Tutorial - Using Host-Based Authentication for an SFTP Partner
In this tutorial, you will:
Configure a remote SFTP partner to allow host-based authentication for certain accounts.
View the configuration in effect during a file transfer with a corresponding UDMG local SFTP server, see Tutorial - Using Host-Based Authentication for an SFTP Server.
Note
Due to the nature of the UDMG as a MFT solution, the handling of the host-based authentication for SFTP is limited to having the same account name on the server (local account) and client side (remote user). It is assumed that a SFTP client acting as User1 on the client node will attempt to login to the same User1 account on the SFTP server.
To configure hostbased authentication for an SFTP partner, the following steps should be followed:
Add the SSH public host key of the partner in the certificate list, as for any other SFTP partner configuration.
Add a private key for the UDMG SFTP client as a separate certificate record. It can then be selected to be used for host-based authentication configuration.
Set up the protocol configuration parameters with:
- the name of the certificate record from the previous step that will be used as the client's private key.
the list of remote accounts for which host-based authentication will be enabled.
Regarding the fact that the partner will have multiple certificates of different type (public/private) configured, the public keys can only be used to validate the remote server's identity and the private keys can only be used to perform host-based authentication.
Step 1 | From the UDMG navigation pane, select Management > Partners. The Partner list displays. |
---|---|
Step 2 | Click New. The Partner Details displays. Fill in the details for the sample server from Tutorial - Creating and Manually Starting an SFTP Server
|
Step 3 | Click the Accounts tab on the Partner detail panel. Add a new account.
|
Step 4 | Click the Certificate tab on the Partner detail panel and add the public host key of the server. The server public key can be retrieved with ssh-keyscan tool:
Click the Add Certificate button.
The public key can also be fetched and stored automatically with the Fetch host key button: |
Step 5 | Add a new certificate record for the client host key, this is needed for the Host-Based Authentication. Generate a private SSH key, for example:
Note that the generated public key ( Click the Add Certificate button.
|
Step 6 | Click the Configuration tab on the Partner detail panel and switch on the Host-based authentication toggle. The Private Key Certificate and Authorized Accounts fields appear. |
Step 7 |
For selected account(s), the connection will be attempted with the host-based authentication method. |
Step 8 | Click Save and Confirm. |
Step 9 | Be sure to have completed the local SFTP server configuration with the public key that was generated above. See Tutorial - Using Host-Based Authentication for an SFTP Server. |
Step 10 | Configure the rules at partner and/or account level. For example, stonebranch-sftp-01_partner_send Create the rule: Please note that because the remote partner is set in this tutorial to be a local UDMG SFTP server, the Remote Directory is set to the virtual path ( Authorize the sending rule for the partner: |
Step 11 | Initiate a file transfer to upload a file. Use the Command Line Interface to register the transfer:
|
Step 12 | Follow the transfer request from the Activity Transfer and History dashboards. There are 2 records in this case, because UDMG is used both as the client and the server in the transaction:
|
References: