Implementation of Matkahuolto’s new SFTP service for delivery of EDI materials
To ensure data security, we will switch exclusively to SFTP and the last remaining FTP connections will be replaced by SFTP. The new SFTP service can be deployed as of 1 September 2020 and must be fully adopted by 30 September 2020.
The SFTP service is available at files.matkahuolto.fi.
In future, the service can only be used with encrypted SFTP
There are two options for authentication:
SSH public key authentication, or
username and password (in use at present)
We primarily recommend the use of SFTP public key authentication, because a high level of security is a top priority for us.
In addition to authentication, we restrict access to the service by IP address. Allowed IP addresses are those already in use. However, if you plan to change your IP address, please contact firstname.lastname@example.org.
Please test the connection as soon as you have made the change to your system, and send the name of the transferred file to email@example.com so that we can check that the file has arrived.
Creating SSH keys
On Unix/Linux/MacOS systems, you can use the following command to create the SSH key pair: ssh-keygen -P "" -f mysshkeyfile
In the above command, you can rename ‘mysshkeyfile’ as desired.
After running the command, two files are created in the working directory:
‘mysshkeyfile’ and ‘mysshkeyfile.pub’.
‘Mysshkeyfile’ is the secret key that must not be disclosed to third parties.
‘Mysshkeyfile.pub’ is the public key that must be sent to Matkahuolto at firstname.lastname@example.org for us to configure key-based authentication on our system.
As its name implies, the public key is widely known, i.e. you can safely send it even if your email is unencrypted.
The contents of the public key, i.e. the ‘mysshkeyfile.pub’ file referred to above, can resemble the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5IGE3mHmURt/fey5uG1bb/EBh3pBgOJijmUzItHAR 0HktDYYz4SWsKNB1yjBTy1ySO+v2eMJ/JB8z1hDHt1vep0wFSqXqEPLzh3aKrUpmufF6jz6UaVOt D7U2vpq1VER3eb206iqYMGIQXM7py52RL2g5bxlVJjxaW+G75UM3zrINTb8AxwxxlxVJGKydhQ nSgzDIqzF7yV5ABk5cQ+sNJJdJVAUGJxtXlumx8JwONRQEsfoVtuYfyROgEesDaJknDIdm4LHTDy 8o6cCV7dzO/xIjR3LGZIFN9XCyZ1rk19g8hnvjbxvuhjrp5tx4oMNXZtI92J/kjK0i2S5JNzXl root@myserver
You must run the commands on the same servers and use the same credentials that will later be used to transfer files over SFTP.
Authentication by username and password
If you choose to use username and password for authentication, you can continue to use the service with the same username and password as before. In this case, only the address of Matkahuolto’s SFTP service will change.
Verifying external IP address
We recommend that you also verify your public IP address. On Unix/Linux/MacOS systems, the public IP address can be determined, for example, by running the following command on the server sending EDI messages: curl http://ifconfig.me/ip
If your address has changed or you know that your address varies or is an address range, please send the addresses or address range to email@example.com.