Bastionhost:Perform SFTP-based O&M

Transfer files by using a client tool

You can use a client tool, such as Xftp and WinSCP, to connect to a bastion host for file transfer. The bastion host can audit and record your operations. Xftp 7 is used in the example.

Prerequisites

• The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

• The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page of the console of the bastion host. For more information, see Log on to the console of a bastion host.

  Note

  Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.

• The O&M tool Xftp 7 is installed on your on-premises server.

Procedure

1. Start the Xftp tool and choose File > New.

2. On the General tab, enter the logon information of the bastion host, including the O&M address, port number, username, and password, and click OK.

   The default SSH port is 60022. For more information about how to modify the O&M port of your bastion host, see Configure a port number.

3. If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.

   For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

   

4. After you log on to the bastion host, view the hosts that you can manage on the right. Then, double-click the host on which you want to perform O&M operations.

   If you cannot access the host directory, use one of the following methods to resolve the issue:

   • Check whether the username and password of the host are managed in the bastion host. If the username and password of the host are not configured in the bastion host, configure the username and password of the host. For more information, see Manage a host account.

   • Check whether the name of the host directory is garbled. If the name of the host directory is garbled, you can double-click a transcoding directory and ignore the error message. Then, you can right-click the blank space and select Refresh to transcode the garbled directory name.

   • Clear the cache on your client tool. For example, perform the following operations in Xftp 7: In the top navigation bar, choose Tools > Options. On the Security tab, clear the history.

     

   For more information about SFTP-based file transfer, see FAQ about SFTP-based file transmission.

   Note

   If the issue persists, join the DingTalk group 33797269 for technical support.

5. Optional. Log on to the bastion host and view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.

Transfer files by using a command line tool

You can use a command line tool to connect to a bastion host and upload and download files.

Prerequisites

The O&M address of the bastion host is obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page of the console of the bastion host. For more information, see Overview page of a bastion host.

Procedure

1. Open the command line tool and run the sftp command in the following command syntax:

   sftp -P <port> <username>@<bastionhostaddress>

   • <port>: This parameter is required. Replace port with the SSH-compliant O&M port for the bastion host. The default port is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.

   • <username>: This parameter is required. Replace username with the username of the account that is used to log on to the bastion host.

   • <bastionhostaddress>: This parameter is required. Replace bastionhostaddress with the O&M address of the bastion host.

2. Enter the password of the account that is used to log on to the bastion host and press Enter.

3. If two-factor authentication is enabled for bastion host users, enter the verification code.

   For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

4. Run the ls command to view the hosts that you can manage.

   

5. Run the cd command in the following command syntax to go to the directory of the host that you want to manage:

   cd <filename>

   <filename>: This parameter is required. Replace filename with the actual host directory.

6. Run the get or put command to download or upload files.

   • File download command

     get <File name on the host> <File directory on your computer>

   • File upload command

     put <File name on your computer> <File directory on the host>

7. Optional. Log on to the bastion host and view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.

References

• Modify the basic information about a local user

• Enable two-factor authentication

• FAQ about SFTP-based file transmission