SFTP Guide

Connect to TrustMFT using any standard SFTP client.

What is SFTP?

SFTP (SSH File Transfer Protocol) is a secure, encrypted protocol for transferring files. It is widely supported by automation tools, scripts, and dedicated client applications. TrustMFT's SFTP server lets you integrate file transfers directly into your workflows.

Connection Details

Host sftp.trustmft.com
Port 2222
Protocol SFTP (SSH File Transfer Protocol)
Username Your SFTP username (letters, digits, dots, underscores, hyphens — e.g. john_doe)
Authentication Password or SSH public key — both are supported

SFTP credentials are separate from your web portal login. Your administrator sets your SFTP username and password, and can register SSH public keys, from the Users page. Your username may only contain letters, digits, dots (.), underscores (_), and hyphens (-).

Your SFTP Page in the Portal

Log in to the web portal and click SFTP in the sidebar to view your SFTP settings. The page has two sections:

Connection Details

Shows the host, port, and your SFTP username, plus a one-click copy of the command-line connect string. If your administrator has not set up your SFTP credentials yet, a notice will appear here asking you to contact them.

SSH Keys

Lists every SSH public key registered on your account — label, key type, fingerprint, and the date it was added. This is a read-only view; to add or remove keys, contact your administrator.

If your account is configured for key-only authentication, the Change SFTP Password section is replaced by a notice: "Password login is disabled for your account. Connect using your SSH key." This means your SFTP password will not be accepted — use your private key file instead.

Verify your key is registered before connecting for the first time. Check the SSH Keys card on your SFTP page — if the fingerprint of your key is listed there, you are ready to connect.

Authentication Methods

TrustMFT supports two ways to authenticate over SFTP. Your administrator chooses which to configure for your account — or both can be active at the same time.

MethodBest forHow it works
Password Interactive use, quick setup Your administrator sets an SFTP password. You enter it each time you connect.
SSH public key Automation, scripts, CI/CD pipelines You generate a key pair. The public key is registered by your administrator. Your private key never leaves your machine.

Setting Up SSH Key Authentication

SSH key authentication lets you connect without typing a password. There are two ways to get a key registered on your account:

Option A — Administrator generates the key pair for you (recommended)

Your TenantAdmin can generate an Ed25519 key pair directly from the portal:

1

The admin goes to Users → [your account] → SFTP Credentials → SSH Keys → Generate Key Pair and clicks Generate.

2

The private key downloads automatically as a .pem file. The admin sends this file to you securely — it is shown only once and never stored on the server.

3

Restrict the file permissions so only you can read it:

macOS / Linux: chmod 600 ~/Downloads/trustmft-yourname.pem

Windows: Right-click → Properties → Security → remove all accounts except your own.

4

Connect using the .pem file as your private key (see client instructions below).

Option B — Generate your own key pair

You can generate a key pair yourself and share only the public key with your administrator.

Open a terminal and run:

ssh-keygen -t ed25519 -C "your-label"

Press Enter to accept the default location. This creates:

  • ~/.ssh/id_ed25519 — your private key (never share this)
  • ~/.ssh/id_ed25519.pub — your public key (share this with your admin)

Copy the public key and send it to your TenantAdmin:

# macOS / Linux
cat ~/.ssh/id_ed25519.pub

# Windows (PowerShell)
Get-Content "$env:USERPROFILE\.ssh\id_ed25519.pub"

The admin pastes it into SFTP Credentials → SSH Public Keys → Add Public Key. Once registered you can connect without a password.

Tip: You can register multiple public keys on one account — for example, one for your laptop and one for a CI server. Each key can be revoked independently.

Key-only accounts: If your administrator enables Require Key Auth, password login is disabled entirely. If you see "Password authentication is disabled for this account", you must connect using a registered SSH key.

Connecting with FileZilla

Password authentication

1

Open FileZilla and go to File → Site Manager (or press Ctrl+S).

2

Click New Site and give it a name (e.g., TrustMFT).

3

Enter the connection details:

  • Protocol: SFTP – SSH File Transfer Protocol
  • Host: sftp.trustmft.com
  • Port: 2222
  • Logon Type: Normal
  • User: your SFTP username
  • Password: your SFTP password
4

Click Connect. Accept the host key fingerprint on first connection.

SSH key authentication

1

In Site Manager, set Logon Type to Key file.

2

In the Key file field, browse to your private key file (e.g., C:\Users\YourName\.ssh\id_ed25519 on Windows or ~/.ssh/id_ed25519 on macOS/Linux). Leave the password field blank.

3

Click Connect. If your private key has a passphrase you will be prompted for it once.

Connecting with WinSCP

Password authentication

1

Open WinSCP and click New Session.

2

Set the File protocol to SFTP and fill in:

  • Host name: sftp.trustmft.com
  • Port number: 2222
  • User name: your SFTP username
  • Password: your SFTP password
3

Click Login. Accept the host key on first connection.

SSH key authentication

1

In the New Session dialog, click Advanced…SSH → Authentication.

2

Under Private key file, browse to your private key. WinSCP supports OpenSSH and PuTTY (.ppk) formats. If your key is in OpenSSH format, WinSCP will offer to convert it — click OK.

3

Leave the Password field blank and click Login.

Connecting with Cyberduck

1

Click Open Connection and choose SFTP (SSH File Transfer Protocol) from the dropdown.

2

Enter sftp.trustmft.com as the server, port 2222, and your SFTP username.

  • Password auth: enter your SFTP password and click Connect.
  • Key auth: expand More Options, check Use Public Key Authentication, and select your private key file. Leave the password blank.

Connecting with Transmit (macOS)

1

Open Transmit and click New Connection (or press ⌘N).

2

Choose SFTP from the protocol list and enter:

  • Address: sftp.trustmft.com
  • Port: 2222
  • Username: your SFTP username
  • Password auth: enter your SFTP password.
  • Key auth: leave the password blank and set SSH Key to your private key file.
3

Click Connect. Save the connection to your Favorites for quick access next time.

Command-Line (Terminal)

Password authentication:

sftp -P 2222 your_username@sftp.trustmft.com

SSH key authentication (specify your private key with -i):

sftp -P 2222 -i ~/.ssh/id_ed25519 your_username@sftp.trustmft.com

To avoid typing the -i flag every time, add a block to your SSH config (~/.ssh/config on macOS/Linux, C:\Users\YourName\.ssh\config on Windows):

Host trustmft-sftp
    HostName sftp.trustmft.com
    Port 2222
    User your_username
    IdentityFile ~/.ssh/id_ed25519

Then connect with just:

sftp trustmft-sftp

Common commands once connected:

ls              # list files
cd foldername   # change directory
mkdir foldername # create a folder
get filename    # download a file
put filename    # upload a file
bye             # disconnect

Automating Transfers (Scripts & CI/CD)

SSH key authentication is the recommended approach for automated transfers because no password needs to be stored in scripts or environment variables. A typical sftp batch command:

sftp -P 2222 -i /path/to/id_ed25519 -b - your_username@sftp.trustmft.com <<'EOF'
put /local/path/report.csv /Incoming/
bye
EOF

Store the private key file with mode 600 (owner read-only) and never commit it to source control. Use your CI platform's secret store (GitHub Actions Secrets, Azure DevOps Secure Files, etc.) to inject it at runtime.

File System Layout

When you connect via SFTP, you will see a virtual directory structure. Each folder corresponds to a folder in your TrustMFT client account. Files uploaded via SFTP appear in the web portal and vice versa — they share the same storage.

Account Lockout

After 5 consecutive failed password login attempts, your SFTP account will be temporarily locked for 15 minutes. This applies to password authentication only — SSH key authentication does not trigger the lockout counter. If you are locked out, wait 15 minutes or contact your administrator.

Troubleshooting

ProblemSolution
Connection refused Verify the host and port (2222). Check your network or firewall allows outbound connections on port 2222.
Authentication failed (password) Double-check your SFTP username and password. Remember: these are separate from your portal login credentials.
Authentication failed (SSH key) Confirm your administrator has registered your public key. Verify you are using the correct private key file and that its permissions are not too open (chmod 600 ~/.ssh/id_ed25519 on macOS/Linux).
Account locked Wait 15 minutes after 5 failed password attempts, or ask your administrator to reset your SFTP password. Switching to SSH key authentication avoids this entirely.
Host key warning Accept the host key fingerprint on first connection. If you see this warning after previously connecting, contact your administrator as it may indicate a configuration change.
Key file format error (WinSCP) WinSCP uses PuTTY (.ppk) format internally. When you load an OpenSSH key, WinSCP will offer to convert it — click OK and save the converted file.
"Password authentication is disabled" Your account is configured to require SSH key authentication. Password login is not accepted. Contact your administrator to register your public key, or ask them to re-enable password login if appropriate.