When transfer users or groups are configured to require token authorization, transfers only initiated with a valid token (transfer token, basic token, or bearer token) are allowed to transfer to or from the server. Token authorization can be set independently for incoming transfers and outgoing transfers.
Procedure
-
Choose or create the transfer user on the server.
The user must not have a password. If the system does not allow this, create a large password.
-
Set the IBM Aspera Connect public SSH key as an authorized key for the transfer user and ensure that they own the file.
-
Create the .ssh directory in the user's home folder.
$ mkdir /Users/aspera_user_1/.ssh/
Associate the Aspera transfer user with a Node API
-
Copy the Connect public SSH key into .ssh and rename it authorized_keys (or append the public key to authorized_keys if the file exists).
$ cp /Library/Aspera/var/aspera_tokenauth_id_rsa.pub /Users/aspera_user_1/.ssh/authorized_keys
-
Ensure that .ssh and .ssh/authorized_keys are owned by the user.
$ chown -R aspera_user_1:aspera_user_1 /Users/aspera_user_1/.ssh
$ chmod 600 /Users/aspera_user_1/.ssh/authorized_keys $ chmod 700 /Users/aspera_user_1
$ chmod 700 /Users/aspera_user_1/.ssh
-
Start HSTS and click Configuration.
-
Click Users and choose a user to configure.
Alternatively, click Groups and choose a group to configure, or click Global to configure options for all users.
-
Click Authorization.
-
Set token authorization for incoming and outgoing transfers.
Select the override boxes for Incoming Transfers and Outgoing Transfers. Under Effective Value, select token from the drop-down menu.
-
Enable the token authorization and set an encryption key.
This option is not available in the GUI. To proceed, you can use the command-line interface and follow the
Token encryption key section.
-
Click Apply to save the changes, or click OK to save the changes and close the dialog.