Secure Copy Protocols (SCP/SFTP)
Secure Copy (SCP/SFTP) connection to the CipherTrust Manager can be configured using the following:
Managing Secure Copy Connections using GUI
Note
The Secure Copy connections are supported in the root domain only.
Host - IP/hostname of the Secure Copy server.
Port - port number of the Secure Copy server. Default port is 22.
Username - username of the Secure Copy server.
Protocol - Select either SFTP or SCP protocol.
Auth Method - you can use either Password or Key for authentication purpose.
Authentication Method Description Password password to authenticate the Secure Copy server. Key public key used for authentication. Click the Download Public key for SSH authentication button.
To upload the fetched key to the list of authorized keys on the Secure Copy server, refer to the Uploading Key to the List of Authorized Keys on the Secure Copy Server section.Public key of SFTP Server - (applicable only for SFTP server) public key of the SFTP server. It is used to verify the identity of the host through key fingerprint. It is available at the
/etc/sshlocation on the SFTP server. To find the public key of the SFTP server, refer to Finding Public Key of the Secure Copy Server section.Public key of SCP Server - (applicable only for SCP server) public key of the SCP server. It is used to verify the identity of the host through key fingerprint. It is available at the
/etc/sshlocation on the SCP server. To find the public key of the SCP server, refer to Finding Public Key of the Secure Copy Server section.Path to - path of the Secure Copy server where backup will be transferred.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Note
While testing the Secure Copy connection, a file with the name temp-cm-<protocol>-test-connection is created at the specified path on the Secure Copy server.
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
The only product supported for SCP/SFTP connection is Backup/Restore.
Uploading Key to the List of Authorized Keys on the Secure Copy Server
To upload the fetched key to the list of authorized keys on the Secure Copy server, perform the following steps:
Open the downloaded key and copy its content without quotes (“”).
Append the content of this public key to the following file (authorized_keys) on the Secure Copy server. This file is available at:
/home/<SCP user>/.ssh/authorized_keys.Save the file and exit.
Example
Run the below command to get the content of the
authorized_keysfile:ubuntu@ip:/etc/ssh$ cat /home/ubuntu/.ssh/authorized_keys
Output:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
Append the content of public key of the CipherTrust Manager:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
ssh-rsa...<content of public key of CipherTrust Manager>...P9+9JRqDINamNougibgw==In this example, the highlighted code is the public key downloaded from Step 1.
Finding Public Key of the Secure Copy Server
Following example shows how to find the public key of the SCP/SFTP server.
Example
Copy the default SSH public key (ssh_host_ecdsa_key.pub) of the Secure Copy server. This key is available at: /etc/ssh/.
Run the command:
ubuntu@ip:/etc/ssh$ cat ssh_host_ecdsa_key.pub
Output:
ecdsa-sha2-nistp256.....YcS6IzvTZZ6tpL/F65f/M= root@ip
Note
By default, the ssh_host_ecdsa_key (private key) is used for SSH authentication. However, you can also use other keys for SSH authentication. To do so, uncomment other options in the /etc/ssh/sshd_config file referring to the HostKey.
Managing Secure Copy Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SCP/SFTP connection
List all SCP/SFTP connections
Test an existing SCP/SFTP connection
Test a New SCP/SFTP Connection
Creating an Secure Copy Connection
To create an SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp create --name <Connection-Name> --protocol <sftp-or-scp> --host <Hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp create --name test --protocol sftp --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/ubuntu" --products "backup/restore"
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-07-02T10:28:05.641651524Z",
"updatedAt": "2024-07-02T10:28:05.637630097Z",
"service": "secure-copy",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/ubuntu",
"protocol": "sftp"
}
Getting Details of an Secure Copy Connection
To get details of an SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp get --id test
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-07-02T10:28:05.641651524Z",
"updatedAt": "2024-07-02T10:28:05.637630097Z",
"service": "secure-copy",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/ubuntu",
"protocol": "sftp"
}
Updating an Secure Copy Connection
To update an SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp modify --name <Connection-Name> --protocol <sftp-or-scp> --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --public-key <key> --path-to <Destination-Machine-Path> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp modify --id test --protocol scp --host 1.2.3.4 --scp-port 32
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-07-02T10:28:05.641652Z",
"updatedAt": "2024-07-02T11:12:05.200414626Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test",
"products": [
"backup/restore"
],
"meta": null,
"host": "1.2.3.4",
"port": 32,
"username": "admin",
"auth_method": "password",
"path_to": "/home/ubuntu",
"protocol": "scp"
}
Getting List of Secure Copy Connections
To list all the SCP/SFTP connections, run:
Syntax
ksctl connectionmgmt scp list --protocol <sftp-or-scp>
Example Request 1
ksctl connectionmgmt scp list
Example Response 1
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"name": "test",
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-07-02T10:28:05.641651524Z",
"updatedAt": "2024-07-02T10:28:05.637630097Z",
"service": "scp",
"category": "external-server",
"products": [
"backup/restore"
],
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"public_key": "public-key",
"path_to": "/home/ubuntu",
"protocol": "scp"
}
]
}
Example Request 2 (filters result based on protocol name)
ksctl connectionmgmt scp list --protocol sftp
Example Response 2
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "64d21caf-ab1c-4b4a-9156-c857739e4bed",
"uri": "kylo:kylo:connectionmgmt:connections:test-64d21caf-ab1c-4b4a-9156-c857739e4bed",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-07-02T10:28:05.641652Z",
"updatedAt": "2024-07-02T11:12:05.200415Z",
"service": "secure-copy",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-demo",
"host": "1.2.34.5",
"port": 22,
"username": "test",
"auth_method": "key",
"path_to": "/home/ubuntu",
"protocol": "sftp"
}
]
}
Deleting an Secure Copy Connection
To delete an SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp delete --id test
Example Response
There will be no response if SCP connection is deleted successfully.
Testing an Existing Secure Copy Connection
To test an existing SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp test --id test
Example Response
{
"connection_ok": true
}
Testing a New Secure Copy Connection
To test a new SCP/SFTP connection, run:
Syntax
ksctl connectionmgmt scp test --host <hostname> --protocol <sftp-or-scp> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key>
Example Request
ksctl connectionmgmt scp test --host 1.2.3.4 --protocol sftp --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/ubuntu"
Example Response
{
"connection_ok": true
}
