Installing HSTS

To install HSTS, log in to your computer as Root. If you’re in an Active Directory environment, use a Domain Administrator account.

About this task

Note: If you are upgrading or rolling back, prepare your system by completing the required upgrade tasks to avoid installation errors and preserve your configuration settings. For more information, see Upgrading or rolling back HSTS.

Procedure

  1. Download HSTS from Fix Central.
    To access and download the packages, you must sign in with your IBMid credentials.
    Attention: The sudo package must be installed on your Unix system to allow certain IBM Aspera applications to perform privileged operations.
  2. Run the installer.
    Double-click the installer package and follow the on-screen instructions.
    Note: If the installer hangs during installation, another Aspera product might be running on your computer. To stop all FASP transfer-related applications and connections, see Upgrading or rolling back HSTS.
  3. If you are using a perpetual license, activate your license.
    1. Go to the license file and rename it aspera-license. The default location is the Downloads folder.
    2. In the Finder menu bar, select Go > Go to Folder, and enter /Library. Next go to Library > Aspera > etc and copy or drag the license file.
    3. Enter the administrator username and password to allow Finder the permission to move the file.
  4. If you are using an entitlement, set it up.
    Run the following commands to start the ALEE service, restart reloadasperanoded, and register your entitlement: 
    
$ sudo /Library/Aspera/bin/asalee-config.sh enable 
$ sudo /Library/Aspera/bin/alee-admin register customer_id entitlement_id 
$ sudo launchctl unload /Library/LaunchDaemons/com.aspera.asperanoded.plist 
$ sudo launchctl load /Library/LaunchDaemons/com.aspera.asperanoded.plist

    The output information includes when the Aspera entitlement server was reached.

    Verify that you can now reach the Aspera entitlement server with the following command: 
    $ curl -i https://api.ibmaspera.com/metering/ping
    The output must include HTTP/1.1 200 OK.
  5. Start HSTS.
    In Finder go to Applications > Applications > IBM High-Speed Transfer Server. Double-click to start HSTS.
  6. Edit OpenSSH authentication methods.
    1. Open your SSH Server configuration file from /etc/ssh/sshd_config with a text editor.
    2. To allow public key authentication, set PubkeyAuthentication to yes. To allow password authentication, set PasswordAuthentication to yes.
      Important: macOS servers must have PasswordAuthentication set to yes.

      For example,

      ... PubkeyAuthentication yes 
PasswordAuthentication yes ...
    3. Enable SSH-based services.
      The System Integrity Protection feature in macOS blocks SSH-based services, which are required for Aspera transfers. To enable Aspera services, uncomment the setting PermitUserEnvironment and change the value to yes.
    4. Save the file and restart the SSH server to apply the new settings.
      Restarting your SSH server does not affect currently connected users. Click Apple menu > System Preferences > Sharing. Clear and then reselect Remote Login from the left panel. In the Allow access for: option, select All users, or specify individual user accounts for the FASP connections.
    5. To further secure your SSH Server, see Installing and configuring the SSH Server.
  7. Set the SSH path for transfer users.
    1. Create a file named environment for every transfer user in the following location: 
      /Users/username/.ssh/
    2. Paste the following content into the file: 
      PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/opt/pkgconfig/bin:/Library/Aspera/bin:/Library/Aspera/sbin

      This sets the PATH variable for remote connections.

    3. To allow local transfer users to run ascp commands, paste the same content, prefaced with export into the following file (which you might need to create): 
      /Users/username/.zshrc_profile
      Note: Create a .bash_profile if the user's configured shell is bash. Run: 
      /Users/username/.bash_profile
  8. Secure your server or update your existing configuration.
    1. Configure your firewall. See Configuring the firewall.
    2. Change and secure the TCP port. See Installing and configuring the SSH Server.
    3. Determine whether you want to use server-side encryption at rest. See Server-Side Encryption-at-Rest (EAR) for instructions on configuring in the GUI or Server-Side Encryption-at-Rest (EAR) for instructions on configuring the encryption from the command line.