SFTP
Pushing the Recording Files Through SFTP
The Pipe Platform can push the recording files to your destination server through the SSH File Transfer Protocol.
You can only use one of the two protocols (FTP(S) or SFTP) at a time.
The default SSH/SFTP port is 22. If a firewall protects your destination server, your firewall rules must allow inbound connections on port 22 from the IPv4 addresses below.
We only support password-based
authentication. We don’t support none
, public-key
, host-based
, or keyboard-interactive
authentication.
All files belonging to a recording are pushed sequentially through the same SFTP connection. There will be a new connection for each such group of files.
Whether or not a push attempt is deemed successful depends on establishing the SFTP connection, authenticating, and pushing the main recording output file (processed .mp4 recording or raw recording) to the designated folder.
To set up the SFTP transfer, fill in the form on the SFTP page with the required credentials. The resulting recording files (mp4, raw recording, snapshot, and filmstrip) of new recordings will be pushed by the Pipe Platform to your storage using SFTP. Currently, the Pipe Platform can’t be set up to push the files of existing recordings that have been processed.
When you choose SFTP as a storage option, you must fill in the following credentials:
- SFTP Host - The IPv4 or domain name of your SFTP server. We do not support IPv6. The max string length for the IP or domain name is 100 characters.
- Port - The port on which your SFTP server runs SSH (the default port for SSH is 22). A number between 0 and 65536.
- SFTP Username - The username that will be used to log in to your SFTP Server. The max string length for the username is 100 characters and it is case-sensitive.
- SFTP Password - The password that will be used to log in to your SFTP Server. The max string length for the password is 100 characters and it is case-sensitive.
- SFTP Folder - The folder in which the files will be pushed (the path must exist and the user should have write privileges). The max string length for the folder name is 100 characters.
At any time, you can manually remove your SFTP credentials. The credentials are also deleted from our database when your account is manually or automatically deleted.
The production servers opening the SFTP connection have the following IPs:
- 162.55.182.247 (EU2 region)
- 167.99.110.163 (US1 region, west)
- 68.183.96.15 (US2 region, east)
- 116.203.232.162 (SFTP test)
Securing Your SFTP Setup
For a more secure SFTP setup, we recommend the following measures:
- Important: limit the IPs that can open a connection to your server’s SSH/SFTP port (22 is the default) to the IPv4 addresses above.
- Restrict the user account to have access to the SFTP subsystem only. That way they can’t get a shell. You can do that by adding the following line,
ForceCommand internal-sftp
in/etc/ssh/sshd_config
. - Set a disk quota for the user account so that someone with access to the user credentials can’t mistakenly or maliciously fill up your disk. DigitalOcean has a tutorial on How To Set Filesystem Quotas.
- Disable your user’s ability to delete files or folders. You can do that by denying remove requests with
ForceCommand internal-sftp -P remove,rmdir
in/etc/ssh/sshd_config
. - Set up a cron job or similar mechanism to periodically scan the folder and copy out files.
SFTP Logs
We keep a log for each attempt to push a group of recording files to your configured SFTP storage. The logs are available for 30 days through https://dashboard.addpipe.com/sftp_logs.
The logs table contains the following information:
Recording ID | The ID of the recording for which this log was saved. |
Date & time | Date and time for when the log was saved to our database. |
SFTP details | The details of SFTP connection: |
* Host - The address of the server to which we attempted to open the SFTP connections. | |
* Username - The username. | |
* Folder - The destination folder. | |
* Protocol/Port - The protocol and the port used to establish the connection. | |
File(s) | The names of the files we attempted to upload. Up to 4 files will be listed here. |
Status | The upload status. |
SFTP Upload Status Types
OK | Upload of the main recording file (mp4 or raw recording) was successful. |
FILE_MISSING | The local main recording file (mp4 or raw recording) on Pipe’s transcoding server is missing. |
UPLOAD_FAILED | This may be triggered by various causes, but mostly it is a permission problem on the remote folder, a connection interruption while uploading, a file size constraint, or the firewall blocking the passive connection’s port. |
SFTP_LOGIN_FAILED | Either the username or password for the SFTP connection is incorrect. |
INCORRECT_SFTP_FOLDER | The directory or the path to the directory in which the files should have been uploaded did not exist or was incorrectly named. |
SFTP_CONNECTION_TIMEOUT | The attempt to open an SFTP connection to the remote server did not succeed in 10 seconds and timed out. This can happen if the remote server is behind a firewall, does not accept remote connections, or is offline altogether. |