All Products
Search

This Product

    Bastionhost:Perform SFTP-based O&M

    Document Center

    Bastionhost:Perform SFTP-based O&M

    Last Updated:Aug 06, 2024

    O&M engineers can log on to a bastion host from a Secure File Transfer Protocol (SFTP) client and select assets for file transfer. This topic describes how to use an SFTP client on your macOS server to log on to a bastion host and perform O&M operations. SecureFX and FileZilla are used in the examples.

    Prerequisites

    • The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

    • The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page in the console of the bastion host. For more information, see Log on to the console of a bastion host. 概览

      Note

      Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. If you use IP addresses to connect to bastion hosts, the connection can fail due to IP address changes. To avoid this issue, we recommend that you use the O&M addresses of bastion hosts to perform O&M operations.

    • An O&M tool that supports SFTP, such as SecureFX, is installed on your server.

    Use the SecureFX client

    1. Start SecureFX.

    2. In the upper-left corner, click Connect. In the dialog box that appears, click the 加号图标 icon.

      mac新建sftp连接

    3. In the dialog box that appears, enter the O&M address of the bastion host in the Hostname field, specify the port number and the username, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

      mac连接sftp

    4. Select the bastion host and click Connect.

      mac登录sftp

    5. In the Enter Secure Shell Password dialog box, enter the username and password of the account that is used to log on to the bastion host and click OK.

      mac输入用户名密码

    6. If two-factor authentication is enabled for the bastion host user, enter the verification code and click OK.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      mac输入mfa_sftp

    7. After you log on to the bastion host, go to the asset management page. Double-click a transcoding directory and ignore the error message. Then, you can right-click the blank space and select Refresh to transcode the host directory name.

      image

      If you cannot access the host directory, try the following methods to resolve the issue:

      • Check whether the username and password of the account that is used to log on to the host are managed in the bastion host. If the username and password are not managed in the bastion host, configure the username and password. For more information, see Manage a host account.

      • Clear the cache on SecureFX.

      For more information about SFTP-based file transfer, see FAQ about SFTP-based file transmission.

      Note

      If the issue persists, join the DingTalk group 33797269 for technical support.

    8. Optional. Log on to the bastion host to view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.

    Use the FileZilla client

    1. Start the command-line tool.

    2. Enter ssh -T -N -D 127.0.0.1:1080 -oport=60022 <Username of the bastion host>@<O&M address of the bastion host> and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of a bastion host, see Configure a bastion host.

      image

    3. Enter the password of the account that is used to log on to the bastion host and press Enter to connect to the bastion host. Do not close the window.

    4. If two-factor authentication is enabled for the bastion host user, enter the verification code.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

    5. Start the FileZilla client and go to the Settings page. Click Generic proxy, select SOCKS5, enter 127.0.0.1 in the Proxy host field, enter 1080 in the Proxy port field, and then click OK.

    6. Go to the Site Manager page and click New site. Enter the IP address of the asset on which you want to perform O&M operations in the Host field, enter 22 in the Port field, set Logon Type to Normal, specify the username and password of the account used to log on to the asset, and then click Connect. In the dialog box that appears, click OK.

    7. After the asset is connected to FileZilla, you can transfer files from or to the asset in FileZilla and the operations can be audited by using the bastion host.

    8. Optional. Log on to the bastion host to view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.

    References

    For information about issues that may occur during SFTP-based O&M operations and solutions, see FAQ about SFTP-based file transmission.