For the sFTP protocol (Secure File Transfer Protocol), the same functionalities apply in the context of EDI data transfers as for the above-mentioned FTP protocol. Unlike FTP, however, sFTP is a network protocol with additional functions for transferring and managing (EDI) data over a secure data channel. For this reason, sFTP is also frequently used as a transmission path for EDI data exchange (e.g., for transmitting EDI data to Conrad Elektronik).

sFTP represents the standard data transfer protocol for the use of SSH2 (Secure Shell), whose predecessor version SSH1 only allows the use of Secure Copy (Secure Copy Protocol = SCP). Although sFTP is mainly used in conjunction with SSH2, the protocol as such also allows the use of other authentication and encryption methods.

However, sFTP is not an FTP protocol via SSH, but an independent network protocol. In order to transfer data to an sFTP server, an sFTP client is required which transmits all commands to the server in binary packets. Unlike FTP, credentials and file information are encrypted and not transmitted in plain text, especially sensitive information such as passwords. sFTP should not be confused with FTPS, which is simply a security feature of FTP that encrypts the data channel using SSL or TLS. Unlike FTPS, sFTP establishes a unified connection between client and server via sFTP port 22. The use of encryption for file transfer is optional with sFTP, while encryption is always active with FTPS or is agreed upon during the handshake (explicit mode). This variation option must also be taken into account when setting up and testing sFTP connections for EDI data transmission, but the transmission of authentication information (usually user name and password) always takes place via an encrypted channel in both variants.

The most commonly used sFTP port is also the one used for SSH, as sFTP is a further development of SSH. However, SSH was originally developed to encrypt remote access. By default, port 22 is predominantly used as the default sFTP port. When implementing EDI connections, this dedicated sFTP port is also usually used to transfer EDI messages.

Secure EDI data transfer via the sFTP port

Softzoll offers its customers a free client for reconciliation between the EDI interfaces of the ERP system and the input and output channels of the server-based EDI systems in the Softzoll data center in Berlin—the Softzoll Communicator, which in addition to AS2 and OFTP2 can also establish FTP and sFTP connections to exchange EDI data between the data center and the customer’s IT environment. Softzoll uses the latest FTP/sFTP servers in its data centers to provide the FTP protocol with the highest possible transaction security.