Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Connection Manager

Secure Copy Protocols (SCP/SFTP)

search

Please Note:

printsuggest an editpdf paneldownload

Secure Copy Protocols (SCP/SFTP)

Secure Copy (SCP/SFTP) connection to the CipherTrust Manager can be configured using the following:

copy link to clipboardManaging Secure Copy Connections using GUI

Note

The Secure Copy connections are supported in the root domain only.

  • Host - IP/hostname of the Secure Copy server.

  • Port - port number of the Secure Copy server. Default port is 22.

  • Username - username of the Secure Copy server.

  • Protocol - Select either SFTP or SCP protocol.

  • Auth Method - you can use either Password or Key for authentication purpose.

    Authentication MethodDescription
    Passwordpassword to authenticate the Secure Copy server.
    Keypublic key used for authentication. Click the Download Public key for SSH authentication button.
    To upload the fetched key to the list of authorized keys on the Secure Copy server, refer to the Uploading Key to the List of Authorized Keys on the Secure Copy Server section.

  • Public key of SFTP Server - (applicable only for SFTP server) public key of the SFTP server. It is used to verify the identity of the host through key fingerprint. It is available at the /etc/ssh location on the SFTP server. To find the public key of the SFTP server, refer to Finding Public Key of the Secure Copy Server section.

  • Public key of SCP Server - (applicable only for SCP server) public key of the SCP server. It is used to verify the identity of the host through key fingerprint. It is available at the /etc/ssh location on the SCP server. To find the public key of the SCP server, refer to Finding Public Key of the Secure Copy Server section.

  • Path to - path of the Secure Copy server where backup will be transferred.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Note

While testing the Secure Copy connection, a file with the name temp-cm-<protocol>-test-connection is created at the specified path on the Secure Copy server.

Click Next to move to the Add Products screen of the Add Connection wizard.

Note

The only product supported for SCP/SFTP connection is Backup/Restore.

copy link to clipboardUploading Key to the List of Authorized Keys on the Secure Copy Server

To upload the fetched key to the list of authorized keys on the Secure Copy server, perform the following steps:

  1. Open the downloaded key and copy its content without quotes (“”).

  2. Append the content of this public key to the following file (authorized_keys) on the Secure Copy server. This file is available at: /home/<SCP user>/.ssh/authorized_keys.

  3. Save the file and exit.

    copy link to clipboardExample

    Run the below command to get the content of the authorized_keys file:

    ubuntu@ip:/etc/ssh$ cat /home/ubuntu/.ssh/authorized_keys

    Output:

    ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev

    Append the content of public key of the CipherTrust Manager:

    ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDevssh-rsa...<content of public key of CipherTrust Manager>...P9+9JRqDINamNougibgw==

    In this example, the highlighted code is the public key downloaded from Step 1.

copy link to clipboardFinding Public Key of the Secure Copy Server

Following example shows how to find the public key of the SCP/SFTP server.

copy link to clipboardExample

Copy the default SSH public key (ssh_host_ecdsa_key.pub) of the Secure Copy server. This key is available at: /etc/ssh/.

Run the command:

ubuntu@ip:/etc/ssh$ cat ssh_host_ecdsa_key.pub

Output:

ecdsa-sha2-nistp256.....YcS6IzvTZZ6tpL/F65f/M= root@ip

Note

By default, the ssh_host_ecdsa_key (private key) is used for SSH authentication. However, you can also use other keys for SSH authentication. To do so, uncomment other options in the /etc/ssh/sshd_config file referring to the HostKey.

copy link to clipboardManaging Secure Copy Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an SCP/SFTP connection

  • List all SCP/SFTP connections

  • Test an existing SCP/SFTP connection

  • Test a New SCP/SFTP Connection

copy link to clipboardCreating an Secure Copy Connection

To create an SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp create --name <Connection-Name> --protocol <sftp-or-scp> --host <Hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key> --products <Products-Names> --meta <Key:Value>

Example Request

ksctl connectionmgmt scp create --name test --protocol sftp --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/ubuntu" --products "backup/restore"

Example Response

{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-07-02T10:28:05.641651524Z",
    "updatedAt": "2024-07-02T10:28:05.637630097Z",
    "service": "secure-copy",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "8.8.8.8",
    "port": 22,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/ubuntu",
    "protocol": "sftp"
}

copy link to clipboardGetting Details of an Secure Copy Connection

To get details of an SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp get --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt scp get --id test

Example Response

{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-07-02T10:28:05.641651524Z",
    "updatedAt": "2024-07-02T10:28:05.637630097Z",
    "service": "secure-copy",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "8.8.8.8",
    "port": 22,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/ubuntu",
    "protocol": "sftp"
}

copy link to clipboardUpdating an Secure Copy Connection

To update an SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp modify --name <Connection-Name> --protocol <sftp-or-scp> --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --public-key <key> --path-to <Destination-Machine-Path> --products <Products-Names> --meta <Key:Value>

Example Request

ksctl connectionmgmt scp modify --id test --protocol scp --host 1.2.3.4 --scp-port 32

Example Response

{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-07-02T10:28:05.641652Z",
    "updatedAt": "2024-07-02T11:12:05.200414626Z",
    "service": "scp",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "1.2.3.4",
    "port": 32,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/ubuntu",
    "protocol": "scp"
}

copy link to clipboardGetting List of Secure Copy Connections

To list all the SCP/SFTP connections, run:

Syntax

ksctl connectionmgmt scp list --protocol <sftp-or-scp>

Example Request 1

ksctl connectionmgmt scp list

Example Response 1

{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "name": "test",
            "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
            "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2024-07-02T10:28:05.641651524Z",
            "updatedAt": "2024-07-02T10:28:05.637630097Z",
            "service": "scp",
            "category": "external-server",
            "products": [
                "backup/restore"
            ],
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "host": "8.8.8.8",
            "port": 22,
            "username": "admin",
            "auth_method": "password",
            "public_key": "public-key",
            "path_to": "/home/ubuntu",
            "protocol": "scp"
        }
    ]
}

Example Request 2 (filters result based on protocol name)

ksctl connectionmgmt scp list --protocol sftp

Example Response 2

{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "64d21caf-ab1c-4b4a-9156-c857739e4bed",
            "uri": "kylo:kylo:connectionmgmt:connections:test-64d21caf-ab1c-4b4a-9156-c857739e4bed",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2024-07-02T10:28:05.641652Z",
            "updatedAt": "2024-07-02T11:12:05.200415Z",
            "service": "secure-copy",
            "category": "external-server",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "test-demo",
            "host": "1.2.34.5",
            "port": 22,
            "username": "test",
            "auth_method": "key",
            "path_to": "/home/ubuntu",
            "protocol": "sftp"
        }
    ]
}

copy link to clipboardDeleting an Secure Copy Connection

To delete an SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp delete --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt scp delete --id test

Example Response

There will be no response if SCP connection is deleted successfully.

copy link to clipboardTesting an Existing Secure Copy Connection

To test an existing SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp test --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt scp test --id test

Example Response

{
    "connection_ok": true
}

copy link to clipboardTesting a New Secure Copy Connection

To test a new SCP/SFTP connection, run:

Syntax

ksctl connectionmgmt scp test --host <hostname> --protocol <sftp-or-scp> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key>

Example Request

ksctl connectionmgmt scp test --host 1.2.3.4 --protocol sftp --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/ubuntu"

Example Response

{
    "connection_ok": true
}

On this page