Tutorial - Creating an SFTP Partner

In this tutorial, you will:

  • Create a remote partner for SFTP.
  • Configure the partner host key.
  • View partner detail.
  • Specify account and rule for downloading files.

For this tutorial, the remote server is a public read-only SFTP server that is provided for general testing.

See the details here:  https://test.rebex.net


Step 1

From the UDMG navigation pane, select Management > Partners. The Partners list displays.

Step 2

Click New. The Server Details displays.

  • In the Server Name field, enter rebex
  • In the Protocol field, enter SFTP
  • In the IP Address field, enter test.rebex.net
  • In the Port field, enter 22

Step 3

Click Save and Confirm.

Step 4

Click the Accounts tab on the Partner detail panel. The list of account records displays and is empty.

Step 5

Click the Add Account button. The Account Details displays

  • In the Name field, enter demo.
  • In the Password field, enter password.
Step 6

Click the Save button.

The account is created and shows in the account list.

Step 4

Retrieve the host key (public SSH key) for the remote server, for example here is how to get the RSA key with the ssh-keyscan utility:

$ ssh-keyscan -t rsa test.rebex.net > rebex.ssh-rsa
# test.rebex.net:22 SSH-2.0-RebexSSH_5.0.8062.0
$ cat rebex.ssh-rsa
test.rebex.net ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkRM6RxDdi3uAGogR3nsQMpmt43X4WnwgMzs8VkwUCqikewxqk4U7EyUSOUeT3CoUNOtywrkNbH83e6/yQgzc3M8i/eDzYtXaNGcKyLfy3Ci6XOwiLLOx1z2AGvvTXln1RXtve+Tn1RTr1BhXVh2cUYbiuVtTWqbEgErT20n4GWD4wv7FhkDbLXNi8DX07F9v7+jH67i0kyGm+E3rE+SaCMRo3zXE6VO+ijcm9HdVxfltQwOYLfuPXM2t5aUSfa96KJcA0I4RCMzA/8Dl9hXGfbWdbD2hK1ZQ1pLvvpNPPyKKjPZcMpOznprbg+jIlsZMWIHt7mq2OJXSdruhRrGzZw==
Step 5

Click the Configuration tab on the Partner detail panel. The list of certificate record displays and is empty.

Step 6

Click the Add Certificate button. The Certificate Details displays.

  • In the Name field, enter ssh-rsa
  • In the Protocol field, select enter SFTP

Step 7

Click Save

Step 8

The certificate record appears in the list.

Step 9

To download from the pub/example directory, a Receive rule is needed to specify the remote directory.

From the UDMG navigation pane, select Management > Rules. The Rules list displays.

Step 10

Click New. The Rule Details displays.

  • In the Rule Name field, enter rebex_receive_example
  • In the Direction field, enter Receive
  • In the Description field, enter any value or leave it empty
  • In the Path field, enter rebex_receive_example
  • In the Local Directory field, leave it empty (it will use the default directory)
  • In the Remote Directory field, enter pub/example
  • In the Temp Directory field, leave it empty (it will use the default directory)

Step 11

Click the Save button.

Step 12

The rule is created and appears on the Rules list

Step 13

From the UDMG navigation pane, select Management > Partners. The Partner list displays.

Select the rebex partner and click on the Rules tab. The green dot on the tab shows that a rule is now assigned to this server.

By default, a rule is implicitly assigned to all partners unless there is an explicit whitelist assignment. This is shown by the globe icon and means the same rule is also assigned to any other partners, for example to 'wftpserver' here:

Step 14

To restrict the use of this rule and this virtual path to only the rebex partner, you have to assign the rule to that partner.

Select the  rebex partner and click on the Rules tab

Step 15

Pick the rule rebex_receive_example from the drop-down list

and click on Authorize Rule button

Step 16

The rule is now whitelisted for this server and does not appear anymore for the other servers:

Step 17

Initiate a file transfer to download the file pocketftp.png

Use the Command Line Interface to register the transfer:

$ waarp-gateway transfer add -p rebex -l demo  -w receive -r rebex_receive_example -f pocketftp.png
The transfer of file pocketftp.png was successfully added.
Step 18

From the UDMG navigation pane, select Activity> History. The Transfer History list displays.

The download is completed successfully and the file is received in the default input directory 'in' under the MFT server home directory, configured here as '/atest/work'