LSU Health New Orleans

Career Opportunities | Contact | Donate

Wednesday, July 30, 2014   4:31 PM    |   84°F
 
 

Connecting to Secure FTP (SFTP) Services

To facilitate the secure transfer of files to and from LSUHSC-NO, we host SFTP over SSH services at sftp2.lsuhsc.edu.

To connect to our SFTP services, a newer client may be required and occasional updates to the client may be needed as security requirements are constantly changing.  Users with Windows will generally need to download a client, but both Mac and Linux usually come with an SFTP client.  Users planning to script and automate the transfers will require additional downloads and configurations.

SFTP Client

Windows

Windows does not include an SFTP client so one must be downloaded.  Free clients are available such as psftp.exe from PuTTY.  You can download psftp.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Unix/Mac

Unix & Mac systems include an sftp client.  At the time of this writting, these embedded clients are compatible with the LSUHSC SFTP solution.

All Clients

Regardless of the client you choose to use it must support one of each of the following:

  • Ciphers:  AES-128-CBC, AES-128-CTR, AES-192-CBC, AES-192-CTR, AES-256-CBC, AES-256-CTR, CryptiCore (Tectia), SEED (Tectia), 3DES
  • MACs:  HMAC-SHA1, CryptiCore (Tectia)
  • KEXs:  DH-Group14-SHA1

Older clients may try to connect with DH-Group1-SHA1, but this will not work since it is not enabled.  Group1 is not appropriate for long term security.

Connect to SFTP Services

When logging in, connect to sftp2.lsuhsc.edu and use your LSUHSC Network credentials.

During the first connection to sftp2.lsuhsc.edu you may be prompted to cache the host key to your registry.  Choose y to save the host key.

Here is a sample screenshot using psftp.exe from PuTTY:

SFTP Login Screen:  accept host key with 'y' key

Scripting with SFTP

To automate an SFTP session using scripts, separate software is required that can respond to requests from the server side.  One such tool is "Expect for Windows" which is available at http://www.nist.gov/el/msid/expect.cfm.  This tool was written by federal employees at NIST and is in the public domain.  The link has the latest download for Expect as well as many articles on using Expect.

Scheduled Tasks

To automate the actual running of the scripts, the Expect/TCL scripts can be configured as scheduled tasks.  The Task Scheduler is available in Administrative Tools in Windows or configure a cron job in Unix.  The tasks can be very flexible as to when they can be scheduled to run.