In this tutorial, you will:
Configure a local SFTP server to allow host-based authentication for certain accounts.
Check that the server is refusing to serve connections for an invalid combination of account accounts and keys.
Check that a connection can be performed with the UDMG partner client as explained in the Tutorial - Using Host-Based Authentication for an SFTP Partner.
...
Note | ||
---|---|---|
| ||
Due to the nature of the UDMG as a an MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client-side (remote user). It is assumed that a an SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server. |
...
To configure host-based authentication for an SFTP server, several configuration parameters are set to mimic the behavior of the ssh_known_hosts
and .shosts
files in a traditional SSH environment, where the public keys and the authorized users for a given client host are configured.
Step 1 | From the UDMG Admin UI navigation pane, select Local Servers Service. The Server list displays. | ||||
---|---|---|---|---|---|
Step 2 | Select the stonebranch-sftp-01 server and note the address 0.0.0.0 and port 4000 4100 on the Server details tab tab. This local server is configured in the Tutorial - Creating and Manually Starting an SFTP Server. | ||||
Step 3 | SelectStep 4 | Click the Accounts tab on the Server detail panel. Add a new account. In theClick the | Configuration tab and click on the add button (with the plus sign) next to the Host-based authentication label.Accounts tab. Click the Pencil icon () to add an account to the server using the arrows. If the account does not exist, go to the Share Accounts Service via the UDMG Admin UI navigation pane. Add a new Shared Account.
| ||
Step 4 | In Client Host Namethe Server tab, click on the Add icon () next to the Host-based authentication label. A Client Details window appears: Enter the relevant information in the pop-up window and click Confirm button. | ||||
Step 5 |
| ||||
Step 56 | Click Confirm button to close the Client Details window | Step 6 | Click Save and Confirm to store the updated server configuration . The configuration tab is now marked with a green dot to indicate that specific settings are configured for the server. | ||
Step 7 | Restart the server with the restart button Restart icon (). | ||||
Step 8 | Verify that the server accepts host-based authentication attempts:
| ||||
Step 9 | To verify the connection to the local UDMG server, either configure your favorite SFTP client with the client key and the parameters that are defined on the server in Step 45 or or follow the tutorial “Tutorial - Using Host-Based Authentication for an SFTP Partner” on how to setup set up a UDMG remote partner with host-based authentication and perform sample file transfer between the UDMG server and partner. |
...