...
Note | ||
---|---|---|
| ||
Due to the nature of the UDMG as a an MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client-side (remote user). It is assumed that a an SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server. |
To configure hostbased host-based authentication for an SFTP partner, the following steps should be followed:
Add the SSH public host key of the partner in to the certificate list, as for any other SFTP partner configuration.
Add a private key for the UDMG SFTP client as a separate certificate record. It can then be selected to be used for host-based authentication configuration.
Set up the protocol configuration parameters with:
- the name of the certificate record from the previous step that will be is used as the client's private key.
the list of remote accounts for which host-based authentication will be is enabled.
Regarding the fact that the partner will have multiple certificates of different type types (public/private) configured, the public keys can only be used to validate the remote server's identity, and the private keys can only be used to perform host-based authentication.
Step 1 | From the UDMG Admin UI navigation pane, select |
---|
Remote Partners. The Remote Partner list displays. | |
Step 2 | Click |
---|
Add icon (). The Remote Partner Details displays. Fill in the details for the sample server from Tutorial - Creating and Manually Starting an SFTP Server.
|
|
Step 3 | Click the Accounts tab on the Remote Partner detail panel. Add a new account.
|
---|---|
Step 4 | Click the |
Certificates/Keys tab on the Remote Partner detail panel |
. The server public key can be retrieved with ssh-keyscan tool:
|
Click the Add |
icon ().
|
The public key can also be fetched and stored automatically with the Fetch host key button: |
Step 5 | Add a new certificate record for the client host key, this is needed for the Host-Based Authentication. Generate a private SSH key, for example:
Note that the generated public key ( Click the Add |
---|
icon ().
|
Click Save icon ().
|
Step 6 |
---|
In the Configuration tab |
of the Remote Partner |
Details, switch on the Host-based authentication toggle. The Private Key Certificate field and Authorized Accounts |
button appear. |
Step 7 |
|
---|
|
For selected account(s), the connection will be attempted with the host-based authentication method. | |
Step 8 | Click Save |
---|
icon (). | |
Step 9 | Be sure to have completed the local SFTP server configuration with the public key that was generated above. See Tutorial - Using Host-Based Authentication for an SFTP Server. |
---|---|
Step 10 | Configure the rules at partner and/or account level. For example, stonebranch-sftp-01_partner_send Go the Rules Service via the UDMG Admin UI navigation pane. Create the rule: |
Please note that because the remote partner is set in this tutorial to be a local UDMG SFTP server, the Remote Directory is set to the virtual path ( |
Authorize the sending rule |
in the Rules tab of the Remote Partner Details. | |||
Step 11 | Initiate a file transfer to upload a file. Use the Command Line Interface to register the transfer:
| ||
---|---|---|---|
Step 12 | Follow the transfer request from the Activity Transfer and History dashboards. There are 2 records in this case, because UDMG is used both as the client and the server in the transaction:
|
|
References: