...
Configure a remote SFTP partner to allow host-based authentication for certain accounts.
View the configuration in effect during a file transfer with a corresponding UDMG local SFTP server, see Tutorial - Using Host-Based Authentication for an SFTP Server.
Note | ||
---|---|---|
| ||
Due to the nature of the UDMG as a MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client side (remote user). It is assumed that a SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server. |
To configure hostbased authentication for a an SFTP partner, the following steps should be followed:
Add the partner SSH public host key of the partner in the certificate list, as for any other SFTP partner configuration.
Add a private key for the UDMG SFTP client as a separate certificate record. It can then be selected to be used for host-based authentication configuration.
Set up the protocol configuration parameters with:
the list of remote accounts for which hostbased authentication will be enabled.- the name of the partner certificate record from the previous step that will be used as the client's private key.
the list of remote accounts for which host-based authentication will be enabled.
Regarding the fact that the partner will have multiple certificates of different type (public/private) configured, only the public keys will can only be used to validate the remote server's identity and only the private keys will can only be used to perform hostbased host-based authentication.
Step 1 | From the UDMG navigation pane, select Management > Partners. The Partner list displays. | ||
---|---|---|---|
Step 2 | Click New. The Partner Details displays. Fill in the details for the sample server from Tutorial - Creating and Manually Starting an SFTP Server
| ||
Step 3 | Click the Accounts tab on the Partner detail panel. Add the demo a new account.
| ||
Step 4 | Click the Certificate tab on the Partner detail panel and add the public host key of the server. The server public key can be retrieved with ssh-keyscan tool:
Click the Add Certificate button.
The public key can also be fetched and stored automatically with the Fetch host key button: | ||
Step 5 | Add a new certificate record for the client host key, this is needed for the Host-Based Authentication. Generate a private SSH key, for example:
Note that the generated public key ( Click the Add Certificate button.
| ||
Step 6 | Click the Configuration tab on the Partner detail panel and switch on the Host-based authentication toggle. The Private Key Certificate and Authorized Accounts fields appear. | ||
Step 7 |
For selected account(s), the connection will be attempted with the hostbased host-based authentication method. | ||
Step 8 | Click Save and Confirm. | ||
Step 9 | Be sure to have completed the local SFTP server configuration with the public key that was generated above. See Tutorial - Using Host-Based Authentication for an SFTP Server. | ||
Step 10 | Configure the rules at partner and/or account level. For example, stonebranch-sftp-01_partner_send Create the rule: Please note , that because the remote partner is set in this tutorial to be a local UDMG SFTP server, the Remote Directory is set to the virtual path ( Authorize the sending rule for the partner: | ||
Step 1011 | Initiate a file transfer to upload a file. Use the Command Line Interface to register the transfer:
| ||
Step 1112 | Follow the transfer request from the Activity Transfer and History dashboards. There are 2 records in this case, because UDMG is used both as the client and the server in the transaction:
|
References: