How to Set Up sFTP for Using Certificate Authentication on macOS

These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements that way, you would first need to generate an RSA Key pair. If you need guidance to set up the Key pair, please refer to this article, which is a prerequisite to the instructions below.

Note: There are many sFTP Clients available for macOS, either licensed or freeware. In this procedure we will refer to FileZilla, which is free of charge, but you can use a different one. FileZilla for macOS can be downloaded here.

1. Once you have installed FileZilla, launch it.

2. Click on File in the top left and select Site Manager:

3. If you see an existing Interactive Brokers sFTP site in the list, jump directly to point 6. If you do not have such site configured yet, Click New Site and select SFTP – SSH File Transfer Protocol as Protocol:

4. Change Logon Type from Normal to Key File and click on Browse to select the corresponding Private Key file from the designated directory where it is saved.

5. Enter:
  • in the Host field.
  • 32 in the Port field.
  • The username given you by Interactive Brokers in the User field.

6. Click Connect. Once successfully connected, you will be able to drag files from the Remote site (right side panel) to the Local machine (left side panel). In this way you will download the files on your local machine.


Common issues and solutions

A. The Login Credentials Provided are Incorrect
  1. Ensure the correct login details are being used to connect to the sFTP server. The username and password you are entering should match the ones you have received from the Reporting Integration Team.
  2. Confirm you have configured your sFTP Client to use the Private Key file for the logon authentication (see step 4. of the above procedure.)
B. Server Refused Our Key
  1. Try accessing the sFTP server using a different Client (FileZilla, WinSCP, CyberDuck, ect.)
  2. Ensure the Private Key file being used to Authenticate the server login attempt is related to the Public Key you originally sent to the Reporting Integration Team.
  3. Should the above checks be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the Public part to the Reporting Integration Team, as per IBKB3842.
C. Connection Timed Out
  1. In case you have an antivirus or a security software installed on your machine, make sure it is not blocking the FTP connection attempt. Normally, security software allows to set up exceptions for specific connections in order to whitelist them.
  2. Verify that the public IP Address of the machine running the sFTP client, is the same you have originally provided to the Reporting Integration Team for being whitelisted. You can discover your public IP Address by searching the Internet for “what is my IP”. If your current IP Address is not the same you provided to us, please send it to our Reporting Integration Team for being whitelisted.
  3. Ask your network administrator/s to confirm that your firewall allows both incoming and outgoing traffic from/to on port TCP 32.
  4. Should the above steps be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the new Public part to our Reporting Integration Team, as per IBKB3842.


Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another