Add an sftp user

Now that you have access to the web admin interface we can easily add an sftp user to be able to transfer files to/from your S3 bucket.

It is best practice to prefer ssh public key authentication for sftp user authentication to the s3ftp service. So let’s do that. You will need a computer with a ssh client software installed.

Generate an ssh key pair

  1. At the terminal type an ssh-keygen command for a new sftp user.

    ssh-keygen -t rsa -b 2048 -f ~/.ssh/hermione
    

    This will generate an ssh private and public key pair.

  2. Now find the contents of the public key file and copy it to your clipboard. Use pbcopy on MacOS or clip on Windows for convenience.

    $ cat ~/.ssh/hermione.pub | tee >(pbcopy)
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw5jRH12BXHBSlfkhg8RLq+/x9tjxooe6G8Gc6OCpuKqqEGHtwKvr9F98wxayIWFwJS8ZUGWoyv4OSqX/AMmeyMmJu2WSYprgOV+wR/snUY80lDtaiG1pJwcmZWFl3fHFJJ5ApfJfQOcIN+oikUh/6njz/hQAVGTi8eJaQTRIBGNCtp2Hk8eXVb1PRsQgxkjyFUnv8AiCKUtgi7QbrZMqR/FCBK6sfVhytu3PXp10zEispSWt5dZrWk5KRaD43A7Gd1Y/XDtoRNeZ9eK1cWo/+Rvkc8ZWRqni0tu2KMB5zdAjKahcngucMjwo5LR77obWxX+/RW2VEu/HfhZXCVqVR hermione@hogwarts.edu
    

Add a new user

  1. In the web admin interface as shown above, click the Add button.

  2. The user page will be displayed. Fill in the username and paste the public ssh key just generated.

    add a user

  3. Then click Submit

Test an sftp connection

  1. Locate the hostname of the s3ftp server as shown in the Cloudformation stack outputs.

    stack outputs

  2. In the terminal where you generated the ssh keypair, use an sftp command similar to the following to connect to the server. Adjust the username and hostname accordingly.

    % sftp -i ~/.ssh/hermione hermione@s3ftp-se-LB-16KLLEQO73W2D-d948f1332e17d736.elb.us-east-1.amazonaws.com
    The authenticity of host 's3ftp-se-lb-16klleqo73w2d-d948f1332e17d736.elb.us-east-1.amazonaws.com (35.171.217.142)' can't be established.
    ECDSA key fingerprint is SHA256:SWYALQ0QzEFPUQPhYtAME2tifecdNHTXuCZ+honTGWQ.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added 's3ftp-se-lb-16klleqo73w2d-d948f1332e17d736.elb.us-east-1.amazonaws.com,35.171.217.142' (ECDSA) to the list of known hosts.
    
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
    All activities performed on this device are logged and monitored.
    Connected to s3ftp-se-LB-16KLLEQO73W2D-d948f1332e17d736.elb.us-east-1.amazonaws.com.
    sftp>
    sftp> put spellbook.dat
    Uploading spellbook.dat to /spellbook.dat
    spellbook.dat                                                                                                                                              100%   10MB   1.4MB/s   00:07
    sftp> ls -l
    -rw-r--r--    0 10000    10000    10485760 Feb  2 06:54 spellbook.dat
    sftp> exit
    

Confirm contents of S3 bucket

  1. Locate the default s3ftp bucket in the AWS console.

    Access the AWS S3 Console and look for the sftp bucket.

    The name of the default bucket is of the form s3ftp-<AWS account ID>-<AWS Region>.

    Within the bucket will be a folder with the same name as your test user. If you click into the folder you should see any files uploaded by that user.

    file uploaded to bucket

Yay! It works.

Hopefully that went smoothly. If so, move on to the chapter on how to Customise