How to set up sFTP for using Certificate Authentication on Linux

These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.

There are many Linux distributions and there are multiple methods to access the IBKR sFTP server. sFTP clients such as Filezilla can be used. In this article we explain how to realize the connection to the IBKR FTP server using Ubuntu Linux and Filezilla.

 

  • How to generate an RSA Key pair

1. On your Linux machine, click on the Applications icon in the bottom left corner of you screen.

2. In the search box, type terminal and then click on the Terminal icon in the search results.
 
3. In the Terminal window, type sudo apt-get install filezilla putty-tools in order to install the required software. Enter your sudo password when requested.


4. Once the software installation is complete, type puttygen -t rsa -b 2048 -o privatekey.ppk in order to generate the RSA Key pair.
You will be asked to enter a passphrase and type it again to confirm.
PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
 
5. Type puttygen -L privatekey.ppk -o public.key in order to export the public part of the Key pair to the file public.key


6. Click on the Applications icon in the bottom left corner of your screen.
 
7. In the search box, type FileZilla and then click on the FileZilla icon in the search results.

8. Click on the FileZilla top menu File -> Site Manager...
 
9. In the Site Manager window, click on the button New site to create a new connection.
 
10. In the right panel (called General):
  • Select SFTP - SSH File Transfer Protocol as Protocol
  • Enter xfer.interactivebrokers.com in the Host field
  • Enter 32 in the Port field
  • Select Key file as Logon Type
  • Enter the username provided to you by Interactive Brokers in the User field
 
11. Click on Browse next to the Key file field.
 
12. Move to the folder where your Key pair was created (normally your user folder: /users/yourusername/). Select the file privatekey.ppk and click on the Open button. This will set it as the Key file in your connection parameters.
 
13. Click on Rename and select a name of your preference for this connection (e.g. IBKR sFTP). Press Enter to confirm the name.
 
14. Click on OK to save your connection parameters.
 
15. Click on the folder icon on the left hand toolbar of your Desktop. This will launch the File application.
 
16. Move to the folder where you saved your Key pair (normally your user folder: /users/yourusername/). Right click on the file public.key and select Send to...
The file will be attached to an empty email. Send the email to the Reporting Integration Team, as per IBKB3842.
Important Note: do NOT send us your private key. Send us only your public one

 

  • How to connect to our sFTP Server

Once IBKR has configured the parameters for your connection on our servers, you will be notified. After that, you will be able to access your sFTP repository by using the Site connection you have created in FileZilla. In case you have not yet set up a Site connection, please follow the steps from 6. to 14. which are a prerequisite to the below steps:

1. Click on the Applications icon in the bottom left corner of you screen.
 
2. In the search box, type FileZilla and then click on the FileZilla icon in the search results.
 
3. On the FileZilla top toolbar, click the down arrow icon and select the Site connection you previously created (e.g. IBKR sFTP)
 
4. FileZilla will now establish a connection to our sFTP Server and show the files present in your repository.

 

Common issues and solutions

A. The Login Credentials Provided are Incorrect
  1. Ensure the correct login details are being used to connect to the sFTP server. The username and password you are entering should match the ones you have received from the Reporting Integration Team.
  2. Confirm you have configured your sFTP Client to use the Private Key file for the logon authentication (see steps 9. and 10. of the above procedure.)
B. Server Refused Our Key
  1. Try accessing the sFTP server using a different Client (CyberDuck, ect.)
  2. Ensure the Private Key file being used to Authenticate the server login attempt is related to the Public Key you originally sent to the Reporting Integration Team.
  3. Should the above checks be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the Public part to the Reporting Integration Team, as per IBKB3842.
C. Connection Timed Out
  1. In case you have an antivirus or a security software installed on your machine, make sure it is not blocking the FTP connection attempt. Normally, security software allows to set up exceptions for specific connections in order to whitelist them.
  2. Verify that the public IP Address of the machine running the sFTP client, is the same you have originally provided to the Reporting Integration Team for being whitelisted. You can discover your public IP Address by searching the Internet for “what is my IP”. If your current IP Address is not the same you provided to us, please send it to our Reporting Integration Team for being whitelisted.
  3. Ask your network administrator/s to confirm that your firewall allows both incoming and outgoing traffic from/to xfer.interactivebrokers.com on port TCP 32.
  4. Should the above steps be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the new Public part to our Reporting Integration Team, as per IBKB3842.

 

References

KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another