...
Note | ||
---|---|---|
| ||
Due to the nature of the UDMG as a an MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client-side (remote user). It is assumed that a an SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server. |
To configure hostbased host-based authentication for an SFTP partner, the following steps should be followed:
Add the SSH public host key of the partner in to the certificate list, as for any other SFTP partner configuration.
Add a private key for the UDMG SFTP client as a separate certificate record. It can then be selected to be used for host-based authentication configuration.
Set up the protocol configuration parameters with:
- the name of the certificate record from the previous step that will be is used as the client's private key.
the list of remote accounts for which host-based authentication will be is enabled.
Regarding the fact that the partner will have multiple certificates of different type types (public/private) configured, the public keys can only be used to validate the remote server's identity, and the private keys can only be used to perform host-based authentication.
Step 1 | From the UDMG Admin UI navigation pane, select Management > Remote Partners. The Remote Partner list displays. | ||
---|---|---|---|
Step 2 | Click New Add icon (). The Remote Partner Details displays. Fill in the details for the sample server from Tutorial - Creating and Manually Starting an SFTP Server
| ||
Step 3 | Click the Accounts tab on the Remote Partner detail panel. Add a new account.
| ||
Step 4 | Click the Certificate Certificates/Keys tab on the Remote Partner detail panel and add the public host key of the server.. The server public key can be retrieved with ssh-keyscan tool:
Click the Add Certificate button icon ().
The public key can also be fetched and stored automatically with the Fetch host key button: | ||
Step 5 | Add a new certificate record for the client host key, this is needed for the Host-Based Authentication. Generate a private SSH key, for example:
Note that the generated public key ( Click the Add Certificate button icon ().
Click Save icon ().
| ||
Step 6 | In the Configuration section tab of the Remote Partner details Details, switch on the Host-based authentication toggle. The Private Key Certificate field and Authorized Accounts button appear. | ||
Step 7 |
For selected account(s), the connection will be attempted with the host-based authentication method. | ||
Step 8 | Click Save and Confirmicon (). | ||
Step 9 | Be sure to have completed the local SFTP server configuration with the public key that was generated above. See Tutorial - Using Host-Based Authentication for an SFTP Server. | ||
Step 10 | Configure the rules at partner and/or account level. For example, stonebranch-sftp-01_partner_send Go the Rules Service via the UDMG Admin UI navigation pane. Create the rule: Please note that because the remote partner is set in this tutorial to be a local UDMG SFTP server, the Remote Directory is set to the virtual path ( Authorize the sending rule in the Rules tab of the Remote Partner details Details. | ||
Step 11 | Initiate a file transfer to upload a file. Use the Command Line Interface to register the transfer:
| ||
Step 12 | Follow the transfer request from the Activity Transfer and History dashboards. There are 2 records in this case, because UDMG is used both as the client and the server in the transaction:
|
References: