How to set up sFTP for using Certificate Authentication on Linux
These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.
There are many Linux distributions and there are multiple methods to access the IBKR sFTP server. sFTP clients such as Filezilla can be used. In this article we explain how to realize the connection to the IBKR FTP server using Ubuntu Linux and Filezilla.
1. On your Linux machine, click on the Applications icon in the bottom left corner of you screen.
2. In the search box, type terminal and then click on the Terminal icon in the search results.
3. In the Terminal window, type sudo apt-get install filezilla putty-tools in order to install the required software. Enter your sudo password when requested.
4. Once the software installation is complete, type puttygen -t rsa -b 2048 -o privatekey.ppk in order to generate the RSA Key pair.
You will be asked to enter a passphrase and type it again to confirm.
PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
5. Type puttygen -L privatekey.ppk -o public.key in order to export the public part of the Key pair to the file public.key
7. In the search box, type FileZilla and then click on the FileZilla icon in the search results.
8. Click on the FileZilla top menu File -> Site Manager...
9. In the Site Manager window, click on the button New site to create a new connection.
10. In the right panel (called General):
- Select SFTP - SSH File Transfer Protocol as Protocol
- Enter xfer.interactivebrokers.com in the Host field
- Enter 32 in the Port field
- Select Key file as Logon Type
- Enter the username provided to you by Interactive Brokers in the User field
11. Click on Browse next to the Key file field.
12. Move to the folder where your Key pair was created (normally your user folder: /users/yourusername/). Select the file privatekey.ppk and click on the Open button. This will set it as the Key file in your connection parameters.
13. Click on Rename and select a name of your preference for this connection (e.g. IBKR sFTP). Press Enter to confirm the name.
14. Click on OK to save your connection parameters.
15. Click on the folder icon on the left hand toolbar of your Desktop. This will launch the File application.
16. Move to the folder where you saved your Key pair (normally your user folder: /users/yourusername/). Right click on the file public.key and select Send to...
The file will be attached to an empty email. Send the email to the Reporting Integration Team, as per IBKB3842.
Important Note: do NOT send us your private key. Send us only your public one
Once IBKR has configured the parameters for your connection on our servers, you will be notified. After that, you will be able to access your sFTP repository by using the Site connection you have created in FileZilla. In case you have not yet set up a Site connection, please follow the steps from 6. to 14. which are a prerequisite to the below steps:
1. Click on the Applications icon in the bottom left corner of you screen.
2. In the search box, type FileZilla and then click on the FileZilla icon in the search results.
3. On the FileZilla top toolbar, click the down arrow icon and select the Site connection you previously created (e.g. IBKR sFTP)
4. FileZilla will now establish a connection to our sFTP Server and show the files present in your repository.
Common issues and solutions
A. The Login Credentials Provided are Incorrect
-
Ensure the correct login details are being used to connect to the sFTP server. The username and password you are entering should match the ones you have received from the Reporting Integration Team.
-
Confirm you have configured your sFTP Client to use the Private Key file for the logon authentication (see steps 9. and 10. of the above procedure.)
B. Server Refused Our Key
-
Try accessing the sFTP server using a different Client (CyberDuck, ect.)
-
Ensure the Private Key file being used to Authenticate the server login attempt is related to the Public Key you originally sent to the Reporting Integration Team.
-
Should the above checks be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the Public part to the Reporting Integration Team, as per IBKB3842.
C. Connection Timed Out
-
In case you have an antivirus or a security software installed on your machine, make sure it is not blocking the FTP connection attempt. Normally, security software allows to set up exceptions for specific connections in order to whitelist them.
-
Verify that the public IP Address of the machine running the sFTP client, is the same you have originally provided to the Reporting Integration Team for being whitelisted. You can discover your public IP Address by searching the Internet for “what is my IP”. If your current IP Address is not the same you provided to us, please send it to our Reporting Integration Team for being whitelisted.
-
Ask your network administrator/s to confirm that your firewall allows both incoming and outgoing traffic from/to xfer.interactivebrokers.com on port TCP 32.
-
Should the above steps be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the new Public part to our Reporting Integration Team, as per IBKB3842.
References
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
活动报表上的应计利息转回项目代表什么?
Overview:
IBKR每日都会在活动报表的应计利息部分,对报表期间预期或应计赚取或将支付的利息进行计算和报告。 大约在每个月的第一周,上个月的应计利息会被〝返还〞或转回,而当月的实际利息会在现金报告板块发布。应计利息的转回操作每月进行一次,调整后应接近实际利息,但它们可能并不总是完全相同,因为应计额是对实际利息的预测。
账户持有人还应注意,报告期内的应计利息需超过1美元(正数或负数)才会显示出来。低于1美元的余额会作保存,当加上未来应计利息后金额超过1美元时将予显示。
卖空股票收入的贷方利息
Overview:
如何确定与股票借入仓位相关的贷方利息或费用
Background:
账户持有人卖空股票时,IBKR会代账户持有人借入相应数量的股票,以履行向买方交付股票的义务。根据借入股票的股票借贷协议,IBKR需向股票出借方提供现金抵押品。现金抵押品的金额基于股票价值的行业标准计算,称为抵押品标记。
股票出借方就现金抵押品向IBKR提供利息,利率通常会低于现金抵押存款的现行市场利率(通常与美元计价现金存款的联邦基金有效利率挂钩),其中的差额即作为出借方提供此服务收取的费用。对于难以借入的股票,出借方所收取的费用会相应提高,可能会导致净利率变为负,IBKR反而被倒扣费用。
许多经纪商只会向机构客户提供部分利息返还,但所有IBKR客户其卖空股票收入超出10万美元或等值其它货币的部分都可以获得利息。当某证券可供借用的供应量高于借用需求时,账户持有人可就其卖空股票余额获得的利息利率相当于基准利率(例如,美元余额采用联邦基金有效隔夜利率)减去一个利差(目前介于1.25%(10万美元档的余额)至0.25%(300万美元以上的余额)之间)。利率可能会在无事先通知的情况下发生变化。
当某特定证券的供求不平衡导致其难以借入时,借出方提供的利息返还将会减少,甚至可能导致向账户倒扣费用。该等利息返还或倒扣费用会以更高的借券费用的形式转嫁给账户持有人,这可能会超过卖空收入所得的利息,导致账户最终算下来还付出了费用。由于利率因证券和日期而异,IBKR建议客户通过客户端/账户管理中的支持部分,访问〝可供卖空股票〞工具,查看卖空的指示性利率。请注意,该等工具中反映的指示性利率对应的是IBKR向第三等级余额支付的卖空收入利息,即卖空收入为300万美元或以上。对于较低的余额,其利率将根据余额等级和交易货币对应的基准利率进行调整。可使用“对卖空收益现金余额向您支付的利息”计算器计算适用的利率。
请参阅证券融资(融券)页面的更多范例和计算机。
重要提示
“可供卖空股票”工具和TWS中关于可供借用股票和指示性利率的信息,是在尽最大努力的基础上提供,不保证其准确性或有效性。 “可供卖空股票”包括来自第三方的信息,不会实时更新。利率信息仅为指示性质。在当前交易时段执行的交易通常在2个工作日内结算,实际供应和借入成本在结算日确定。交易者应注意,在交易和结算日之间,利率和供应可能会发生重大变化,尤其是交易稀少的股票、小盘股和即将发生公司行动(包括股息)的股票。详情请参阅卖空的操作风险(Operational Risks of Short Selling。
非美国居民要缴纳预扣税吗?
Overview:
纳税义务相关信息根据要求上报给您居住国家以及其它国家(如果交易的产品有地方预扣税要求)的税务机关。除非有税务机关明确要求,某则IBKR不会就证券交易收入扣缴税款。根据美国税法规定,我们对美国公司向外国人士支付的股息按30%的税率进行扣税。如果美国与您的所在国有税务协定,税率可能会有一定优惠。此外,投资利息收入没有美国预扣税。非美国人士和大多数实体的所有预扣税均将在每年年末通过表格1042-S申报。更多信息,请参见美国国税局901和/或咨询您的税务顾问。
为什么活动报表的现金报告部分反映的是证券和商品之间的内部转账?
根据监管要求,IBKR须将您账户中的证券资产和商品资产分隔开来。 这些商品资产可能包含期货期权仓位的市场价值加上用作商品期货和期货期权仓位保证金的现金。 您商品仓位的保证金要求会定期重新计算,如果保证金降低,则多出来的现金便会从账户的商品分区转到证券分区。 同样,如果商品保证金要求提高,IBKR也会将资金从证券分区转到商品分区。 由于美国证券投资者保护公司(SIPC)的保险覆盖的是您账户证券分区(而非商品分区)的资产,这种定期转账也是为了确保您的现金能得到最大程度的保护。 请注意,这种现金移动表示的是您账户中的日记账分录,是用来互相抵消的,因此对账户的总现金余额并没有影响(参考活动报表现金报告的总计栏)。
Generate RSA Key Pair on Windows
These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.
To generate an RSA Key pair:
1. Download WinSCP.
2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.
3. Start WinSCP and from the button Tools select Run PuTTYgen.
2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.
3. Start WinSCP and from the button Tools select Run PuTTYgen.
4. Once the tool PuTTYgen has been launched, click Generate. Select RSA as Type of key to generate, 2048 as Number of bits in generated key and click on the button Generate.
5. Click "Save private key" and give the file a name (like private). Leave the extension as .ppk ('ale.ppk', in the picture below is an example filename).
Important Note: do NOT save your public key yet. Save only your private one.
.png)
6. Open WinSCP, create a new connection and:
- Select SFTP as File protocol.
- Enter xfer.interactivebrokers.com in the Host name field.
- Enter 32 in the Port number field.
7. Click on the button Advanced.
8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):
8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):
9. Click on the button Display public key:
10. Click on the button Copy Key.
11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:
11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:
12. Send the file you saved at the previous step to us via Message Center ticket or email as per instructions on IBKB3842
14. Once the IBKR Sales Engineering Team has configured the parameters for your connection on our servers, you will be able to access your SFTP repository by using the connection you have created.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
Decrypting Reports Using Your PGP Key Pair on macOS
Note: This tutorial assumes you received reports via email or via FTP that were encrypted with the public key you sent to IBKR . If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.
1. Open Finder
2. Right click on the .gpg file you want to decrypt
3. Select Services > OpenPGP: Decrypt File
Common Issues/Questions
- Decryption failed with error 'No Secret Key'
This is commonly caused when the wrong encryption key is used to decrypt the file. If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer.
If the above does not help, then a new public/private key pair needs to be created and sent to us.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
Generate a Key Pair Using GPG Suite on macOS
If you elected to receive your statements in an encrypted form, you would first need to generate an RSA Key pair. To generate an RSA Key:
1. Download the GPG Suite for macOS
2. Double click on the downloaded installation file:
3. Click on Install
4. Click Continue
5. Click on Install
6. Click Install
Note: By default the installation includes an add-on for Apple Mail called GPG Mail. If you don't use Apple Mail and do not need this add-on, you can de-select it during this step.
7. Click on Close:
8. Launch GPGTools. The Create new key pair dialog box should automatically open. Input your Full Name, your Email and choose a Password. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
9. Expand Advanced options and make sure that:
- The "Key type" drop-down is set to "RSA and RSA (default)"
- "Length" is set to "2048"
- The checkbox "Key will expire on" must remain NOT active
Important Note: Please be absolutely certain to set "Key type" to "RSA and RSA (default)" otherwise the key will be unusable.
10. Click on the button Create Key
.png)
11. Once the key pair is created it will be listed in your Key ring. Right click on it and select Export...
.png)
12. Choose a location to save the key pair in the Where field and make sure the checkbox Include secret key in exported file is deactivated. Click on Save.
.png)
13. You will receive a prompt indicating that the key pair was created successfully. Click on No, Thanks! to prevent uploading the public key to the PGP servers
.png)
14. Open Finder and go to the location you selected for saving the public key (at point 12).
15. Send the public key file to us via Message Center ticket or email as per instructions on IBKB3842.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOSKB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
Generate a Key Pair Using GPG for Windows
To generate a key pair using GPG for Windows:
1. Download the GPG Installer for Windows.
2. Run the installer and click Next >.
3. Make sure that the component Kleopatra is selected as one of the sub components to include in the installation and click Next >.
.png)
4. The default installation folder will be displayed. Click Install.
.png)
5. Once the installation has completed, click Next >.
6. Make sure the checkbox Run Kleopatra is active and click Finish.
7. Kleopatra will now open. Click the top menu File and select New OpenPGP Key Pair...
8. Enter your full Name and your Email address. Make sure the checkbox Protect the generated key with a passphrase is active. Click Advanced Settings...
9. Enter the following Key parameters:
- Select RSA + RSA as Key type
- Select 2,048 bits and 2,048 bits as Key lengths
- Activate the checkboxes: Encryption, Certification, Signing and Authentication. The first two should be already active by default
- Deactivate the option Valid until
Once all the parameters have been set exactly as in the image below, click OK.
10. You will return to the Create OpenPGP Certificate window. Click OK.
11. You will be asked to enter a passphrase and type it again in the field Repeat: to confirm you made no typing errors. Once done, click OK. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
12. A pop-up will confirm the Key Pair has been successfully created. Click OK.
.png)
13. in the All Certificates panel, right-click on the newly created certificate and select Export...
14. Navigate to the directory where you want to save your the public portion of your key (e.g. Desktop). Choose a name such as publickey.asc and click Save.
15. Open the Windows File Explorer and navigate to the directory where you saved the key. You will find the public.asc file ready to be sent to us via Message Center ticket or email as per instructions in IBKB3842:
16. Although this is not strictly needed, we strongly recommend you to perform a backup of your Key Pair, following the steps in KB4411. This backup copy of the certificates can be imported again in Kleopatra in case the original set becomes corrupted or accidentally deleted.
References
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOSKB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
Using GPG/RSA Encryption Keys to Guarantee the Privacy and Security of Your Reports
Background:
In order to ensure the privacy and security of your Reports and Statements, IBKR offers the following file delivery options:
A. sFTP (Secure FTP) - Recommended solution
- We can send you Reports using the sFTP (Secure FTP) protocol on non-standard TCP port 32.
- sFTP is a network protocol that utilizes SSH (Secure Shell) for the transfer, management, and access of files through an encrypted data stream.
- Key based authentication is required. You will authenticate against our sFTP server through a unique RSA - 2048-bit public/private key pair, generated directly by you. We will use only your public key as authentication method for our sFTP server. Since the two keys are mathematically linked, only the private key holder (you) will be able to access the data.
- PGP encryption1 is optional.
B. Email with PGP (Pretty Good Privacy) Encryption
- We can encrypt your Reports using PGP (Pretty Good Privacy) certificates and send you those reports via email.
- PGP encryption1 is optional but recommended. If you opt to receive your Reports via email without encryption, any account sensitive data will be masked.
C. Plain FTP with PGP (Pretty Good Privacy) Encryption
- We can send you Reports using the regular FTP protocol on standard TCP port 21.
- PGP encryption1 is required. We can encrypt your Reports using PGP (Pretty Good Privacy) certificates.
Note 1: PGP encryption is based on a private/public key pair, which is unique and generated directly by you. We will use only your public key to encrypt your Reports. Since the two keys are mathematically linked, only the private key holder (you) will be able to decrypt the files.
To start the process, please select one of the options below according to the way you wish to access your Reports:
A. I Want to Receive my Reports via Secure FTP (sFTP)
When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:
1) Install a FTP application. There are many free FTP application suites that can be used, like FileZilla or WinSCP.
2) Generate a public/private RSA key pair. Please follow the procedure below according to the Operating System you use:
3) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
-
Write "Attn. Reporting Integration Team" in the subject.
-
Write a short request for a IBKR hosted plain FTP in the message body
-
Write the IP Address(es) your connection will originate from in the message body
-
Paste the content (the alphanumeric string) of your RSA public key file in the message body
Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.
Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.
4) IBKR will notify you within 1-2 business days, once your sFTP site has been set up.
5) Set your RSA key pair as authentication method for your sFTP client. Please follow the procedure below according to the Operating System you use:
B. I Want to Receive my Reports via Email with PGP Encryption
When electing to receive emails that contain encrypted data from IBKR, please follow the steps below:
1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:
2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
-
Write "Attn. Reporting Integration Team" in the subject
-
Paste the content (the alphanumeric string) of your PGP public key file in the message body
Alternatively, you can send an email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject and attach your PGP public key.
Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.
3) IBKR will notify you once your public key was imported on our systems. You will then enable the encryption for email file delivery from your Client Portal.
4) Use your key pair to decrypt the emails with the encrypted attachment/s. Please follow the procedure below according to the Operating System you use:
C. I Want to Receive my Reports via FTP with PGP Encryption
When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:
1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:
2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
-
Write "Attn. Reporting Integration Team" in the subject
-
Write a short request for a IBKR hosted plain FTP in the message body
-
Paste the content (the alphanumeric string) of your PGP public key file in the message body
Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.
Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.
3) IBKR will notify you once your public key has been imported on our systems. You will then enable the encryption for FTP file delivery from your Client Portal.
4) Access our FTP site and use your PGP key pair to decrypt the files you receive. Please follow the procedure below according to the Operating System you use:
Additional procedures
- How to back up your public/private key pair
- How to transfer your public/private key pair from one computer to another
References
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4819 - How to set up sFTP for using Certificate Authentication on Linux
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
