Chapter 7. Using SFTP/SCP

Table of Contents

Transferring Files to Ambience Using SFTP/SCP

Ambience version 4.2.0 onwards includes SFTP/SCP support. Using any SFTP or SCP tool (for example Winscp), you can transfer files directly into Ambience. This makes transferring files regularly for ETL,an easy task.

This document describes setting up the SFTP/SCP facility.

Transferring Files to Ambience Using SFTP/SCP

Perform the following steps to use SFTP/SCP.

  1. Use openssl to generate the SSL key for SFTP/SCP. The following command generates a 1024 bit RSA key that is valid for a year:
    openssl req -x509 -days 365 -nodes -newkey rsa:1024 \
    -out cert.pem
    
  2. Place the cert.pem file inside the Ambience folder. For the purpose of this document, we create a keys folder inside the Ambience folder and place the cert.pem file inside the keys folder.

    Figure 7.1. cert.pem File

    cert.pem File
  3. Edit etc/application.conf inside the Ambience folder and enable SFTP.
      sftp {
        enabled = true
        default-domain = "eno"
        port = 8071
        hostkey-pem = "keys/cert.pem"
      }
                                         
                                          
  4. Now, start the Ambience server.
  5. Login to the Ambience web interface and navigate to Admin - Groups.

    Figure 7.2. SFTP Groups

    SFTP Groups

    You will see two groups: sftp-read and sftp-write.

    Users in sftp-read can only view the files that already exist in Ambience, through their SFTP/SCP client. They cannot transfer files to Ambience nor make any changes to existing files.

    Users in sftp-write can transfer files to Ambience and make any changes to existing files. However, no user can run arbitrary commands on the system.

    By default, no users are in any of the sftp groups - not even the admin user. This implies that no user can login to Ambience using SFTP/SCP, unless you explicitly grant permission.

  6. Add the admin user to the sftp-write group. For more information on adding a user to a group, see Add a User in the Ambience (Web Interface) Guide.
  7. Use your SFTP/SCP client to login to Ambience. The default credentials are: username: admin, host: localhost, port: 8071, password: sa
  8. A fingerprint warning is displayed the first time. Accept the warning. Now you can transfer files to and from Ambience.

The following are some examples of using SFTP/SCP.

mary@~/Downloads/ElixirAmbience/bin: sftp -P 8071 admin@localhost
Password authentication
Password: XX
Connected to localhost.
sftp> ls
ElixirSamples  Public         QA_Samples     Temp           User  

(we start off at the top level)        
                                      
sftp> cd /ElixirSamples/DataSource
sftp> pwd
Remote working directory: /ElixirSamples/DataSource

(pwd shows the current directory)

sftp> get Binary.ds
Fetching /ElixirSamples/DataSource/Binary.ds to Binary.ds
/ElixirSamples/DataSource/Binary.ds                                                   100% 1295     1.3KB/s   00:00  

(Binary.ds has now been downloaded)    
                                      
sftp> cd /User/admin
sftp> put Binary.ds
Uploading Binary.ds to /User/admin/Binary.ds
Binary.ds                                                                             100% 1295     1.3KB/s   00:00    

(Binary.ds has now been uploaded to new location)

sftp> ls
Binary.ds   config      cron        logs 

(ls shows contents of current DaCapo folder including Binary.ds)

sftp> exit   
                                      

Using SCP is similar. The following example transfers Object.ds from the current folder to the /ElixirSamples/DataSource/ folder in Ambience.

scp -P 8071 Object.ds admin@localhost:/User/admin/Object.ds
Object.ds                                                                             100% 1379     1.4KB/s   00:00 
                                      

Note

If you replace the cert.pem file, the system displays the fingerprint warning again, when connecting to Ambience through SFTP/SCP.