How to Set Up sFTP for Using Certificate Authentication on Windows

These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements that way, you would first need to generate an RSA Key pair. If you need guidance to set up the Key pair, please refer to this article, which is a prerequisite to the instructions below.

  1. Start WinSCP.

  2. Click on Session and select New Session.

  3. If you see an existing sFTP site in the list, select it and jump directly to point 5. If you do not have such site configured yet, enter:

    • xfer.interactivebrokers.com in the Host name field.

    • 32 in the Port number field.

    • The username provided to you by us in the User name field.

      Select SFTP as File Protocol:

  4. To ensure the session is using the appropriate Private Key file, Click Advanced > Authentication. Verify that the Private Key file field has the appropriate Key file selected. Click OK.

  5. Click Login to connect with the sFTP host and retrieve reports in clear text.

  6. Drag documents from the right side panel (sFTP host site) to the left side panel (local machine host).

Common Issues and Solutions

  1. The Login Credentials Provided are Incorrect
    1. Ensure the correct login details are being used to connect to the sFTP server. The username and password you are entering should match the ones you have received from the Reporting Integration Team.
    2. Confirm you have configured your sFTP Client to use the Private Key file for the logon authentication (see step 4. of the above procedure.)
  2. Server Refused Our Key
    1. Try accessing the sFTP server using a different Client (FileZilla, WinSCP, CyberDuck, ect.)
    2. Ensure the Private Key file being used to Authenticate the server login attempt is related to the Public Key you originally sent to the Reporting Integration Team.
    3. Should the above checks be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the Public part to the Reporting Integration Team, as per this article.
  3. Connection Timed Out

    1. In case you have an antivirus or a security software installed on your machine, make sure it is not blocking the FTP connection attempt. Normally, security software allows to set up exceptions for specific connections in order to whitelist them.

    2. Verify that the public IP Address of the machine running the sFTP client, is the same you have originally provided to the Reporting Integration Team for being whitelisted. You can discover your public IP Address by searching the Internet for “what is my IP”. If your current IP Address is not the same you provided to us, please send it to our Reporting Integration Team for being whitelisted.

    3. Ask your network administrator/s to confirm that your firewall allows both incoming and outgoing traffic from/to xfer.interactivebrokers.com on port TCP 32.

    4. Should the above steps be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the new Public part to our Reporting Integration Team, as per this article.

Related Articles

Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports

Generate a key pair using GPG for Windows

Generate a key pair using GPG Suite on macOS

Decrypt your Reports using GPG for Windows

Decrypting Reports using your PGP Key pair on macOS

Generate RSA Key Pair on Windows

How to Access your Reports using FTP on Windows

How to Access your Reports using FTP on MacOS

How to set up sFTP for using Certificate Authentication on Windows

How to set up sFTP for using Certificate Authentication on macOS

How to backup your public/private Key pair

How to transfer your public/private key pair from one computer to another