Overview

The Data Warehouse connector for SFTP automatically syncs the data in your Funnel account to a server using SSH File Transfer Protocol.

SFTP server settings

Permissions

We need access to write and delete files at the location of the path you selected, where we will write meta files (summary, schema, test files etc). Your settings can optionally block all meta files if you want to be strict except for the test file. The test file is written to {path}/test.{safe file name template}.txt where "safe file name template" is the file name template without any special signs (only alphanumeric characters) to make sure we have write access and the file is then deleted right after.

The data files are written to the "file name template" which optionally can include a path, eg data/{startDate}.csv which also needs to be writable.

How to check if your server supports Funnel's SFTP exports

Funnel's SFTP export supports the following ciphers:

  • aes128-ctr

  • aes192-ctr

  • aes256-ctr

  • aes128-gcm

  • aes128-gcm@openssh.com

  • aes256-gcm

  • aes256-gcm@openssh.com

If you are running OS X or Linux you can find out if your server supports a certain cipher by typing this into a terminal window:
sftp -v -c aes128-ctr your.sftp.server

The SFTP server does not support the requested cipher if the response looks like this:

Unable to negotiate with xxx.xxx.xxx.xxx. port 22: no matching cipher found. 
Their offer: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc

This will also tell you which ciphers the server does support.

Export setup

You choose formats, data to export and schedule like other exports.

You need to have an SFTP server that external services can access. Check with your IT provider so that you have:

  • hostname and port

  • username/password created that allows adding files.¬†

  • path to put files under and what filenames to use.

These credentials should be unique to this export and not allow access to other resources.

NOTE: Funnel's SFTP traffic comes from IP Address 54.81.136.8 if you are using our app.funnel.io service or 18.193.167.135 if you are using our app.eu.funnel.io service.

To further increase security you can also require public-key authentication using the key below.

If you are using our app.funnel.io service

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAmszGM2cFkJa61r8pyTkmBqyw1Gm4qfwgIwJQ62+xugARioYIPsQ3RCcHWwlpqpA2ALnATg2knqh2csBtrADSrMhreFRNUbzXX53Sgbe0G9ZgUfFEVORA28hHqCGTbZAb11AkhHviICZBZ85f4+0CnJ3Tw1HYKfKoCvrPE7brEgh63L8jw6OFgsvpQrnDrisKT23vKnrbqIwOWbSeYzji+NIV64LsJ8fB4Ld4gBUVUMFi/Sj0wVmKauCDwNr4TInuIFDH0UgwnJTK8JK092IqC6bSdm2BXtuuhEGCuqBbzP3kodVW7h4Fq5tLzYzK/ykTrFiMJ4794g0NqkOtDr2A3129momqbuKraxUdsNBTWd2M/bMMeAk2ft7JjdKAclHgra161X/F2bNlk1B2sGYNx2Er10u9ni6Fv0GZQ6ZY1qR4vgZ1JC+crvEar7pBsW7+S/TOHJLvXS0GafAmLo7rB74NAkqpjFnZp/oEo254OaBtgrT6xt8VTdc6yoAJzGw2ycg4SUCiauATFZFQZkmitslGywvBgg2e92SudkD3dvt7f3BivD3bjVDp7cYMwyRSNoqR64OGFoHUSFb7K5CPsl4icWpswbBx9xMUGNCJuZMCnchMSnoLuYNkr61jUFeL9P+NQSkPXsuFhfQGddPCnSEup8IA/YxaEqnyMSfcNw== funnel

If you are using our app.eu.funnel.io service

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9r5i0b9N+XZnwdxyYd3BQ/T/EtNjSGOP6eqJ6PnE9H8bNTacZWlZ4HZh3fL7s6MrQ6VsFc7kqsilXFh1ixV0mtKI72kidz4F8kk+qHHjoGeMn46UNIHf3zO3vXyrGU6Y+Uuvwcr5I1g89Sb7nAUvd8yuucyCoGxAwHWDVNyJYyVsK8y6Brp5sSlvLQi2mH26MFnwjQ56GcCp82PBhw7izt+uM/6jlE4ErS2ysexhSHQrINobIOxTNBjnE6DvRAOAGuq7quSv89c94gSH3jT4+ZM3vHYkancnJFEjcLjWWfqQTo+eiy1TP17asKuAsQGuwwx8HeotLefHuElQq4nkLGpDdsTz0u4wBFSl/WvnSF9AWi8DUg/tPl3oogO0pCynLToL/qU15HdGMqbXHj8xZy0pCAXktpglXIRRdZpPV24JBwUY5TRVyVPmlgE0RR1BMyNtmZx62J2dqZTotwG06yjAGyELN1ztvrd3JUw/x1mBH4z7IJve7ZMHEeR6oI/q6Aqnv06YoIZC06zLAcv4fgWlBQF1+4603akWsMMHHipxbeYzwK0qsaqAHc9b6HrYFJwP71f7j03TheugI5iCdYDruuwzzgnf5S7IsysZI4eYbmJzXmEnin/DUwtJZZcRBZIj+DHoQ8Me3Z10bNgJc1t4MlYqlcTBxTSNq83V8OQ== funnel

Troubleshooting

Below are some error messages that can occur:

  • "getaddrinfo ENOTFOUND" ¬†means that the host name is not known, check the host name and that it is a name or IP that is accessible from internet.

  • "no matching client->server cipher" typically means that the server implementation is old. Our services uses the current recommended ciphers https://tools.ietf.org/html/rfc4344#section-4 . See below for more on this.

  • "Unable to contact server" typically indicates that Funnel could not connect to the SFTP server. If using IP security in a firewall ensure that AWS can access the server. We are on us-east-1 region and ELB service for now and the current details are on https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

  • "All configured authentication methods failed" happens when Funnel could reach the server but didn't get access. Validate that you've put in the correct username/password combination and that if your server block password only authentication, you've also allowed our public-key

Did this answer your question?