Require token authorization: Set from the command line

When transfer users are configured to require token authorization, transfers only initiated with a valid token (transfer token, basic token, or bearer token) are allowed to transfer to or from the server. Token authorization can be set independently for incoming transfers and outgoing transfers.

The following examples use a transfer user called aspera_user_1.

  1. Choose or create the transfer user on the server.
    The user must not have a password. If the system does not allow this, create a large password.
  2. Set the IBM Aspera Connect public SSH key as an authorized key for the transfer user and ensure that they own the file.
    1. Create the .ssh directory in the user's home folder.
      > mkdir C:\Users\aspera_user_1\.ssh\

      Associate the Aspera transfer user with a Node API

    2. Copy the Connect public SSH key into .ssh and rename it authorized_keys (or append the public key to authorized_keys if the file exists).
      > copy  "C:\Program Files\Aspera\Point-to-Point\var\aspera_tokenauth_id_rsa.pub" "C:\Users\aspera_user_1\.ssh\authorized_keys"
      Note: Restart the OpenSSH Server service after the installation of HSTE to allow OpenSSH Server to get access to the updated PATH environment variable. If you are using Microsoft’s OpenSSH Server, make sure that the command is set to "aspshell.exe -t". If you are using Cygwin OpenSSH Server, and for instance you are upgrading from an earlier HSTE version, set the command to "/bin/aspshell -t".
    3. Ensure that .ssh and .ssh/authorized_keys are owned by the user.

      Update the directory permissions by right-clicking the .ssh folder and selecting the Security tab. Here, you can set permissions to read, write, and run (full control).

  3. To require token authorization for uploads and downloads, and to set the token encryption key, run the following command:
    > asconfigurator -x "set_user_data;user_name,aspera_user_1;authorization_transfer_in_value,token;authorization_transfer_out_value,token;token_encryption_key,key"

    Set the key to be a random string of at least 20 characters. This command creates the following text in aspera.conf:

    <user>
        <name>aspera_user_1</name>
        <authorization>
            <transfer>
                <in>
                    <value>token</value>
                </in>
                <out>
                    <value>token</value>
                </out>
            </transfer>
            <token>
                <encryption_key>gj5o930t78m34ejme9dx</encryption_key>
            </token>
        </authorization>
        <file_system>
              ...
              ...  
        </file_system>
    </user>

    You can also configure token-authorization settings in the <default> section to apply them globally for all users. For instructions on how to run asconfigurator commands to do so, and to view other token configuration options, see User, group, and default configurations.