Tectia Server can be used for automated secure file transfer. This use case shows how to configure Tectia Server for it. Tectia Client does not require any configuration changes.
The goal of changing the Tectia Server configuration is to improve the security of the system for automated file transfers. This requires some user restrictions on the SFTP usage. In this use case, the following restrictions are defined on Tectia Server:
Public keys are the only allowed authentication method. See instructions in Enabling Public-Key Authentication.
SFTP service is allowed only for specially created user groups SFTP-users
and admin
. SFTP service is denied from all other users. See
instructions in Settings for the Admin Group, Settings for the SFTP-users Group and Settings for the Rest of Users.
Members of SFTP-users
have access to their user-specific home folders
only. This can be defined with virtual folders. See instructions in
Settings for the SFTP-users Group and Figure 5.15.
Terminal access is allowed only for administrators; from everyone else, it is denied. See instructions in Settings for the Admin Group and Settings for the Rest of Users.