3.3 SFTP Proxy

sftp proxy https //archbee io/docs/1s a8r9fnbldt7zdyf13d/pajdtgalutnivxukikuxa#sftp proxy “managing devices” rules are used for ssh/telnet proxies the “device access protocol” is set as “sftp” to connect to a device via the single connect sftp proxy also, in order to enable sftp access for devices which have already been defined with ssh; a parameter must be set for user groups firstly, the device that is required for both sftp and ssh is added with ssh access protocol (see also managing device) then, log in to the single connect web gui navigate to user management > user accounts > user group definition right click on the user group and select show properties set the connection to single connect sftp proxy users can establish sftp connection with multiple options which are described below with a global user when a single connect user with privileged access (like root or admin) connects to devices, they can connect to those devices without knowing the privileged user password the global username should be defined to use this feature settings can be found from managing devices there are 3 ways to connect to a device with a global username global password set sapm password if there is an sapm account defined for the global user and the device that user wants to connect to ssh key set when connecting to a device with a global username via sftp proxy, the priority rules applied are below if there is a defined sapm account, the sapm password is used as the password for the global user as first priority if the sapm account is not defined, the global ssh key is used to connect the device as second priority if these two options are not defined in the device properties, the global password is used for the connection to the device global password has the least priority with local or ldap user if the global username is not defined in the device properties, single connect user can connect to devices that have access with single connect credentials note to ensure this connection type with local or ldap users, single connect users’ credentials should be defined in the target devices device group properties for sftp proxy property key definition globalusername the username to use when connecting to all devices covered by the device group this username must be pre defined as a user on all devices in the device group globalpassword it is the password of the “globalusername” the password to use when connecting to all devices covered by the device group globalsshkey this property applies to ssh and sftp proxies in session manager modules if connecting to devices with an ssh key is preferred, “globalsshkey” should be defined for the device group when the “addsessionusertouserselection”, “addmanuallogintouserselection” and “globalusername” properties are defined for a device group, the connection options are listed below users can use their own sftp clients to connect to a single connect proxy to connect to a single connect sftp proxy, type single connect’s ip address as the host ip address and 3333 as the connection port (3333 is default ssh/telnet proxy port the port number can be changed by system administrator ) managerial approval for user connecting to sftp device to enable managerial approval via e mail or mobile notification for users connecting to devices, the “approvalrequiredforconnection” property must be set as “true” on the device group that has the target devices sftp proxy encryption and key exchange algorithms please ask consultation from kron technical support https //sc support\@kron com epdestek\@kron com tr