In this tutorial, you will:
Configure a remote SFTP partner to allow host-based authentication for certain accounts.
View the configuration in effect during a file transfer with a corresponding UDMG local SFTP server, see Tutorial - Using Host-Based Authentication for an SFTP Server.
To configure hostbased authentication for an SFTP partner, the following steps should be followed:
Add the SSH public host key of the partner in the certificate list, as for any other SFTP partner configuration.
Add a private key for the UDMG SFTP client as a separate certificate record. It can then be selected to be used for host-based authentication configuration.
Set up the protocol configuration parameters with:
- the name of the certificate record from the previous step that will be used as the client's private key.
the list of remote accounts for which host-based authentication will be enabled.
Regarding the fact that the partner will have multiple certificates of different type (public/private) configured, the public keys can only be used to validate the remote server's identity and the private keys can only be used to perform host-based authentication.
Step 1 | From the UDMG navigation pane, select Management > Partners. The Partner list displays. |
---|---|
Step 2 | Click New. The Partner Details displays. Fill in the details for the sample server from Tutorial - Creating and Manually Starting an SFTP Server
|
Step 3 | Click the Accounts tab on the Partner detail panel. Add the demo account.
|
Step 4 | Click the Certificate tab on the Partner detail panel and add the public host key of the server. The server public key can be retrieved with ssh-keyscan tool:
Click the Add Certificate button.
The public key can also be fetched and stored automatically with the Fetch host key button: |
Step 5 | Add a new certificate record for the client host key, this is needed for the Host-Based Authentication. Generate a private SSH key, for example:
Note that the generated public key ( Click the Add Certificate button.
|
Step 6 | Click the Configuration tab on the Partner detail panel and switch on the Host-based authentication toggle. The Private Key Certificate and Authorized Accounts fields appear. |
Step 7 |
For selected account(s), the connection will be attempted with the host-based authentication method. |
Step 8 | Click Save and Confirm. |
Step 9 | Be sure to have completed the local SFTP server configuration with the public key that was generated above. See Tutorial - Using Host-Based Authentication for an SFTP Server. |
Step 10 | Configure the rules at partner and/or account level. For example, stonebranch-sftp-01_partner_send Create the rule: Please note that because the remote partner is set in this tutorial to be a local UDMG SFTP server, the Remote Directory is set to the virtual path ( Authorize the sending rule for the partner: |
Step 11 | Initiate a file transfer to upload a file. Use the Command Line Interface to register the transfer:
|
Step 12 | Follow the transfer request from the Activity Transfer and History dashboards. There are 2 records in this case, because UDMG is used both as the client and the server in the transaction:
|
References: