When transfer users are configured
to require token authorization, transfers only initiated with a valid token (transfer
token, basic token, or bearer token) are allowed to transfer to or
from the server. Token authorization can be set independently for incoming transfers and outgoing
transfers.
-
Choose or create the transfer user on the server.
The user must not have a password. If the system does not allow this, create a large
password.
-
Set the IBM Aspera Connect public SSH key as an authorized key for the transfer user
and ensure that they own the file.
- Create the .ssh directory in the user's home folder.
$ mkdir /Users/aspera_user_1/.ssh/
Associate the Aspera transfer user with a Node API
-
Copy the Connect public SSH key into .ssh and rename
it authorized_keys (or append the public key to
authorized_keys if the file exists).
$ cp /Library/Aspera/var/aspera_tokenauth_id_rsa.pub /Users/aspera_user_1/.ssh/authorized_keys
-
Ensure that .ssh and .ssh/authorized_keys are owned
by the user.
$ chown -R aspera_user_1:aspera_user_1 /Users/aspera_user_1/.ssh
$ chmod 600 /Users/aspera_user_1/.ssh/authorized_keys $ chmod 700 /Users/aspera_user_1
$ chmod 700 /Users/aspera_user_1/.ssh
-
Start HSTE
and click Configuration.
-
Click Users and choose a user to configure.
-
Click Authorization.
-
Set token authorization for incoming and outgoing transfers.
Select the override boxes for Incoming Transfers and
Outgoing Transfers. Under Effective Value, select
token from the drop-down menu.
-
Set the token encryption key.
Select the override box for Token Encryption Key and enter the token
encryption key. The encryption key must be a string of random characters of at least 20
characters.
-
Click Apply to save the changes, or click OK to
save the changes and close the dialog.
