Using an FTP or SFTP Client to Log In to File Transfer Resources
You can use file transfer clients to transfer files between authorized managed hosts. This means you can transfer files the way you are used to. A bastion host can log all activities performed on a host resource. The logs can be used for audits.
This topic describes how to obtain client login information and log in to resources that use a file transfer protocol.
Constraints
- If the primary/secondary account operation method is selected for the FTP/SFTP protocol, only resource accounts with Login Type set to Auto Login can be used. The Empty resource account cannot be used.
- Transferring file over SFTP is not supported for host resources with MFA enabled. For details, see Configuring Multifactor Verification.
- Only hosts with Protocol set to FTP or SFTP can be logged in to using a web browser. Client tools must meet the requirements in the following table.
Table 1 Tools supported Host Protocol
Client Tool Required
SFTP
Xftp 6 or later, WinSCP 5.14.4 or later, and FlashFXP 5.4 or later
FTP Protocol
Xftp 6 or later, WinSCP 5.14.4 or later, FlashFXP 5.4 or later, and FileZilla 3.46.3 or later
Table 2 Supported clients Algorithm Type
SSH Client
Key exchange
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group1-sha1
- ecdh-sha2-nistp521
- ecdh-sha2-nistp384
- ecdh-sha2-nistp256
Encryption
- aes128-ctr
- aes192-ctr
- aes256-ctr
- aes128-cbc
- aes192-cbc
- aes256-cbc
- 3des-cbc
- blowfish-cbc
- arcfour128
- arcfour256
HMAC
- hmac-md5
- hmac-md5-96
- hmac-sha1
- hmac-sha1-96
- hmac-sha2-256
- hmac-sha2-512
Host Key
- ssh-rsa
- ssh-dss
- rsa-sha2-256
- rsa-sha2-512
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
Prerequisites
- You have the management permissions for the Host Operations module.
- You have obtained the access permissions for the resources.
- You have installed the client tool.
- The network connection between the managed host and the system is normal, and the account username and password for logging in to the managed host are correct.
- You have enabled FTP and opened ports 2222 (for SFTP) and 2121 (for FTP). For details, see Configuring the Operation Ports.
- You have configured an SSO client on the local PC if you want to select the client operation method for the FTP or SFTP protocol.
Procedure
- Obtain the login information.
- Log in to your bastion host.
- Choose Operation > Host Operations to go to the Host Operations page.
- Select an FTP or SFTP host resource, and click Login.
- Log in to the host using a client tool.
- Start the local FTP or SFTP client tool.
- Enter the host address, port number, user name, and login password.
You can use APIs to log in to host resources using the FTP or SFTP protocol.
Table 3 Parameter description Parameter
Description
Host Addr
IP address for logging in to the bastion host.
Port
Port number. The default port number is 2222.
UserName
Username in the configuration information in the format of login name@resource account name@host address, for example, admin@root@192.168.1.1.
Password
Password for the user to log in to the bastion host.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.