Configuring Tectia Server for Automated Secure File Transfer

Configuration Settings in ssh-server-config.xml

Tectia Server can be used for automated secure file transfer. This use case shows how to configure Tectia Server for it. Tectia Client does not require any configuration changes.

The goal of changing the Tectia Server configuration is to improve the security of the system for automated file transfers. This requires some user restrictions on the SFTP usage. In this use case, the following restrictions are defined on Tectia Server:

  1. Public keys are the only allowed authentication method. See instructions in Enabling Public-Key Authentication.

  2. SFTP service is allowed only for specially created user groups SFTP-users and admin. SFTP service is denied from all other users. See instructions in Restricting Access to File Transfer Service .

  3. Members of SFTP-users have access to their user-specific home folders only. This can be defined with chrooting settings. See instructions in Restricting Access to Folders.

  4. Terminal access is allowed only for administrators; from everyone else, it is denied. See instructions in Restricting Terminal Access.

  5. Tectia Server will be connecting to port 22, the default port for secure shell connections.