FTP / SFTP

SFTP is the old reliable for B2B integrations. When the consumer is a vendor's ingestion pipeline, a bank reconciliation system, or a downstream enterprise app, the answer is almost always "drop the file on their SFTP host and we'll pick it up from there." Outpost handles both password-based and SSH-key-based auth, and requires explicit host key verification. There's no trust-on-first-connect.

Get the host's SSH public key

Outpost does not connect to an SFTP host it can't verify. You need the host's RSA public key up front. From any machine with OpenSSH installed:

ssh-keyscan -t rsa -p <port> <host>

For example, ssh-keyscan -t rsa -p 22 sftp.vendor.com. Copy the long base64 string after ssh-rsa (not including the ssh-rsa prefix or the trailing host comment). That's what you'll paste into the Host key field in the Connection form.

The Connection form has a hint showing the exact command with your chosen host and port filled in.

Create the Connection in Outpost

  1. Open Outpost by VCG → Connections
  2. Click New Connection and pick FTP / SFTP
  3. Fill in:
    • Connection name. e.g. Vendor X SFTP.
    • Host. Hostname or IP, e.g. sftp.vendor.com.
    • Port. Typically 22 for SFTP.
    • Remote path. The directory to write into, e.g. /incoming/outpost.
    • Username. The SFTP account name.
    • Host key. The base64 RSA public key you collected above.
    • Auth method. Choose Password or SSH Key.
    • If Password: paste the password
    • If SSH Key: upload the private key to NetSuite's Certificate Manager first (Setup → Company → Preferences → Certificates → New), then paste the certificate's Script ID into the Connection
  4. Click Test connection. Outpost opens an SFTP session, verifies the host key matches, and runs a directory listing on . to confirm connectivity.
  5. Click Save.

Configure folder and filename on the export template

SFTP paths are absolute on the remote host. The Remote path on the Connection is the starting directory; export templates can extend it or override it. Supported filename tokens: {date}, {datetime}, {search_id}.

/incoming/outpost/ar_aging_{date}.csv

What to expect on delivery

  • File format: CSV, UTF-8, with a header row
  • Overwrite behavior: If a file with the same name already exists, Outpost overwrites it. If the remote directory doesn't exist, the run fails. Outpost does not auto-create SFTP directories.
  • Mode: SFTP subsystem only. Outpost does not fall back to plain FTP.
  • Connection reuse: Each run opens a fresh SFTP session and closes it when done. There's no long-lived connection pool.

Tips & gotchas

  • Host keys rotate. If the vendor rotates their SSH host key (rare but real), every Outpost run will fail with a host key mismatch until you update the Connection. Re-run ssh-keyscan to get the new key.
  • SSH-key auth is preferred over password auth for production. Passwords expire, get rotated, and end up in shared spreadsheets. SSH keys live in NetSuite's Certificate Manager and are easier to audit.
  • Port 22 isn't universal. Some hosts use 2222 or a custom port. Always confirm with the host operator; don't assume 22.
  • Directory permissions matter. The SFTP user needs write access to the remote directory. If you can connect but can't write, the username on the host has read-only access to that path. Talk to the host operator.
  • No automatic chmod. Outpost writes the file with whatever default mode the SFTP server assigns. If the consuming process needs a specific permission bit set, the host has to handle it.

Permissions & access control

Once the file is on the SFTP server, access is controlled entirely by the host's filesystem permissions. Outpost writes under the account you authenticated as; whoever has read access to that directory can read the file. This is usually the vendor's problem, not yours.

For sensitive data moving via SFTP, confirm with the host operator that the upload directory is scoped to your user and isn't shared with other clients of theirs.

When to pick SFTP (and when not to)

Troubleshooting

  • Host key verification failed. The host key pasted into the Connection doesn't match what the server is presenting. Re-run ssh-keyscan and update it.
  • Authentication failed. Wrong username, wrong password, or wrong private key. If using SSH key auth, confirm the certificate Script ID is correct and that the private key uploaded to Certificate Manager is the one that pairs with the public key on the server's authorized_keys.
  • Permission denied on write. The SFTP user can connect but can't write to the remote path. Talk to the host operator.
  • No such file or directory. The Remote path doesn't exist on the host. Outpost doesn't create SFTP directories automatically. Create it manually on the host first.

Related

Azure Blob

Set up an Azure Blob Storage Connection in Outpost for downstream data pipelines, long-term archives, and non-BI consumers.

Authenticate your first destination

Create a Connection so Outpost can deliver files to SharePoint, OneDrive, Google Drive, Azure Blob, FTP / SFTP, or the NetSuite File Cabinet.