Skip to content
Zero Transfer SDK

createSftpProviderFactory

function createSftpProviderFactory(options?: SftpProviderOptions): ProviderFactory;

Defined in: src/providers/native/sftp/NativeSftpProvider.ts:243

Creates a ProviderFactory backed by the native SSH/SFTP protocol stack - no ssh2 dependency required.

Supported algorithms

  • Key exchange: curve25519-sha256, curve25519-sha256@libssh.org
  • Host keys: ssh-ed25519, ecdsa-sha2-nistp256/384/521, rsa-sha2-256, rsa-sha2-512 (legacy SHA-1 ssh-rsa is rejected)
  • Ciphers: aes128-ctr, aes256-ctr
  • MACs: hmac-sha2-256, hmac-sha2-512

Authentication

  • password
  • keyboard-interactive (RFC 4256)
  • publickey for Ed25519 and RSA private keys (rsa-sha2-512 preferred, rsa-sha2-256 fallback). Encrypted keys are unlocked via profile.ssh.passphrase.

Host-key verification

  • The server’s signature over the exchange hash is always verified.
  • Optional pinning via profile.ssh.pinnedHostKeySha256 (SHA256:..., raw base64, or hex).
  • Optional profile.ssh.knownHosts (OpenSSH format, hashed and plain patterns, [host]:port, negation, and @revoked markers).

Resilience

  • readyTimeoutMs bounds TCP connect + SSH handshake.
  • keepaliveIntervalMs keeps idle sessions alive through stateful firewalls / NAT.

Parameters

Section titled “Parameters”
ParameterType
optionsSftpProviderOptions

Returns

Section titled “Returns”

ProviderFactory

Example

Section titled “Example”
const client = createTransferClient({
  providers: [createSftpProviderFactory({
    readyTimeoutMs: 10_000,
    keepaliveIntervalMs: 30_000,
  })],
});
const session = await client.connect({
  provider: "sftp",
  host: "sftp.example.com",
  username: "deploy",
  ssh: {
    privateKey: { kind: "literal", value: process.env.DEPLOY_KEY! },
    pinnedHostKeySha256: "SHA256:abc...",
  },
});