Skip to content

SFTP

To make it easier to use standard tools to add files to a project, it is possible to configure and use SFTP to transfer files into a project.

Authentication

The SFTP service uses SSH public key authentication to authenticate a SFTP user. To get started, you need to first generate a public/private key pair. This can be done from a console by using a tool like ssh-keygen.

ssh-keygen -P "" -f my_key

Creating a SFTP User

From the PHC SFTP Web Console, click the Add User button. A modal is displayed to allow you to specify the settings for the user.

Add SFTP User

  • Username - This is the username that you will use when authenticating with the SFTP service. Note that the PHC account name is added as a prefix to the value provided.
  • Home Directory - You may want to restrict where a SFTP user can add files within a project. You can do this by specifying a specific folder to use in the project as the user's home directory. The SFTP user will not be able to add files to any other location within the project.
  • SSH Key Name - A friendly name to identify the key
  • SSH Public Key - The public key portion of the public/private key pair

Once created, the SFTP web console shows instructions on how to access the SFTP service.

sftp -i ./my_key myaccount_sftpuser@sftp.us.lifeomic.com

Add SFTP User

Once connected, you can begin to transfer files into the project using the standard SFTP commands. Note that at this time, only write access is being provided.

Auditing Access

You can review access event history from the SFTP web console. From the SFTP user list, click on the user you are interested in reviewing. From the SFTP User details view, click on the Event History tab. This tab shows a listing of events for the SFTP user. This includes events for when the user connected, which files were added, and then they disconnected.

SFTP User Events

Key Management

A single SFTP user can have up to five SSH keys registered at one time.

For security, we recommend that you rotate your SSH keys. A time interval of three months is a common rotation period.

If you think that a user's private key has been compromised, you can remove it from the list of keys on the SFTP User details view. Once removed, that private key can no longer be used to access the SFTP service.


Last update: 2020-05-28