In this tutorial, you will:
Configure a local SFTP server to allow host-based authentication for certain accounts.
Check that the server is refusing to serve connections for an invalid combination of account accounts and keys.
Check that a connection can be performed with the UDMG partner client as explained in the Tutorial - Using Host-Based Authentication for an SFTP Partner.
...
Note | ||
---|---|---|
| ||
Due to the nature of the UDMG as a an MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client-side (remote user). It is assumed that a an SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server. |
...
To configure host-based authentication for an SFTP server, several configuration parameters are set to mimic the behavior of the ssh_known_hosts
and .shosts
files in a traditional SSH environment, where the public keys and the authorized users for a given client host are configured.
Step 1 | From the UDMG Admin UI navigation pane, select Management > Serversselect Local Servers. The Server list displays. | ||||
---|---|---|---|---|---|
Step 2 | Select the stonebranch-sftp-01 server and note the address 0.0.0.0 and port 4000 on the Server details tab. This local server is configured in the Tutorial - Creating and Manually Starting an SFTP Server. | ||||
Step 3 | Select the Configuration tab and click on the add button (with the plus sign) next to the Host-based authentication label. A Client Details window appears: | ||||
Step 4 | Click the Accounts tab on the Server detail panel. Add a new account.
| ||||
Step 4 |
| ||||
Step 5 | Click Confirm to close the Client Details window | ||||
Step 6 | Click Save and Confirm to store the updated server configuration. The configuration tab is now marked with a green dot to indicate that specific settings are configured for the server. | ||||
Step 7 | Restart the server with the restart button. | ||||
Step 8 | Verify that the server accepts host-based authentication attempts:
| ||||
Step 9 | To verify the connection to the local UDMG server, either configure your favorite SFTP client with the client key and the parameters that are defined on the server in Step 4 or follow the tutorial “Tutorial - Using Host-Based Authentication for an SFTP Partner” on how to setup a UDMG remote partner with host-based authentication and perform sample file transfer between the UDMG server and partner. |
...