Now that you have access to the web admin interface we can easily add an sftp user to be able to transfer files to/from your S3 bucket.
It is best practice to prefer ssh public key authentication for sftp user authentication to the s3ftp service. So let’s do that. You will need a computer with a ssh client software installed.
Generate an ssh key pair
At the terminal type an ssh-keygen command for a new sftp user.
ssh-keygen -t rsa -b 2048 -f ~/.ssh/hermione
This will generate an ssh private and public key pair.
Now find the contents of the public key file and copy it to your clipboard. Use pbcopy on MacOS or clip on Windows for convenience.
$ cat ~/.ssh/hermione.pub | tee >(pbcopy) ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw5jRH12BXHBSlfkhg8RLq+/x9tjxooe6G8Gc6OCpuKqqEGHtwKvr9F98wxayIWFwJS8ZUGWoyv4OSqX/AMmeyMmJu2WSYprgOV+wR/snUY80lDtaiG1pJwcmZWFl3fHFJJ5ApfJfQOcIN+oikUh/6njz/hQAVGTi8eJaQTRIBGNCtp2Hk8eXVb1PRsQgxkjyFUnv8AiCKUtgi7QbrZMqR/FCBK6sfVhytu3PXp10zEispSWt5dZrWk5KRaD43A7Gd1Y/XDtoRNeZ9eK1cWo/+Rvkc8ZWRqni0tu2KMB5zdAjKahcngucMjwo5LR77obWxX+/RW2VEu/HfhZXCVqVR email@example.com
Add a new user
In the web admin interface as shown above, click the
The user page will be displayed. Fill in the username and paste the public ssh key just generated.
Test an sftp connection
Locate the hostname of the s3ftp server as shown in the Cloudformation stack outputs.
In the terminal where you generated the ssh keypair, use an sftp command similar to the following to connect to the server. Adjust the username and hostname accordingly.
% sftp -i ~/.ssh/hermione hermione@s3ftp-se-LB-16KLLEQO73W2D-d948f1332e17d736.elb.us-east-1.amazonaws.com The authenticity of host 's3ftp-se-lb-16klleqo73w2d-d948f1332e17d736.elb.us-east-1.amazonaws.com (188.8.131.52)' can't be established. ECDSA key fingerprint is SHA256:SWYALQ0QzEFPUQPhYtAME2tifecdNHTXuCZ+honTGWQ. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 's3ftp-se-lb-16klleqo73w2d-d948f1332e17d736.elb.us-east-1.amazonaws.com,184.108.40.206' (ECDSA) to the list of known hosts. UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED. All activities performed on this device are logged and monitored. Connected to s3ftp-se-LB-16KLLEQO73W2D-d948f1332e17d736.elb.us-east-1.amazonaws.com. sftp> sftp> put spellbook.dat Uploading spellbook.dat to /spellbook.dat spellbook.dat 100% 10MB 1.4MB/s 00:07 sftp> ls -l -rw-r--r-- 0 10000 10000 10485760 Feb 2 06:54 spellbook.dat sftp> exit
Confirm contents of S3 bucket
Locate the default s3ftp bucket in the AWS console.
Access the AWS S3 Console and look for the sftp bucket.
The name of the default bucket is of the form s3ftp-<AWS account ID>-<AWS Region>.
Within the bucket will be a folder with the same name as your test user. If you click into the folder you should see any files uploaded by that user.
Yay! It works.
Hopefully that went smoothly. If so, move on to the chapter on how to Customise