Require token authorization: Set from the command line

When transfer users are configured to require token authorization, transfers only initiated with a valid token (transfer token, basic token, or bearer token) are allowed to transfer to or from the server. Token authorization can be set independently for incoming transfers and outgoing transfers.

1. Choose or create the transfer user on the server.
   The user must not have a password. If the system does not allow this, create a large password.
2. Set the IBM Aspera Connect public SSH key as an authorized key for the transfer user and ensure that they own the file.
   1. Create the .ssh directory in the user's home folder.

      > mkdir C:\Users\aspera_user_1\.ssh\

      Associate the Aspera® transfer user with a Node API

   2. Copy the Connect public SSH key into .ssh and rename it authorized_keys (or append the public key to authorized_keys if the file exists).

      > copy  "C:\Program Files\Aspera\Point-to-Point\var\aspera_tokenauth_id_rsa.pub" "C:\Users\aspera_user_1\.ssh\authorized_keys"

      Note: Restart the OpenSSH Server service after the installation of HSTE to allow OpenSSH Server to get access to the updated PATH environment variable. If you are using Microsoft^TM’s OpenSSH Server, make sure that the command is set to "aspshell.exe -t". If you are using Cygwin OpenSSH Server, and for instance you are upgrading from an earlier HSTE version, set the command to "/bin/aspshell -t".
   3. Ensure that .ssh and .ssh/authorized_keys are owned by the user.

      Update the directory permissions by right-clicking the .ssh folder and selecting the Security tab. Here, you can set permissions to read, write, and run (full control).

3. Enable the token authorization and set and encryption key.
   To complete this step, follow the Token encryption key section.