To make it easier to use standard tools to add files to a project, it is possible to configure and use SFTP to transfer files into a project.
The SFTP service uses SSH public key authentication to authenticate a SFTP user. To get started, you need to first generate a public/private key pair. This can be done from a console by using a tool like
ssh-keygen -P "" -f my_key
Creating a SFTP User¶
From the PHC SFTP Web Console, click the
Add User button. A modal is displayed to allow you to specify the settings for the user.
- Username - This is the username that you will use when authenticating with the SFTP service. Note that the PHC account name is added as a prefix to the value provided.
- Home Directory - You may want to restrict where a SFTP user can add files within a project. You can do this by specifying a specific folder to use in the project as the user's home directory. The SFTP user will not be able to add files to any other location within the project.
- SSH Key Name - A friendly name to identify the key
- SSH Public Key - The public key portion of the public/private key pair
Once created, the SFTP web console shows instructions on how to access the SFTP service.
sftp -i ./my_key firstname.lastname@example.org
Once connected, you can begin to transfer files into the project using the standard SFTP commands. Note that at this time, only write access is being provided.
You can review access event history from the SFTP web console. From the SFTP user list, click on the user you are interested in reviewing. From the SFTP User details view, click on the
Event History tab. This tab shows a listing of events for the SFTP user. This includes events for when the user connected, which files were added, and then they disconnected.
A single SFTP user can have up to five SSH keys registered at one time.
For security, we recommend that you rotate your SSH keys. A time interval of three months is a common rotation period.
If you think that a user's private key has been compromised, you can remove it from the list of keys on the SFTP User details view. Once removed, that private key can no longer be used to access the SFTP service.