As an extra layer of protection, you can use MD5 hash validation to ensure that your file is not corrupted during the SFTP transfer process.

How it works

Before you upload a file, you generate and upload an MD5 hash of it first. When you upload the actual file, SFTP Gateway checks the MD5 hash. If it’s valid, the file gets uploaded to S3. Otherwise, an error is logged, and the file remains on the local file system.


The MD5 hash validation feature is disabled by default. You can enable it by editing the global properties file:

vi /home/ec2-user/.sftpgateway/

And change the last line from no to yes:


From your local machine (commands below are for Mac), run the following command:

md5 test.txt > test.txt.md5

The generated .md5 file looks something like this:

MD5 (test.txt) = dc2ad2ded1fa0f457035b198afc41da6

Note: The .md5 file contains the file path, so it’s important that you run the md5 command from the current directory.

Next, upload the .md5 file:

sftp -i robtest.key robtest@<ip address>:uploads <<< $'put test.txt.md5'

This .md5 file will remain in the uploads directory until the actual file is uploaded.

Now upload the actual file:

sftp -i robtest.key robtest@<ip address>:uploads <<< $'put test.txt'

SFTP Gateway will run an MD5 hash validation. If it passes, the actual file gets uploaded to S3, and the .md5 file is discarded.