In this section we introduce a use case where SSH Tectia Server is used for automated secure file transfer, and show how to configure the SSH Tectia Server for it. SSH Tectia Client does not require any configuration changes.
The target of the SSH Tectia Server configuration changes is to improve the security of the system for automated file transfers. This calls for some user restrictions on the SFTP usage. In this secure file transfer use case, we define the following restrictions on the SSH Tectia Server:
Public keys are the only allowed authentication method. See instructions in Enabling Public-Key Authentication.
SFTP service is allowed only for specially created user groups
SFTP-users
and admin
. SFTP service is denied
from all other users.
See instructions in Restricting Access to File Transfer Service .
Members of SFTP-users
have access to their user-specific
home folders only.
This can be defined with chrooting settings.
See instructions in Restricting Access to Folders.
Terminal access is allowed only for administrators, from everyone else, it is denied. See instructions in Restricting Terminal Access.
SSH Tectia Server will be connecting to port 22, the default port for secure shell connections.