Setting up SFTP/SSH for WAWF

Value-Added Networks, such as the DOD-Certified Mil-Pac VAN, simplify data upload to WAWF, DFAS and the UID Registry. VANs also support contract award downloads such as electronic (EDI X12-850) purchase orders from DLA (DIBBS and EMall).

As an alternative, defense contractors can submit transactions to WAWF via SFTP/SSH (Secure File Transfer Protocol over Secure Shell). This method does not a subscription, but does require acquisition of, and support for a suitable SFTP/SSH client. It does not support direct UID Registry transactions or DLA electronic POs.

The following procedures, excerpted from the WAWF Secure File Transfer Protocol (SFTP) Instruction Guide will help you get started. For complete information, download the WAWF SFTP Guide or visit the WAWF web site.

•Vendor Testing

All Contractors/Vendors are required to contact the WAWF Customer Service Center to open a trouble ticket and request testing assistance from the Joint Interoperability Test Command (JITC).

Once a trouble ticket has been established, Contractors/Vendors may work directly with JITC on the SFTP filing process.

Complete DD Form 2875, Standard Mandatory Notice, and Consent Provision For all DoD Information System User Agreements (Standard Agreement Training)

Department of Defense (DD) Form 2875 and Standard Agreement Training:

A Vendor must complete these forms to request authority to use SFTP to the Ogden Defense Enterprise Computing Center (DECC), located in Ogden Utah. After receiving the request, the Ogden DECC personnel will establish a directory for the Vendor to submit the SFTP files and provide the user with a User ID and Password for the directory as well as other detailed instructions to file via SFTP to Ogden.

DD Form 2875 – System Authorization Access Request (SAAR)

Standard Agreement Training

•Defense Information Systems Agency (DISA) Security Requirements

Due to current DISA security requirements, Contractors/Vendors must use a compatible Secure Shell (SSH2) client product to communicate with WAWF via SFTP. WAWF will not accept SFTP communications from any client product that tries to make the connection using the Secure Shell (SSH1) protocol. Contractors/Vendors do not have to use SSH Communications Security’s SSH Secure Shell product, but they must use a client product that:

1. Can interface properly with the SSH Secure Shell product on the WAWF server.
2. Utilizes the SSH2 protocol to make the connection.

DISA Notification: New Encryption Requirements

Due to the tightening requirement of IT security, WAWF needs to enforce
the cipers used by the SFTP software running on the server
ftpwawf.eb.mil. What this means to you is that there may need to be
updates to your SFTP client software. The deadline for this requirement
is Nov 30, 2013.

Please check with your client software documentation or system
administrator to determine how to enable the aes128-ctr, aes192-ctr,
and/or aes256-ctr based ciphers.

JITC is also available if you would like to confirm that your current
SFTP client will work with the new cipher requirements. Please contact
the EB Help Desk at 1-866-618-5988 to initiate JITC’s assistance.

If you have issues connecting on or after Nov 30, 2013, please check
your client software logs. If you see a message similar to the
following, you will have to make changes on
your side in order to upload files:

“Error uploading SFTP file: Could not negotiate client encryption
algorithm.  Remote host supports the following algorithms:
‘aes128-ctr,aes192-ctr,aes256-ctr'”