Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

Online Banking for Business

Secure FTP with SSH (Secure Shell)

Contents

Secure FTP Setup

... 1

Introduction

...

1

Before You Set Up S/FTP

...

1

Setting Up FTP with SSH

...

2

Sending Files... 3

Address construction

...

3

To Send a File

...

3

Receipt file

...

4

Receiving Files and Reports

... 5

Outbound (from BMO) Mail Slots

...

5

Listing received files

...

5

File naming convention

...

6

Receiving files

...

7

Appendix A – SFTP (SSH) Client Questionnaire

... 8

Appendix B - Definitions

... 10

File encoding

...

10

Other definitions

...

10

Appendix C – GXS tested SFTP software

... 11

Secure FTP Setup

I N T R O D U C T I O N

This guide explains how to configure a secure FTP connection to BMO Bank of Montreal (BMO) to allow secured communication over the Internet. The FTP transmission service provides a high speed and reliable method of transmitting files between your PC/Server and BMO.

The FTP with Secure Shell (SFTP) service uses standard File Transfer Protocol services. The connectivity is built upon the standard FTP with SSH protocol as defined by the Internet Engineering Task Force (IETF) SSH (or SECSH) working group.

This service only supports SSH2 protocol, which is the most typical implementation of FTP with SSH.

Note: SFTP connectivity supports SSH Public Key authentication and user ID/password authentication. It will first attempt SSH Public Key authentication, and if that fails, user ID/password authentication will be performed. For SSH2, either the RSA or DSA public key encryption algorithms can be used. Key lengths of 1024 (default) or 2048 are supported. This Service is provided in conjunction with GXS, Inc.

B E F O R E Y O U S E T U P S / F T P

The following items are required before you begin the setup:

• Obtain SFTP client software. Potentially any SFTP software that uses SSH2 protocol can be used for this service. See Appendix C for a list of tested SFTP software products. Please make sure to update your software to the latest supported version to avoid any possible compatibility issues.

• To use the FTP transmission service, you will need to have received the following from the BMO:

1. This user guide.

2. A SFTP questionnaire (Appendix A) - to be completed and returned to BMO. 3. A mailbox ID (same as FTP user ID) and password.

a. If you selected the SSH Public Key Authentication, we will exchange public keys.

4. Your trading relationships (also know as mail slots).

5. Please review the Send and Receive sections of this document.

• Your BMO Implementation Specialist (IS) will provide you with your user number (mailbox id) and password as well as your trading relationships (mail slots). IS will also coordinate the exchange of public keys, if you selected Public key authentication

S E T T I N G U P F T P W I T H S S H

Follow the instructions below to begin setting up SFTP.

Note: if you have a firewall on your system, you will need to have the following ports open:

Data port range – 22

•

Install and setup your SFTP client software.

Use default values in the setup with the following exceptions: • Server address is sftp.tradinggrid.gxs.com

• Connection port 22

• Enter your mailbox id (or userID) and password. NOTE: password is not

required is you are using public key authentication

• Enter the applicable FTP commands for a session.

• Optional: If your SSH implementation requires the use of public keys, exchange public keys with us. Coordinate the exchange with your IS.

Sending Files

A D D R E S S C O N S T R U C T I O N

• You can send files to us from your mailbox. In order to send files you must

establish/confirm your mail slots with your IS. Depending on the number of services you have with us, you may have more than one inbound mail slot. The construction of the Send address for you is mailbox-SEND. Your mailbox is the same as the FTP user ID.

• BMO Receive addresses have been constructed using the application, document

type and file encoding. This constructs your inbound mail slot to BMO. Your inbound mail slot consists of the following:

o Application name – provided by the IS;

o Application document type – provided by the IS;

o File encoding – provided by you when implementation was requested.

Example: When you are sending an Electronic Transfer File (EFT) file to BMO, your inbound trading relationship will look as follows: DEFT-DEFT80-A – where

DEFT is the application name, DEFT80 is the document type,

and

A is file encoding (ASCII or E for EBCDIC).

The above mail slot means that you can send 80 bytes EFT files in ASCII format. Please work with your IS to get details of all of your inbound mail slots. Refer to

Appendix B for available file encodings. T O S E N D A F I L E

In order to send files, FTP commands must be entered in your secure FTP software.

• Connect to SFTP site and login using mailbox-SEND: userID, where “mailbox” is your FTP userID. E.g. if your FTP userID is ADW12345, you would use ADW12345-SEND:

IMPORTANT: Do not forget to use a colon ( : ) at the end of the userID.

• The second step is to indicate the receiving application or inbound mail slot where you need to send a file. In the previous example we used DEFT-DEFT80-A: as a mail slot. IS will provide you with a list of all inbound mail slots. You will need to perform a CD command, indicate Binary file transfer mode, and input an optional reference number:

cd DEFT-DEFT-A:/*BIN/OPTIONALREF

where DEFT-DEFT-A is your inbound mail slot, *BIN indicates Binary mode, and OPTIONALREF is your internal optional reference information. You are not required to input the reference information.

Refer to the Address Construction section for details on address construction.

•

The final step to send a file is to use the PUT command.

In the example below, a file named “testfile.dat” located in C:\temp directory will be used. This file will also be sent in binary mode. The command to send this file would appear as:

PUT C:\temp\testfile.dat

As a result there will be four commands

Login using your mailbox-SEND: userID binary

CD DEFT-DEFT-A:/*BIN/OPTIONALREF PUT C:\temp\testfile.dat

In the example above, a file named “testfile.dat” located in C:\temp directory will be sent. This file will also be sent in binary mode. We do not require you to use any specific file names. The file will be processed based on the specified inbound mailslot (DEFT-DEFT-A)

R E C E I P T F I L E

Important: The following Receive address (or outbound mail slot) is provided in order

for you to confirm whether the file was transmitted. The address has the following format:

mailbox-RECEIPT

This address is used to receive a receipt, providing you with information on whether or not a

Sent transaction was delivered successfully. These files are text-based and contain a single

line without record terminators and should be readable on either Unix or Windows

platforms. The receipt message indicates that BMO has received your file successfully and will convey it to the appropriate product (e.g., EFT).

Note: to verify that your file has been successfully processed by the appropriate product, please checkany output reports or files generated by the Bank, e.g. reports generated by the EFT system. Always verify such reports to ensure your files have been accepted and sucessfully processed by the Bank.

Receiving Files and Reports

Any product files or reports that you expect to receive from any BMO service such as EFT, can be delivered electronically to you via the SFTP transmission service.

O U T B O U N D ( F R O M B M O ) M A I L S L O T S

BMO will send your reports and files to your mailbox. Depending on the number of services you have with us, you may have more than one outbound mail slot (also known as trading relationship). Your outbound mail slot consists of the following:

• Mailbox ID – provided by the IS • Application name – provided by the IS

• Application document type – provided by the IS

• File encoding – provided by you when implementation was requested.

BMO will send your files / reports to one of the outbound mail slots. For example, if you are set up to receive EFT reports or files your mail slot will look as follows:

ADW12345-DEFT-EFTTESTSA-W – where ADW12345 is your mailbox ID, DEFT is

the application name, EFTTESTSA is the document type, and W is the file encoding.

The above mail slot will be receiving reports from the EFT system in ASCII CRLF format. Refer to Appendix B for available file encodings.

Please work with your IS to get details of all of your outbound mail slots (or trading relationships).

L I S T I N G R E C E I V E D F I L E S

The following section will describe commands that can be used to obtain a listing of messages in your inbox that corresponds to what you have received from BMO.

• Login to the SFTP site using your mailbox ID (e.g. ADW12345).

• You will need to execute the following change directory command to list files

cd BMOCOM-SEND:%.%POLLABLE

where BMOCOM-SEND: is BMO sending directory, POLLABLE means a file(s) that has not been previously downloaded.

• Once this command has been accepted by the service, you can then request a list of files based on this filter by using the command:

dir

• Therefore to list a file for a specific mail slot you will need to perform the following commands:

cd BMOCOM-SEND:%.%POLLABLE dir

Directory of /ADW12345/BMOCOM-SEND:%.%POLLABLE

5/4/2007 9:57:17 AM 4,602 %BMOCOM-SEND%ADW12345-DEFT-FILE-W%SFTP%POLLABLE%39fea10029b8b7ov000052i3

The above means there is one new file available. The file name is:

%BMOCOM-SEND%ADW12345-DEFT-FILE-W%SFTP%POLLABLE%39fea10029b8b7ov000052i3

F I L E N A M I N G C O N V E N T I O N

File naming consists of several constants and variables. Values that are changing are bolded. For example, in the following:

%BMOCOM-SEND%ADW12345-DEFT-FILE-W%SFTP%POLLABLE%39fea10029b8b7ov000052i3

%BMOCOM-SEND% indicates the file was sent by the Bank. All file names sent by BMO will have this indicator.

%ADW12345-DEFT-FILE-W% is your outbound mail slot. This value changes and depends on the

number of outbound mail slots that you have. By using this value you can easily identify file types. %SFTP%POLLABLE% means the file has not been previously downloaded. All new files will have this in the file name.

39fea10029b8b7ov000052i3 is a unique reference number for the file. This reference

number is different for each file.

The above allows you to easily identify various files, report types, and file statuses.

R E C E I V I N G F I L E S

The process of receiving content/files uses the same commands as described in the

Listing Received Files section. However, in order to actually receive the messages

instead of just listing them, the MGET or GET command must be used. The command used is:

MGET *

If no files are found, nothing will be downloaded.

Login to SFTP site with your mailbox (FTP) id.

cd BMOCOM-SEND:%.%POLLABLE dir (optional, if you want to list files first) binary (to switch to binary mode)

MGET * (to download all new files).

If you would like to download files again, you will need to slightly modify your commands. cd BMOCOM-SEND:%.%ACCEPTED

dir (optional, if you want to list files first) binary

MGET * (to download all available files).

You will receive all previously downloaded files which are still available to download. Note: Once a file is downloaded, we will store it for 3 calendar days. If you need a file after 3 days,please contact our Cash Management Helpdesk. We will be glad to re-transmit the file/s for you.

Appendix A – SFTP (SSH) Client

Questionnaire

S E C T I O N I : BA S I C I N F O R M A T I O N A B O U T Y O U R C O M P A N Y

Company Name:

Company Business Contact Name: Company Business Contact Phone: Company Business Contact Fax: Company Business Contact Email: Company Address:

City:

Zip/Postal Code:

Country

Online Banking for Business Customer ID (if known)

Other Customer Contacts

Technical Contact Name: Technical Contact Phone: Technical Contact Fax: Technical Contact Email: Desired Production Date:

DD/MMM/YYYY

Please list services to which you want to enable file exchange (e.g. EDI, BAI, DEFT, etc.)

S E C T I O N II: GXS M A I L B O X I N F O R M AT I O N :

1. Do you have an existing mailbox on the GXS Interchange Service platform and would you like to use it?

YES, enter mailbox ID

NO, proceed to the next question

2. Would you like the same files/reports delivered and shared with multiple mailboxes (i.e. users), e.g., multiple divisions within your company that require separate access? Additional fees apply.

--- Press F1 for Help. If NO, proceed to Section III.

3. Please provide your GXS mailbox Ids (if they exist) for multiple mailbox delivery. If no mailboxes are currently set up, indicate the number of required mailboxes.

- Use this field to fill in other mailbox Ids (if you answered Yes in question 1). Press F1 for Help and proceed to Question 4

4. Would you like all files and reports delivered (shared) to multiple mailboxes or only to specific ones (e.g., specific EFT reports, EDI files, etc)?

---If only Specific product option selected, fill in the following: Enter product(s)

SE C T I O N I I I – SE C U R E F T P ( S S H ) I N F O R M A T I O N

Please provide the Secure FTP (SSH) software you want to use with this service.

Software Version

Important: Refer to Appendix C to review the list of certified software for this service.

How would you like to setup SSH authentication? UserID / Password

UserID / Public key authentication

Indicate file encoding (See Appendix B in the User Guide for encoding description)

Inbound file to BMO A (ASCII) E (EBCDIC)

Outbound files from BMO W (WINDOWS) - CR (Carriage Return) and Line Feed (LF). This means that the record terminators within the application files on the windows platform are CRLF.

A (ASCII) - The default delimiter on Unix platform is Line Feed (LF). This means that the record terminators within the application files on the Unix platform are LF

E (EBCDIC) - Mainframe format Indicate if you require PGP and / or file

compression (WinZip)?

NOTE: These are optional features and they are

not required to exchange files with the Bank

PGP file encryption WinZip file compression (not recommended for files less than 20 Mb).

Additional Notes:

Appendix B - Definitions

F I L E E N C O D I N G

BMO supports several file encoding types. These are:

W: Windows (ASCII machine) – This encoding can be used in Outbound transmission from BMO ONLY.

The default delimiter on the Windows platform is CR (Carriage Return) and Line Feed (LF). This means that the record terminators within the application files on the windows platform are CRLF.

A: Unix (ASCII machine).

The default delimiter on Unix platform is Line Feed (LF). This means that the record terminators within the application files on the Unix platform are LF.

E: Mainframe (EBCDIC machine).

There is no specific character as the record delimiter on mainframes (Unisys or IBM). The encoding of the data is EBCDIC. While sending and receiving files from the mainframes, no data conversion needs to be performed.

O T H E R D E F I N I T I O N S

• Mailbox – This is your user ID on the Secure FTP service.

• Mail slots (or trading relationships) – Mail slots belong to a mailbox and are used to receive various Cash Management files and reports. BMO sends your files and reports to an appropriate mail slot. By using mail slots, you can easily identify the application to which your files and reports belong.

Appendix C – GXS tested SFTP

software

SFTP connectivity helps to provide secure, authenticated and encrypted communications that enable clients to exchange files with BMO. Please note that potentially any software that supports standard SSH2 protocol should be working with this service.

To date, the following FTP w/SSH software products have been tested by GXS* for connectivity to this service:

•

WS_FTP Professional 2006, 2007

•

WinSCP 3.8.1 (build 328)

•

Linux sftp (Linux RedHat 3)

•

Core FTP 2.0 Professional (build 1447) Putty psftp (release 0.58)

•

CLEO 3.2

Please note: software testing to access this service is performed by GXS.

* This list does not imply any endorsement or warranty by Bank of Montreal.