SFTP Nodes for n8n

Introduction

The /n software n8n nodes extend n8n with powerful integration capabilities backed by the /n software node library. These nodes allow workflows to securely exchange data with external systems using proven Internet protocols and services.

Two commonly used nodes for secure file transfer are the SFTPSender and SFTPTrigger nodes:

• The SFTPSender node is used to upload files or data from an n8n workflow to a remote SFTP server, and may also be used to download files or list directories on demand.
• The SFTPTrigger node is used to poll an SFTP server on a schedule, downloading files, listing directories, or deleting files as part of an automated workflow.

Both nodes use SSH for transport security and support password, public-key, and advanced authentication methods. This article provides an overview of both SFTP nodes, their basic configuration, and common usage patterns.

Node Installation

Before proceeding, please ensure that the /n software n8n nodes have been installed successfully. For instructions on how to install the /n software n8n nodes, please refer to the installation guide here. Afterwards, assuming the mentioned node location is populated, simply restart your n8n server instance, and the /n software nodes should be searchable via the n8n UI.

Authentication Overview

Both SFTP nodes connect to remote systems using SSH. At a minimum, you must configure the SSHHost property, which represents the hostname or IP of the remote SFTP server. You may also set the SSHPort if the server is not running on the default SSH port (22 by default).

In order to authenticate with the server, you will need to specify the SSHUser property, and either the SSHPassword or SSHCert* properties, depending on the SSHAuthMode in use. The following are the supported values for SSHAuthMode, and a description of each:

• None - The node will attempt anonymous authentication.
• Multi Factor - The node will attempt as many authentication steps as the server requires using whatever credentials it has available (either the mentioned certificate or password).
• Password - The node will use the SSHPassword property to attempt password authentication.
• Public Key - The node will use the SSHCert* propreties to attempt public key authentication.
• Keyboard-Interactive - The node will perform SSH keyboard-interactive authentication, responding automatically to the server's prompts. It will supply the value of SSHPassword as the response to the "password" prompt. NOTE: this is not truly keyboard-interactive, and the node may not recognize all prompts supplied by the server. It should only be used if no other authentication methods are available.
• GSSAPIWithMic - This allows the node to attempt Kerberos authentication using the GSSAPI-WITH-MIC scheme. The client will try Kerberos authentication using the value of SSHUser (single sign-on), or if SSHPassword is specified as well, it will try Kerberos authentication with alternate credentials.
• amGSSAPIKeyex - This allows the node to attempt Kerberos authentication using the GSSAPIKeyex scheme. The client will try Kerberos authentication using the value of SSHUser (single sign-on), or if SSHPassword is specified as well, it will try Kerberos authentication with alternate credentials.

For authentication methods that may require a certificate or public key, the SSHCert* properties may need to be set. Below are the relevant properties that should be set to ensure the client-side key or certificate is loaded correctly:

• SSHCertStore - The name of the certificate store for the client certificate. This can either be a path to a file on disk (e.g., a PFX file) or a location in the system's certificate store (e.g., MY, which is the default value). This ultimately depends on the SSHCertStoreType selected.
• SSHCertStorePassword - If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
• SSHCertStoreType - The type of certificate store for this certificate. Possible values are visible when modifying the property.
• SSHCertSubject - The subject of the certificate used for client authentication. This may be set to * to load any certificate in the store.
• SSHCertThumbprint - The thumbprint of the certificate.

In addition to specifying a client-side certificate for authentication, users may also wish to configure the node to accept only a specific server host key as a part of the SSH handshake. If the client has access to the server's public key, they can set this via the SSHAcceptServerCert* properties, which follow the same format as the SSHCert* properties mentioned above. To accept any server host key, the SSHAcceptServerHostKeyAcceptAny property can be enabled, though this is not recommended.

SFTP Sender Node

The SFTPSender node is used to send files or data to a remote SFTP server. Depending on the selected Operation, it can also be used to download files or list directories as part of a workflow. Please see below for details regarding each supported Operation.

Send Files

When the Operation property is set to 'Send Files', the node may be used to upload local files or binary data provided to the node by prior node in the workflow.

When binary data is provided to the SFTPSender node, the RemoteFile property must be set. This should be set to the filename intended for the provided binary data.

Otherwise, the LocalFile must be used to specify which file, or files, are to be uploaded by the node. This property can be set to either a single file path and name (e.g., C:\test\test.txt), or a file path containing a mask of local files to upload (e.g., C:\test\*.txt or C:\test\*). Note that files are not uploaded recursively by default (only files in the base path will be uploaded), so in the event the LocalFile contains a mask, and files should be uploaded recursively, the following line must be added to the Other property:

RecursiveUpload=true

After specifying the LocalFile in this case, the RemoteFile may be set to indicate the name of the destination file on the SFTP Server. By default, this value is %SourceFileName%, which is a macro indicating that the node should use the base file name of the local file being uploaded. This is especially useful if there are multiple files, in which case the node will automatically populate this macro with the local file name. Of course, this can be changed if necessary to some other value.

Lastly, in either case of uploading binary data or local file(s), the RemotePath may be specified to set the current path on the SFTP server. By default, this value is empty, and in such a case the files that are uploaded are uploaded relative to the initial remote directory for the user.

Afterwards, the node can be executed and files will be uploaded to the remote SFTP server. Below are some additional properties that may be used for uploads:

• Overwrite - Allows overwriting existing files on the server.
• Append - Appends data to an existing remote file.
• RemoteTempPath - Uploads to a temporary directory before moving the file into place. This may be useful when downstream systems may pick up files immediately. This ensures that partially uploaded files are never processed.

Download Files

When the Operation property is set to 'Download Files', the node may be used to download multiple remote files. At minimum, the authentication information must be specified. Aside from this, the RemoteFile property is the only required property. This may be set to the full path and file mask of the files to download (e.g., /home/test/temp/*). RemotePath and RemoteFile may be used to together as well, if necessary, though it is not required and performs the exact same function as specifying the path via the remote file name.

The LocalFile property may be set to a directory on-disk where the remote file data should be downloaded to. Alternatively, this property may remain empty, in which case the remote file data is provided as binary data (or multiple instances of binary data, in the case of many files). This binary data may then be provided to other nodes. In either case, additional information will be provided regarding the downloaded file(s). For example ('localFile' is populated assuming the LocalFile is specified):

[ { "receivedFileName": "test.txt", "receivedFileSize": 9, "receivedFileDate": 01/10/2026 19:52:54, "receivedFileUser": "test", "receivedFilePath": "/home/test/temp", "localFile": "C:\Users\test\test.txt" } ]

Download Single File

When the Operation property is set to 'Download Single File', the node may be used to download a single file at a time. At minimum, the authentication information must be specified. Aside from this, the RemoteFile property is the only required property. This may be set to the full path and file name of the file to download (e.g., /home/test/temp/test.txt). RemotePath and RemoteFile may be used to together as well, if necessary, though it is not required and performs the exact same function as specifying the path via the remote file name.

The LocalFile property may be set to a location on-disk where the remote file data should be downloaded to. Alternatively, this property may remain empty, in which case the remote file data is provided as binary data. This binary data may then be provided to other nodes. In either case, additional information will be provided regarding the downloaded file. For example ('localFile' is populated assuming the LocalFile is specified):

[ { "receivedFileName": "/home/test/temp/test.txt", "receivedFileSize": 9, "receivedFileDate": 0, "receivedFileUser": "test", "receivedFilePath": "/home/test/temp", "localFile": "C:\Users\test\test.txt" } ]

List Directory

When the Operation property is set to 'List Directory', the node may be used to list a server-side directory. At minumum, the authentication information must be specified. Aside from this, the RemotePath property may be specified to list a specific directory. Otherwise, the user's default remote directory is listed.

In this case, JSON data will be returned to the user containing information about entries present in this directory. For example, this may be the JSON output after executing the node:

[ { "isDirectory": true, // format for directories "name": "test1" }, { "isDirectory": false, "name": "test123.txt", "size": 55, "time": "05/05/2025 10:45:08", "atime": "12/26/2025 16:51:25", "ctime": "12/31/1969 19:00:00" } ]

This information may be useful assuming another instance of the SFTPSender node follows this one. For example, the name value above may be passed to the RemoteFile property in an instance of the sender node. Or, the information above could potentially be used to determine whether or not a file should be downloaded by the next instance, and then passed to another instance to download the file.

SFTP Trigger Node

The SFTPTrigger node is used to periodically poll an SFTP server and emit workflow executions based on remote file activity. The node polls the server at the interval defined by the n8n trigger schedule (one minute by default). On each poll, the node will connect to the SFTP server and perform the operation specified by the TriggerOn property. Please sese below for each supported operation for the TriggerOn property.

Receive Files

When the TriggerOn property is set to 'Receive Files', the node may be used to download multiple remote files. At minimum, the authentication information must be specified. Aside from this, the FileMask property and RemotePath property should be specified to indicate which files to download. By default, the FileMask is set to *.*, and the remote path is the initial remote directory of the specified user (though it appears empty, this is the case).

The LocalDirectory property may be used to specify the local directory where remote files should be downloaded to. This property is optional, and if left unspecified, downloaded file data will be made available via binary data for each file, alongside other information regarding each file provided via JSON.

Note that by default, the download operation is not recursive. To enable recursive downloads, add the following line to the Other property:

RecursiveDownload=true

Following node execution, information regarding each file downloaded will be provided via JSON. For example, in the event RecursiveDownload is true:

[ { "receivedFileName": "test1.txt", "receivedFileSize": 9, "receivedFileDate": "11/04/2025 11:23:51", "receivedFileUser": "test", "receivedFilePath": "/home/test/temp", }, { "receivedFileName": "test2.txt", "receivedFileSize": 12, "receivedFileDate": "11/04/2025 12:03:51", "receivedFileUser": "test", "receivedFilePath": "/home/test/temp/dir", } ]

List Directory

When the TriggerOn property is set to 'List Directory', the node may be used to list a server-side directory. At minumum, the authentication information must be specified. Aside from this, the RemotePath property may be specified to list a specific directory. Otherwise, the user's default remote directory is listed.

In this case, JSON data will be returned to the user containing information about entries present in this directory. For example, this may be the JSON output after executing the node:

[ { "fileName": ".nuget", "fileSize": 4096, "fileTime": "11/08/2023 18:49:52", "isDir": true, "listing": "drwxrwxr-x 4 test test 4096 Nov 8 2023 .nuget" }, { "fileName": ".ovftool.ssldb", "fileSize": 0, "fileTime": "08/15/2025 12:27:57", "isDir": false, "listing": "-rw------- 1 test test 0 Aug 15 16:27 .ovftool.ssldb" }, ]

Delete Files

When the TriggerOn property is set to 'Delete Files', the node may be used to delete files matching a specified mask on the server-side. At minumum, the authentication information must be specified. Aside from this, the FileMask and RemotePath properties should be specified to indicate which files should be deleted. After the node is executed, JSON data will be returned containing the name of each file successfully deleted (note this operation is not recursive). For example:

[ { "deletedFileName": "readme.txt" }, { "deletedFileName": "test.txt" }, ]