login about faq

We have a Tectia implementation that was set up for a handful of customers who could on only use SFTP. Our default is FTPs and Active directory user isolation. Each SFTP only customer has their own Tectia login. We are now being asked to handle over 100 additional customers for SFTP. We have an internal system that generates files and copies the files internally to the customers FTP home directory so they can pick them up. The Home directory is auto generated by the system and bears no resemblance to the users login name.

Is there any way in which Tectia can be set up to use a group and members of that group are directed to their own home directory that's configured in AD. basically the same as the AD user Isolation. Geoff

asked Dec 09 '14 at 22:06

morgange's gravatar image

morgange
1113

edited Dec 10 '14 at 00:46

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126


Hi Martin,

Thanks for that. I have seen the %username-without-domain% variable but in our scenario the FTP directory bears no resemblance to the login name. i.e. Login name customer01_FTPs may have the following FTP dir \fileserver\FTP\34567234567. I suppose I could create a second AD login, using the example above, with a login name of 34567234567 but its not human friendly.

Geoff

link

answered Dec 11 '14 at 16:57

morgange's gravatar image

morgange
1113

edited Dec 11 '14 at 16:57

As I suggested, you can configure the relation between user name and its home directory in a SSH server configuration file. But you wold have to do it manually for every user then (if you want to try I can suggest you how). Or you could generate an SSH server configuration file using some script and trigger the configuration reload. Current SSH Server implementation does not support direct fetching of ad-hoc information from AD.

(Dec 11 '14 at 20:59) Martin Dobsik ♦ Martin%20Dobsik's gravatar image

Hi Morgange,

Here is a snippet from configuration that will cause each domain user to be able to access only a folder named: /ftp_home. This folder will actually be a differnet location for each user. All of them located under C:\SFTP:

<services>
  <rule>
    <subsystem type="sftp" application="sft-server-g3.exe" action="allow">
      <attribute name="virtual-folder" value="ftp_home=C:\SFTP\%username-without-domain%" />
      <attribute name="home" value="C:\SFTP\%username-without-domain%" />
    </subsystem>
    ...
  </rule>
  ...
</services>

Is it something that you want? Does this help (if so mark this answer accordingly please :)?

With regards,

Martin

PS: BTW: You can define any number of such rules in the configuration file of Tectia SSH Server. Each of these rules can correspond to a different group or users as defined using various methods of selection (so called selectors). See examples in section ssh-server-config.xml of Tectia SSH Server documentation or check the file ssh-server-config-tutorial.xml in your installation directory.

link

answered Dec 10 '14 at 00:30

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

edited Dec 10 '14 at 00:45

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×4

Asked: Dec 09 '14 at 22:06

Seen: 2,067 times

Last updated: Dec 11 '14 at 20:59

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.