Introduction
This article builds on the Simple File Transfer with Basic Authentication article, concentrating on the configuration aspects introduced with use of SSH authentication.
Note:
- On our YADE - Configuration - XML Editor Usage for compatible .ini and .xml configuration files page there is a complete configuration file available for download that uses SSH public/private key authentication. This configuration is a working example that comes with the necessary private key authentication file and will download files from the online SOS Demo server to a local file system.
- The transfer configuration is described here uses the XML-based configuration introduced with Release 1.11 of YADE. A similar example using the Settings parameters configuration that was implemented for releases before 1.11 can be found our YADE Tutorials along with a configuration download file.
Features of SSH Authenticated File Transfer
Advantages
SSH authentication is implemented with the SFTP protocol and together provides a significantly higher level of security than basic - i.e. password - authentication using the FTP protocol.
Authentication Features
The main features of SSH authenticated file transfer in YADE are:
- SSH authentication can be carried out with an account name and either password or public/private key verification.
- As mentioned above, SSH authentication requires that SFTP protocol is used.
- SSH authentication is required when a jump host transfer is carried out.
As with all file transfer protocols, any number of SFTP file transfer configurations in the form of ProtocolFragments can be preconfigured and selected as required.
If public/private key verification is used, the SSH password parameter can be used to provide additional protection for the authentication file.
File Transfer Protocol
SSH Authentication requires that the SFTP protocol is used for the transfer operation.
Configuration of SSH Authenticated File Transfer
The configuration of a file transfer with SSH authentication follows the steps already described described in the Simple File Transfer with Basic Authentication article.
There are, however, two differences to the Simple File Transfer with Basic Authentication example:
- the use of an SSHAuthentication element instead of a BasicAuthentication element
- SFTP protocol is used instead of FTP as FTP cannot support SSH authentication
Both examples are otherwise kept as simple as possible for clarity. More complex file transfer scenarios will be described later.
Specification of SFTP File Transfer Elements
The use of SSH authentication requires that the SFTP protocol (or a jump host) is specified. This done by specifying a Profile element that calls a suitably configured SFTPFragment. This Profile will then be called when YADE is started. The SFTPFragment will contain at least the specification of a BasicConnection element and the SSHAuthentication element.
- Profile
- Operation
- Copy
- CopySource
- CopySourceFragmentRef
Ref -> SFTPFragment (Ref=Name)
- CopySourceFragmentRef
- CopySource
- Copy
- Operation
- Fragments
- ProtocolFragments
- SFTPFragment (identified by name Attribute)
- BasicConnection
- SSHAuthentication
- SFTPFragment (identified by name Attribute)
- ProtocolFragments
More information about the specification of SFTPFragments can be found in:
- the SFTPFragment Parameter Reference article.
Specification of SSH Authentication
Use of the SSHAuthentication element requires specification of:
- an Account (i.e. a user name, required)
- either an AuthenticationMethodPassword element, which in turn requires a Password to be specified
or an AuthenticationMethodPublickey element which requires that an AuthenticationFile and optional Passphrase are specified
More information about the specification of SSHAuthentication can be found in:
- the SSHAuthentication Parameter Reference article
- the Authentication User Manual article.
Further Information