Secure Copy Protocol (SCP)
Secure Copy Protocol (SCP) connection to the CipherTrust Manager can be configured using the following:
Managing SCP Connections using GUI
Note
The SCP connections are supported in the root domain only.
Host - IP/hostname of the SCP server.
Port - port number of the SCP server. Default port is 22.
Username - username of the SCP server.
Auth Method - you can use either Password or Key for authentication purpose.
Authentication Method Description Password password to authenticate the SCP server. Key public key used for authentication. Click the Download Public key for SSH authentication button.
To upload the fetched key to the list of authorized keys on the SCP server, refer to the Uploading Key to the List of Authorized Keys on the SCP Server section.Public key of SCP Server - public key of the SCP server. It is used to verify the identity of the host through key fingerprint. It is available at the
/etc/ssh
location on the SCP server. To find the public key of the SCP server, refer to Finding Public Key of the SCP Server section.Path to - path of the SCP server where backup will be transferred.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK
else the status is Fail
.
Note
While testing the SCP connection, a file with the name temp-cm-scp-test-connection
is created at the specified path on the SCP server.
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
The only product supported for SCP connection is Backup/Restore.
Uploading Key to the List of Authorized Keys on the SCP Server
To upload the fetched key to the list of authorized keys on the SCP server, perform the following steps:
Open the downloaded key and copy its content without quotes (“”).
Append the content of this public key to the following file (authorized_keys) on the SCP server. This file is available at:
/home/<SCP user>/.ssh/authorized_keys
.Save the file and exit.
Example
Run the below command to get the content of the
authorized_keys
file:ubuntu@ip:/etc/ssh$ cat /home/ubuntu/.ssh/authorized_keys
Output:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
Append the content of public key of the CipherTrust Manager:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
ssh-rsa...<content of public key of CipherTrust Manager>...P9+9JRqDINamNougibgw==
In this example, the highlighted code is the public key downloaded from Step 1.
Finding Public Key of the SCP Server
Following example shows how to find the public key of the SCP server.
Example
Copy the default SSH public key (ssh_host_ecdsa_key.pub
) of the SCP server. This key is available at: /etc/ssh/
.
Run the command:
ubuntu@ip:/etc/ssh$ cat ssh_host_ecdsa_key.pub
Output:
ecdsa-sha2-nistp256.....YcS6IzvTZZ6tpL/F65f/M= root@ip
Note
By default, the ssh_host_ecdsa_key
(private key) is used for SSH authentication. However, you can also use other keys for SSH authentication. To do so, uncomment other options in the /etc/ssh/sshd_config
file referring to the HostKey.
Managing SCP Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SCP connection
List all SCP connections
Test an existing SCP connection
Test a New SCP Connection
Creating an SCP Connection
To create an SCP connection, run:
Syntax
ksctl connectionmgmt scp create --name <Connection-Name> --host <Hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp create --name scp-conn --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp" --products "backup/restore"
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Getting Details of an SCP Connection
To get details of an SCP connection, run:
Syntax
ksctl connectionmgmt scp get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp get --id scp-conn
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Updating an SCP Connection
To update an SCP connection, run:
Syntax
ksctl connectionmgmt scp modify --name <Connection-Name> --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --public-key <key> --path-to <Destination-Machine-Path> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp modify --id scp-conn --host 1.2.3.4 --scp-port 32
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:21:53.141454927Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "1.2.3.4",
"port": 32,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Deleting an SCP Connection
To delete an SCP connection, run:
Syntax
ksctl connectionmgmt scp delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp delete --id scp-conn
Example Response
There will be no response if SCP connection is deleted successfully.
Getting List of SCP Connections
To list all the SCP connections, run:
Syntax
ksctl connectionmgmt scp list
Example Request
ksctl connectionmgmt scp list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"name": "scp-conn",
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"products": [
"backup/restore"
],
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"public_key": "public-key",
"path_to": "/home/scp"
}
]
}
Testing an Existing SCP Connection
To test an existing SCP connection, run:
Syntax
ksctl connectionmgmt scp test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp test --id scp-conn
Example Response
{
"connection_ok": true
}
Testing a New SCP Connection
To test a New SCP connection, run:
Syntax
ksctl connectionmgmt scp test --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key>
Example Request
ksctl connectionmgmt scp test --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp"
Example Response
{
"connection_ok": true
}