/
Accessing a Package via SFTP
Document toolboxDocument toolbox

Accessing a Package via SFTP

Owned by Pavel Novák
Last updated: Feb 28, 2025
2 min read

Whether SFTP access to a package is allowed depends on the application configuration and permissions set by the administrator. By default, this feature is disabled. If enabled and granted to a user, a unique SFTP URL for accessing the package is displayed in the package details (in the extended view).

SFTP Connection URL

The SFTP URL follows this format:

sftp://username#package.id@application.server.address:port

Example:
sftp://pavel.novak#7c914d77-c4ac-41e3-9f7c-107284542b60@test.sofie.cloud:2222

This URL contains all necessary information for the SFTP connection:

  • Username – The user's login name.

  • Package ID – The unique identifier of the package to be accessed via SFTP.

  • Application server address – The hostname of the SOFiE application server.

  • Port – The port on which the SFTP service listens for incoming connections.

SFTP access is available only to authenticated users. It is not available for anonymous users (without login).

Opening a Package in an SFTP Client

Whether clicking the SFTP link automatically launches an SFTP client and attempts to connect depends on the operating system configuration, the installed SFTP client and the browser’s ability to pass the link to the SFTP client.

For example, on Windows, a functional setup might be: WinSCP as a SFTP Client and Chrome as a browser. With this and correct setup, clicking the SFTP link in Chrome automatically launches WinSCP and opens the selected package. Example:

image-20250228-135245.png

Clicking the link opens the WinSCP client with the package content displayed:

image-20250228-135259.png

To enable seamless login without manually entering credentials, the PuTTY Pageant agent can be used with WinSCP. This automatically provides the SSH key for authentication.

If automatic connection does not work, users can manually establish an SFTP connection using the parameters provided in the SFTP Connection URL section above.

SFTP Authentication

To access a package via SFTP, the user must authenticate using one of the following methods:

  • SSH Key Authentication. (Recommended)

    • The administrator must configure the user’s SSH key. The key must be in OpenSSH authorized_keys format (e.g., "ssh-rsa AAAAB3NzaC1y...").

  • Username and Password Authentication.

    • Users log in with the same credentials as in the web interface. This method works only for local and AD accounts, it does not work for ADFS/OIDC accounts or accounts with multi-factor authentication (MFA) enabled, as SFTP does not support MFA.

Access Permissions (Read vs. Write)

Whether a user can only read (download) the contents of a package via SFTP or also modify them (upload, delete, etc.) is the same like in the application's web interface. Only the package's author (sender) and any designated contributors can modify it. Additionally, this must be permitted by the administrator. Otherwise, the package can only be read.

 

Related content