How to setup SFTP through Forum Sentry

In our first SFTP blog, we reviewed the history of SFTP and some of the benefits of using Forum Sentry as an SFTP Proxy. There are many authentication methods but most implementations utilize basic authentication (username/password) or public key authentication.

For the purpose of this tutorial we will use basic authentication. Forum Sentry provides the ability to make this process seamless and easy. Forum Sentry sits between an SFTP client and an SFTP server:

SFTP-Proxy-LDAP

This tutorial will show you how to setup a simple proxy using Forum Sentry in one step and how to test the SFTP connection using a series of commands. Before we get started, it is assumed that you have an LDAP policy in place. If you need to create one, you may reference this tutorial.

Create the SFTP Proxy Policy

To do this, navigate to Gateway—>Network Policies—>Network Policies, then select New, then select SFTP and click Next. On the next screen, select Proxy and click Next. Fill the information so your screen matches the screenshot below. Of course, you should use your own ports and IP addresses. Once you have completed this, click Apply and then Save.

Proxy

You’re now ready to SFTP!

The Client used in this exercise is PSFTP and the back-end Server is a BitVise SSH Server.
The -P, in the command below, is for the port number. Please note: it is recommended that you use a different port for the listener. In our example, we are using port 222. Also, the user is an LDAP user that will connect to Forum Sentry first and then Forum Sentry will connect to the back-end server with the credentials provided by that server’s administrator:

$ ./psftp -P 222 euclid@192.168.1.107

Connecting for the first time, the PSFTP client will need to agree to save the key supplied by the server so that it knows the server for future connections. This key is called Known Host Key. When prompted to Update cached key? press y.

Test your SFTP Connection

You’re now ready to test your SFTP connection through Forum Sentry. To do this, we will use four common commands to ensure everything is working properly:

  1. ls – listing of files
  2. put – upload file
  3. get – download file
  4. rm – remove file

euclid@192.168.1.107's password: password

1. Listing of Files Test

In this test, we will see what files are currently on the SFTP Server. By typing ls in the command line, you should see all the files in the SFTP directory. See screenshot below:

image1 - ls

You can see that there are six files listed in a variety of content types. You’re not limited to specific types of files, Forum Sentry is very flexible. After each of the following tests, we will use ls to verify the command worked.

2. Upload File Test

Now let’s try uploading a file. In this example we will upload a file call test.txt and to do this must enter put test.txt in the command line and hit enter. To verify the file has been uploaded to the SFTP server, use the ls command and you should see the file listed at the bottom as shown in the screenshot below:

image3 - ls for previous put

3. Download File Test

To download a file from the SFTP server, in this case the file is called Less_than_1M_DOC.docx, we need to enter get Less_than_1M_DOC.docx in the command line. Because we have just downloaded a file to our own system, we can simply check our own directory to ensure the file has been transferred to the correct location. Or, you may enter $ ls -l in the command line to view files on your system.

image5 - ls gotten file

4. Remove File Test

To remove the test.txt file from the SFTP server, you must enter rm test.txt in the command line. This time we will use ls text.txt to look for a specific file. And as you can see in the screenshot below, it cannot be found.

image6---rm-and-ls-file

You have now successfully setup and tested SFTP through Forum Sentry! Stay tuned for our next blog on SFTP protocol mixing.