FTP service

Lightstone Consumer provides an FTP and SFTP service to customer and partners.

There are two of ways to access the service:

• • FTP - This is normal (legacy) File Transfer Protocol access

  • (preferred) SFTP - This is Secure FTP via SSH encryption

FTP compared to SFTP

It is worth noting that the FTP protocol is quite an old standard and that all data, including usernames and passwords, are transmitted with no encryption unless TLS is explicitly enabled in the client application. FTP also makes use of multiple incoming and/or outgoing TCP connections for the transmission of control signals and data, requiring more complex firewall configuration on both ends of the connection.

SFTP, on the other hand, makes use of industry-standard strong encryption during the full lifetime of the connection to the server. In addition SFTP is based on a single TCP connection to port 2200 on the Lightstone Consumer SFTP server for transmission of control signals as well as data transfer, greatly simplifying any required firewall configurations.

Lightstone Consumer strongly recommends making use of the SFTP service available at sftp.lightstoneconsumer.co.za or sftp2.lsconsumer.co.za, as documented below, instead of the FTP service.

FTP

The FTP server can be reached at the following address:

• • ftp.lightstoneconsumer.co.za

Note that a username and password will be required.

Note regarding TLS encryption

The Lightstone Consumer FTP server supports the use of TLSv2 and TLSv3 encryption of connections, we strongly suggest that this be used. The SSL certificate used by the server is signed by Let's Encrypt and is renewed every 2 to 3 months, some FTP client applications may not be aware of the Let's Encrypt Certification Authority and may require that the certificate be accepted as a trusted certificate, either manually or via configuration. The host names the certificate is certified for are ftp.lightstoneconsumer.co.za and ftp2.lsconsumer.co.za, note that the FTP server's IP address is not certified by Let's Encrypt.

Note regarding firewall rules and the use of IP addresses to connect to the FTP service

We are aware that some clients make use of the FTP server's IP address in their application configurations and that some clients have special firewall rules to allow FTP communication with the Lightstone Consumer FTP service. The old IP address for ftp.lightstoneconsumer.co.za was 41.193.54.134, this was changed to 35.195.0.237 on 14 January 2019 and the old IP address is no longer accessible.

We always strongly suggest making use of the host name in client application configurations instead of the IP address, this will greatly simplify matters should there be any need to make FTP service changes in future.

SFTP

• • Server name: sftp.lightstoneconsumer.co.za

  • Port: 2200 (Note: not the usual SFTP port number)

  • Username: As supplied by Lightstone.

  • Password: As supplied by Lightstone, also see RSA/DSA Key Authentication below.

  • File path: All files and folders are stored under /files

RSA/DSA Key Authetication

SFTP allows for authentication using an RSA or DSA encryption private/public key pair. This method requires some additional preparation on both the client and Lightstone side, but is also considered to be a more secure methjof for authenticating SFTP sessions. This topic is mainly for IT professionals, please ensure that you already know how to use private/public key authentication for SFTP servers.

The basic procedure is as follows:

• 1. Generate a 2048-bit or 1024-bit (2048-bit preferred) RSA or DSA key pair on the client machine (On a Unix/Linux host or Windows 10 version 1903 or later the ssh-keygen command can be used for this)

  2. Forward the public key portion (in either OpenSSH or RFC 4716 format) to ict@lightstoneconsumer.co.za, indicating your SFTP server username in the email

  3. Once confirmation has been received from Lightstone that the key has been enabled, make use of the private key portion in your SFTP client to authenticate your connection to sftp.lightstoneconsumer.co.za instead of using your password

  4. Optionally request that Lightstone completely disable password authentication for your SFTP account so that having the correct private key file is the only way to connect to your SFTP account