Versions Compared

Old Version 3

changes.mady.by.user Stonebranch

Saved on

compared with

New Version Current

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this tutorial, you will:

...

Select Configuration tab and click on the add button (with the plus sign) next to the Host-based authentication label.

A Client Details window appears:

Image Removed

Step 1

From the UDMG Admin UI navigation pane, select Local Servers Service. The Server list displays.

Image RemovedImage Added

Step 2

Select the stonebranch-sftp-01 server and note the address 0.0.0.0 and port 4000 4100 on the Server details tab tab.

This local server is configured in the Tutorial - Creating and Manually Starting an SFTP Server.

Step 3Step 4

Click the Accounts tab on the Server detail panel. Add a new account.

In the

Click the

Accounts tab. Click the Pencil icon (Image Added) to add an account to the server using the arrows. 

Image Added


If the account does not exist, go to the Share Accounts Service via the UDMG Admin UI navigation pane. Add a new Shared Account. 

  • In the Account Name field, enter stonebranch-01-client-user.

  • Leave the Password field, empty.

Image Added

Step 4

In the Server tab, click on the Add icon (Image Added)  next to the Host-based authentication label.

Image Added

A Client Details window appears:

Image Added

Enter the relevant information in the pop-up window and click Confirm button. 

Step 5

  • In Client Host Name Hostname field, input a comma-separated list of the hostnames or IP addresses that are allowed to authenticate using this public key.

    Note

    The hostname is matched without considering the port, so there is no need to specify the incoming port (e.g.: hostA.example.com should be used instead of [hostA.example.com]:2222 for a server running on port 2222).
    For the tutorial, type 0.0.0.0


    Note

    The hostname (or IP) is provided by the client during the authentication phase, it may not be the same as the DNS name or IP address that is seen by the UDMG server. Make sure to have the correct value from the remote partner.


  • In Key Algorithm field, the key type or the algorithm that was used to generate the public key: ssh-rsa.

    • The allowed types are ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-rsa, ssh-dss, ssh-ed25519.

  • In Public Key field, paste the client public key: from the file stonebranch-client-01.crt.pub, only the key value without the comment and the algorithm label.

  • In Account field, select a server local account for which the host-based authentication will be enabled for connection from this client: stonebranch-01-client-user.

  • In the Remote Users field, input the name of the remote user which is allowed to connect to this local account: stonebranch-01-client-user.

    • It must be the same name as the local account.

  • Additional mappings of local accounts and remote users can be added with the ‘plus’ button.

Image Removed

  • Plus icon (Image Added).

Step 56

Click Confirm button to close the Client Details window

Step 6

Click Save and Confirm to store the updated server configuration.

The configuration tab is now marked with a green dot to indicate that specific settings are configured for the server

.

Image Removed

Step 7

Restart the server with the restart button Restart icon (Image Added).


The local SFTP server is restarted with the new configuration and the restricted list of encryption algorithms.

Step 8

Verify that the server accepts host-based authentication attempts:

Panel

$ sftp -v \
-o "PubkeyAuthentication=no" -o "PasswordAuthentication=no" \
-o"HostbasedAuthentication=yes" -o "HostbasedKeyTypes=ssh-rsa" \
-P 4000 4100 stonebranch-01@0.0.0.0 2>&1 |grep hostbased
debug1: Authentications that can continue: password,publickey,hostbased
debug1: Next authentication method: hostbased
debug1: userauth_hostbased: trying hostkey ssh-rsa SHA256:CYzKciuXNJBKSolgD6F/fQZOXDd6tObHz/d1x4E0OgA
debug1: Authentications that can continue: password,publickey,hostbased
debug1: No more client hostkeys for hostbased authentication.
Permission denied (password,publickey,hostbased).


Step 9

To verify the connection to the local UDMG server, either configure your favorite SFTP client with the client key and the parameters that are defined on the server in Step 4or

or follow the tutorial “Tutorial - Using Host-Based Authentication for an SFTP Partner” on how to setup set up a UDMG remote partner with host-based authentication and perform sample file transfer between the UDMG server and partner.

...