Assigning a SSH/SFTP folder

SyncFolder allows you to configure an external SFTP server for both the source and destination location of a task. SFTP is supported for all type of tasks except bidirectional synchronization.
SFTP is also completely different from FTP/FTPS as it makes use of the SFTP protocol to transfer files and folders using Secure Shell (SSH). Communication with the server is inherently secure because of the following mechanisms:

• Communication is fully encrypted.
• Identification of the server is done by verifying the Host Key that is being sent by the server.
• Authentication of the user (you) can be configured in SyncFolder in 3 ways: with a user name and password; with a user name and a private and public key; with a user name, private and public key, and a private key passphrase.

Each time the app connects with the SFTP server it receives a Host Key, which it will check against all possible Host Key's that previously have been saved by SyncFolder. The first time it connects the app will not find a valid key and will therefore prompt you to trust the key. When you accept the key SyncFolder will save it in the 'trusted_hosts.json' file (which is located in the app's local folder) and try to connect again.

Possible error messages appearing when connecting with a SFTP server:

• Permission denied (publickey) - There can be a couple of reasons why you get this error:
  • There is no public key configured in the server for the user id / account name you provide.
  • You have selected the wrong private key (one that doesn't match with the public key on the server).
• openssh key type: ssh-rsa is not supported - You have probably generated a private/public key with RSA as key type and saved the key in OpenSSH format (the standard format when using 'ssh-keygen' in windows). The current version of SyncFolder only supports 'ssh-ed25519' when the file is in OpenSSH format. You can do 2 things:
  • Convert the private key file to .pem format. Do this as follows on the Windows command line or in Powershell (assuming that the name of the private key file is 'id_rsa'):
    ssh-keygen -p -f id_rsa -m pem
    You will be prompted to add a passphrase if you want.
  • Use ed25519 as key type (provided the SFTP server supports this). Do this as follows:
    ssh-keygen -t ed25519 -b 4096
    Don't forget to upload the new public key to the server.
    > Note: Don't use a passphrase in this case since SyncFolder currently cannot deal with this! See also next point.
• cipher name aes256-ctr for openssh key file is not supported - The private key file has a passphrase and is in OpenSSH format with AES256-CTR as cipher. This typically occurs when you use 'ssh-keygen' in Windows to create a private/public key with the fast ED25519 as public key algorithm and want to define a passphrase in order to also encrypt the private key file. The latest 'ssh-keygen' program in Windows encrypts the private key file with the AES256-CTR cipher which unfortunately is not yet supported in the library that SyncFolder uses for everything concerning SSH.
  In case you do want to use a passphrase it is advised not to enforce 'ssh-keygen' to use the new ED25519 but instead use the default RSA algorithm. But then still don't forget to add the -m option to save the private key file in PEM format. Do this as follows on the Windows command line or in Powershell:
  ssh-keygen -b 4096 -m pem
  The key files will be of the default type RSA and you will be prompted to add a passphrase.
• Invalid private key file - The selected file is not a private key file.

Things to know:

• When a new file is uploaded to a SFTP server the 'Created' date and time is set to the date time at that moment by the SFTP server.
• With every upload (new or updates) the app tries to set the 'Modified' date and time the same as the one of the copied file. Some SFTP servers might not allow this. In that case you must open 'Advanced task settings' and toggle the "Do not copy files when the 'Modified' date is different .." switch to On. This will prevent that the app keeps on uploading unmodified files each time the task executes. See also next section.
• There is no possibility within the app to manage the Host Keys after they are saved in the 'trusted_hosts.json' file. If you would like to remove certain host keys then you will have to use a text editor and edit the file manually. Take care then not to brake the json format of the file.
  Because the file is located in the app's local folder it will automatically be deleted when you uninstall SyncFolder.
• SyncFolder supports the following private key formats:
  • RSA in OpenSSL PEM and ssh.com format.
  • DSA in OpenSSL PEM and ssh.com format.
  • ECDSA 256/384/521 in OpenSSL PEM format.
  • ED25519 in OpenSSH key format without a passphrase.
  It does not support .ppk key files generated by PuTTYgen. You must convert them to one of the above supported formats.