disabling the host-key checks can make you vulnerable to a man-in-the-middle attack.

The conversion rules can also be set with the Tectia Configuration GUI on the FTP-SFTP Conversion page. See Defining Filter Rules.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more