Client Documentation
3.2. Remote server connection¶
To allow file exchanging.
3.2.1. Connection¶
3.2.1.1. server¶
Optional: | No |
---|---|
Default value: | None |
Values: |
|
From version: | 1.5.1 |
To version: | None |
Description: | Address of the remote server where the client will connect. |
3.2.1.2. port¶
Optional: | No |
---|---|
Default value: |
|
Values: |
|
From version: | 1.5.1 |
To version: | None |
Description: | Port number for the remote server. |
3.2.2. Authentication¶
3.2.2.1. user¶
Optional: | No |
---|---|
Default value: | None |
Values: |
|
From version: | 1.5.1 |
To version: | None |
Description: | Username for the remote server. |
3.2.2.2. password¶
Optional: | No |
---|---|
Default value: | None |
Values: |
|
From version: | 1.5.1 |
To version: | None |
Description: | Password for the remote server or password for the RSA/DSA key. If DSA/RSA keys are used and they don’t have a password, set this to '' (empty text). |
3.2.2.3. key¶
Optional: | Yes |
---|---|
Default value: | None |
Values: |
|
From version: | 1.5.1 |
To version: | None |
Description: | Path to private RSA/DSA key in Putty format (.ppk) For FTP/FTPS transfers, this should be used in case the clientcert does not contain the SSL key. |
3.2.3. Validating remote SFTP servers¶
Before starting any SFTP transfers you have to configure the remote SFTP server fingerprint and store the in the local servers profile. The local servers profile is a database containing all remote SFTP servers that were verified and approved.
To check and add the fingerprint of a remote SFTP server run one of the following commands according to your system.
Linux and Unix:
$ su -c '/opt/SFTPPlus-client/bin/psftp \
SERVER_ADDRESS -P SERVER_PORT' SERVICE_ACCOUNT
Windows:
In order to successfully validate the SFTP server, the Secondary Logon service on the client machine shouldn’t be Disabled and the SERVICE_ACCOUNT should have the “Allow log on locally” policy enabled.
If any of these conditions aren’t met the runas command will fail to execute.
If using local user account for the SFTPPlus service, run:
runas /user:SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT"
If using a domain user account for the SFTPPlus service, run:
runas /user:DOMAIN\SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT"
The runas command shouldn’t be ran with /noprofile parameter.
Note
If the security policies do not allow having the Secondary Logon service enabled or SERVICE_ACCOUNT local logon, these can be reverted to their required state once the SFTP server is successfully validated.
If you are using a public and private key authentication system make sure the keys are correctly configured on both server and client side. To add the fingerprint and check key authentication use:
Linux and Unix:
$ su -c '/opt/SFTPPlus-client/bin/psftp \
SERVER_ADDRESS -P SERVER_PORT -i PRIVATE_KEY_FILE.PPK' SERVICE_ACCOUNT
Windows:
runas /user:DOMAIN\SERVICE_ACCOUNT "psftp SERVER_ADDRESS -P SERVER_PORT ^
-i PRIVATE_KEY_FILE.PPK"
Replace SERVER_ADDRESS, SERVER_PORT and PRIVATE_KEY_FILE.PPK with the corresponding information. SERVICE_ACCOUNT is the username SFTPPlus Client will be running under.
3.2.4. Validating remote FTPS servers¶
The FTPS protocol uses the SSL and TLS protocol for secure communication and file transfer between the server and the client.
For verifying the identify of remote FTPS server, the SFTPPlus client uses a Certification Authority certificate and will connect only to servers that present an certificate issued by the same Certification Authority.
For proving the identify on the remote FTPS server, the SFTPPlus client uses client SSL certificates, and the remote FTPS server will only allow connections from clients having certificates issued by a configured Certification Authority.
We recommend storing all SSL certificates and keys in the /opt/SFTPPlus-client/pki folder.
The Certification Authority certificate file is specified using:
cacert = global.path || 'pki/ca-cert.pem'
The client SSL certificate file is specified using:
clientcert = global.path || 'pki/client-cert-and-key.pem'
More information about working with SSL certificates can be found on the page describing common SSL, PKI and CA operations.