Access SFTP Data and Reports

The following instructions describe the process to access the CME Group SFTP environment, manage file transfers, and connection details to the user acceptance testing (UAT) and production environments (PROD) using a SFTP client application enabled for ssh encrypted login or terminal connection.

Note: Public / private key authentication can be used to secure connections, using SSH public key file format (RFC4716).

Environment Information

Using the password or SSH authentication, log in to access CME Group SFTP via the following environments:

Environment

DNS Host

Primary IP *

Secondary IP *

Port

(New) CME JScape User Acceptance Testing environment sftpx.uat.cmegroup.com 208.112.224.6 208.112.208.6 22

(New) CME JScape Production Futures and Options, BrokerTec, and EBS via Internet

Note: Clients must complete migration and connect to SFTP Production by Friday September 25, 2026.

 sftpx.cmegroup.com 208.112.128.67 - 22
(Current) Production Futures and Options, BrokerTec, EBS Internet sftp.cmegroup.com 205.209.196.150 - 22
(Current) Production Futures and Options via leased line WAN CDN VPN sftp.cmegroup.com 167.204.72.96

-

 22

(Current) Production Futures and Options via leased line WAN Futures and Options

 sftp.cmegroup.com 167.204.41.34 - 22
(Current) Production BrokerTec access via leased line WAN sftp.cmegroup.com 167.204.72.96 - 22
(Current) Production EBS access via leased line WAN sftp.cmegroup.com 167.204.72.206 - 22

*Primary and Secondary IP information is available for IP based users.

Schema and Network Configuration - View and download iLink, Drop Copy and MDP schema and configuration files, security definition flat files, and market Schedule files for all environments (CME Group Login ID is required to view).

Accessing SFTP Account via Client Application

The recommended connection method is via a SFTP client application or terminal.

Example: FileZilla, WincScp, etc.

  • To access the SFTP account via client application: 
  1. Open your preferred SFTP client application.
  2. In the Host / Server field, enter the appropriate DNS Host address from the Environment Information table (above).
  3. In the Port field, enter 22.
  4. Enter the assigned SFTP Username.
  5. Enter the corresponding SFTP Password.
  6. Select SFTP as the connection protocol.
  7. Select Connect.

The following example illustrates the destination directory that appears after a successful login.

Access SFTP via Terminal (command line)

The following instructions describe the process to access SFTP via command line client applications available on many computer systems (e.g. Linux/macOS) and via tools like Command Prompt or PowerShell (e.g. Windows).

  • To access the SFTP account via terminal (command line): 
  1. Open the terminal or command prompt application.
  2. Use the sftp command to connect, replacing the placeholders with your specific credentials and the appropriate CME Group host address: 
  • Port_Number: Use the applicable port number from the Environment Information table (above).
  • User_Name: Enter the assigned Username.
  • DNS or IP Address: Use the applicable port number from the Environment Information table (above).
  1. When prompted, enter the SFTP password.

After a successful login, the connection is routed to the root directory /.

  1. Navigate to the home directory - cd /cme/ftp/<FIRM_SFTP_Account_ID>

Note: FIRM_SFTP_Account_ID represents the CME SFTP Account ID.

Access SFTP via IP Address

To connect via an IP address to the active SFTP host, execute the following script:

Linux Bash Script

Copy

Shell

 

# SFTP-Login.sh

 

#!/bin/bash

 

# This Script will login into primary CME SFTP server

# Refer Section 1 for Primary and Secondary IP Address

 

Primary=""

Secondary=""

Port=22

Timeout=5 # Seconds

 

# ANSI Color Codes

Cyan='\033[0;36m'

Green='\033[0;32m'

Yellow='\033[0;33m'

Red='\033[0;31m'

NC='\033[0m'

 

# Grab the username from the first argument

Username="$1"

if [ -z "$Username" ]; then

printf "${Yellow}Usage: $0 <username>${NC}"

exit 1

fi

 

# Function to check port connectivity

Check_Endpoint() {

local IP=$1

nc -zv -w $Timeout "$IP" "$Port" > /dev/null 2>&1

}

 

Target=""

 

printf "${Cyan}Checking availability...${NC}"

 

if Check_Endpoint "$Primary"; then

Target=$Primary

elif Check_Endpoint "$Secondary"; then

Target=$Secondary

else

printf "${Red}ERROR: Both SFTP endpoints ($Primary, $Secondary) are unreachable on port $Port${NC}" >&2

exit 1

 

fi

 

printf "${Green}Connecting to $Target...${NC}"

sftp -P $Port "$Username@$Target" 


            

 

How to execute?

Copy

None

 

sh SFTP-Login.sh CME_SFTP_USER_ID

 

Example: sh SFTP-Login.sh F123FTP


            

 

Windows Powershell

Copy

None

 

# SFTP-Login.ps1

 

# This Script will login into primary CME SFTP server

# Refer Section 1 for Primary and Secondary IP Address

$Primary = ""

$Secondary = ""

$Port = 22

$Timeout = 5 # Seconds

 

# Grab the username from the first argument

$Username = $args[0]

 

if (-not $Username) {

Write-Host "Usage: .\SFT-Login.ps1 <username>" -ForegroundColor Yellow

exit 1

}

 

# Function to check port connectivity

function Check-Endpoint {

param($IP)

# Test-NetConnection is the PowerShell version of nc -zv

$check = Test-NetConnection -ComputerName $IP -Port $Port

-InformationLevel Quiet -WarningAction SilentlyContinue

return $check

 

}

 

$Target = $null

 

Write-Host "Checking availability..." -ForegroundColor Cyan

 

if (Check-Endpoint $Primary) {

$Target = $Primary

}

elseif (Check-Endpoint $Secondary) {

$Target = $Secondary

}

else {

Write-Error "ERROR: Both SFTP endpoints ($Primary, $Secondary) are unreachable on port $Port"

exit 1

}

 

Write-Host "Connecting to $Target..." -ForegroundColor Green

 

# Launch the native sftp client

sftp -P $Port "$Username@$Target"

 

            

 

How to execute?

Copy

None

.\SFTP-Login.ps1 CME_SFTP_USER_ID

 

Example: .\SFTP-Login.ps1 F123FTP

 

Test Connectivity

The following instructions describe the process to verify network connectivity to the CME Group SFTP environment; ensuring firewall and internal network allow traffic over required ports. Testing the connection is an essential function to ensure persistent file access and submission.

Confirm connection details

Clients accessing the following hostnames/endpoints and port must use a SFTP-capable client application or command-line interface.

Environment

Hostname

Port

User Acceptance Testing (UAT)

sftpx.uat.cmegroup.com

22

Production

sftpx.cmegroup.com

Note: Clients must complete migration and connect to SFTP Production by Friday September 25, 2026.

22

Windows (Powershell)

To verify the TCP handshake to validate the production environment connection, use the Test-NetConnection cmdlet.

  1. Using PowerShell, enter the following command:
  • Production environment: Test-NetConnection -ComputerName sftpx.cmegroup.com -Port 22
  • User Acceptance Testing environment: Test-NetConnection -ComputerName sftpx.uat.cmegroup.com -Port 22
  1. On the response that appears, verify if TcpTestSucceeded : True appears.

If a False message is returned, your network may be blocking outbound Port 22 traffic.

For further assistance, contact your network or system administrator

Linux / macOS (Bash)

Use the netcat (nc) utility to probe the port.

  1. Using Bash, enter the following command:

nc -v -w 2 sftpx.cmegroup.com 22

  1. On the response that appears, a successful connection is indicated by the following message.

Example: Connection to sftpx.cmegroup.com 22 port [tcp/ssh] succeeded

Telnet (Universal)

If the above tools are unavailable, perform a Telnet basic connectivity check.

  1. Open Telnet and enter the following command:
  • Production environment: telnet sftpx.cmegroup.com 22
  • UAT environment: telnet sftpx.uat.cmegroup.com 22
  1. If successful, the screen will be blank or display a ssh version string.

Example: SSH-2.0-OpenSSH...

  1. If unsuccessful, a connection failed or operation timeout message will appear.

Troubleshooting Connectivity

  • Q: I can "ping" the address, but can't connect via SFTP. Why?

  • A: Ping uses ICMP, while SFTP uses TCP Port 22.

Many corporate firewalls allow ICMP/pings but block specific data ports. To confirm access, use the above port-specific (PowerShell/Terminal) tests.

Note: Ping tests confirm the server is reachable. It does not confirm that SFTP traffic is allowed. A successful port 22 connection test is the only valid confirmation of connectivity.

 

  • Q:Do I need to provide a public IP for whitelisting?

  • A: No, A public IP is not required for whitelisting, Ensure your internal network allows outbound traffic to the specific IP range.

 

  • Q: Why does the production URL start with "http://" in some documents?

  • A: For SFTP file transfers, do not use http:// or https://. Most SFTP clients require the raw hostname only (sftpx.cmegroup.com).

 

  • Q: What should I do if my connectivity test fails (TcpTestSucceeded : False)?

- Linux (terminal)/macOS - If Connection refused or Operation timed out appears in the response.

  • A: Contact your internal internal IT, Networking, Security team to ensure Port 22 is open for outbound traffic to the CME Group IP range.