Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

User Manual sftp.

tui-
infotec.com

Autor: Stephan Kilian


Version: 1.13
Status: Final
Datum: 03.12.2020
Index
1. Quick Start ............................................................................................................................................................................ 4
1.1 Private/public Key and where do I find my password?........................................................................................ 4
1.2 How to start? ................................................................................................................................................................. 5
2. Connection information ..................................................................................................................................................... 5
3. sFTP user properties .......................................................................................................................................................... 5
3.1 Account owner ............................................................................................................................................................... 5
3.2 Username ........................................................................................................................................................................ 5
3.3 User authentication ...................................................................................................................................................... 5
3.4 Directory structure ....................................................................................................................................................... 6
3.5 Upload volume ............................................................................................................................................................... 6
3.6 Connection ...................................................................................................................................................................... 6
4. User creation ........................................................................................................................................................................ 6
4.1 Disk space ....................................................................................................................................................................... 6
4.2 Order ................................................................................................................................................................................ 6
4.3 Information need during order .................................................................................................................................. 6
4.4 Create a public key ....................................................................................................................................................... 7
4.4.1 Creating under Windows ...................................................................................................................................... 7
4.4.2 Creating under Unix .............................................................................................................................................. 8
4.5 First login......................................................................................................................................................................... 9
5. Clients..................................................................................................................................................................................... 9
5.1 Unix.................................................................................................................................................................................10
5.1.1 Interactive login ....................................................................................................................................................10
5.1.2 batch .......................................................................................................................................................................10
5.1.1 Batch Examples ....................................................................................................................................................11
5.1.2 Mirror dirs ..............................................................................................................................................................12
5.2 Windows ........................................................................................................................................................................12
5.2.1 Interactive login ....................................................................................................................................................12
5.2.2 Batch .......................................................................................................................................................................13
6. Possible problems .............................................................................................................................................................13
6.1 Disk full ..........................................................................................................................................................................13
6.2 Wrong directory ...........................................................................................................................................................14
6.3 Host key verification failed .......................................................................................................................................14
6.4 Compromised private key .........................................................................................................................................14
6.5 Exchange public key....................................................................................................................................................14
7. Security and service ..........................................................................................................................................................14
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 2 of 15

Date: 03.12.2020
7.1 Login ...............................................................................................................................................................................14
7.2 System update and maintenance ............................................................................................................................15
7.3 Service level ..................................................................................................................................................................15

Version control
Version Ersteller Datum Kommentar
1.11 Stephan Kilian 24.10.18 Start of version Header, and added new
Hostkeys

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 3 of 15

Date: 03.12.2020
1. Quick Start
1.1 Private/public Key and where do I find my password?
On sftp.tui-infotec.com there is no password at all. The login is done with a private/public Key. You
can compare it with a Key (private key) and a lock (public key). You can hand over the lock to
somebody and he can build it in his door, so that I can open the door with my key. But I need to
take care of my key, because everybody who has the key can open the door.
It is like that with the private key. Everybody who has my private key will have access to my account.
But the public key I can transfer via email, because here we have only the “lock”. If somebody steals
my lock, it is not so bad, because he can just put it to another door, so that I can open it.
In real live it is not possible to put different locks on a door, but in the IT-World it is possible to put
different Public Keys into one Account.

Private Key

Public Key

Account A

Account B
Bob

Private Key

Public Key
sftp.tui-infotec.com

Alice

Example:
Bob creates a private/public Key Pair. With the public key he requests access to account A. His public
key will be put into Account A and Bob is now able to login to Account A.
Also Alice creates a private/public Key and requests another account – Account B. Now Bob also
wants Alice to access his Account A. For that Bob ask his Administrator to put the public key of Alice
additional to Account A as well. Now Alice and Bob have access to Account A.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 4 of 15

Date: 03.12.2020
1.2 How to start?
• Windows User read in Capter “4.4.1 Creating under Windows” how to create
Public/Private Key.
• For requesting a Account, you need:
o Public key with email of the owner of the public key.
o Wish of username for the account o Email address of
the account owner
• In Chapter “5.2 Windows” you read how you can login after the account is created.

2. Connection information
DNS-Name: sftp.tui-infotec.com
IP: 62.48.80.6
Port: 30625
(for security reasons we do not use the default port. We use our postal
code)
DSA MD5 fingeprint: ac:fb:0f:30:50:0e:d6:18:80:32:ce:f8:9b:89:ff:70
RSA MD5 fingerprint: a4:0c:51:02:9b:3c:8f:b9:d9:79:27:3c:b5:f8:35:45
ECDSA MD5 fingerprint: 83:6d:bb:30:f6:4a:85:98:23:ef:69:21:b0:3b:9f:56

3. sFTP user properties


3.1 Account owner
The account owner is matched with the corresponding email address. If the owner is not reachable through
the email, InfoTec might deactivate the account for security reasons.
The email address can be verified in the file “account.info” in the home directory of the user.

3.2 Username
For each account we need an email address. If it is a technical account, it is also fine with a group
mail address. It should be a suitable name for the account, as long it is not already occupied. The
username need to match the following criteria:
• Max. 32 characters long
• characters allowed are 0-9,a-z,_,-

3.3 User authentication


User will be authenticated through private/public key. A password is not allowed for security reason.
Private Key: Only with the private key it is possible to login into the account. Everybody who
has access to the private key is able to login. For this the user should use a private location to store
the key. It is also a god idea to additionally use a passphrase to protect the key.
Public Key: The public key need to be stored on the server.
Every user/application needs to have an own private/public key pair. So it is traceable who logged in and
when. For every public key we need email Address to get the responsible person. The email address will
be used as a key comment.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 5 of 15

Date: 03.12.2020
3.4 Directory structure
In the home directory of the user you find:
• upload – directory:
Only in this directory the user can write.
• sftp.tui-infotec.com.user-manual.en.pdf:
Here you find the newest user manual for sftp.tui-infotec.com in English.
• account.info.txt:
In this file you find information about the account like responsible email, cost centre, etc.
The responsible account contact need to make sure, that the information in this file is up to
date.
3.5 Upload volume
100-fold of the disc size of up and downstream is included in the price.

3.6 Connection
Unused connections will be dropped after 5 minutes for security reason.
You are allowed to run 10 connection in parallel and maximal 10 connections per IP-Address and per
minute.

4. User creation
4.1 Disk space
1GB disc space is included in the price.
For additional space you need to pay the actual SAN B2 (gold) incl. backup price. You can increase your
space in GB steps.
You can set a threshold for the disk usage. Above this usage you get an alert email. The default is above
85% a mail to the account owner.

4.2 Order
To order, modify or delete a user, please go to the Service portal of TUI-InfoTec:
https://test.jira.tuigroup.com/plugins/servlet/desk/portal/40/create/400===

4.3 Information need during order


For user setup we need the following information:
Username: A name you wish as long it is free and conform to „3.2 Username“.
Email address: At this address the account owner need to be reachable.
Public key: The user needs to transfer his public key during order.
It’s also allowed to provide more than one key. E.g:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user1@tui.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user2@tui.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user3@irgendwo.com

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 6 of 15

Date: 03.12.2020
If you want to modify an existing account, you have the possibility of
overwriting the existing keys or to add them to the existing keys.
Costumer: e.g. “TUI Travel PLC”, “TUI UK Ltd” (it might be also filled in automatically)

Optional:
Disk space: 1GB (default value)
Email Threshold disk usage: Threshold of disk usage in %. Above this value you get a email.
(default 85%)
Email Resipient: recipient email action. You can choose between:
• Send only email to account owner (default)
• do not send emails at all, even the usage is above the threshold
• use Emails which are provided in the comments of the pubkeys
• use account owener email and use Emails which are provided in the
comments of the pubkeys
• set a own email address only for alerting
4.4 Create a public key
We need a public RSA key with 4096 bits. Below you find documentation how to do on Windows and
Unix. The Tools are only a suggestion.

4.4.1 Creating under Windows


• The program putty you need to get from a trustworthy source like
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html or
http://www.heise.de/download/putty.html. Then execute the program puttygen.exe.
• Select, as shown in the picture below, „Type of key generate:“ to „SSH-2 RSA“ and
„Number of bits in generated key:“ to 4096. Then press the „Generate“ Button and
move with the mice over the blank field.

Or in older Versions of putty you need to choose “SSH-2 RSA” with 4096:

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 7 of 15

Date: 03.12.2020
• As “Key comment” use the email address of the account owner. Then use copy and paste
to get the whole string below „Public key for pasting into OpenSSH authorized_keys file“.
Save the string in a simple editor like “Editor” or “Notepad”.
• Copy and paste all Letters in the Area “Public Key for pasting into OpenSSH
authorized keys file”. Save it in a simple text file (In Windows you best use the “Editor” or
Notepad”)

This string is your public key which TUI-InfoTec needs for creating the account. This string is exactly
1 line. If you want to give access to more keys, then you need to append the other public keys below.

Press „Save private key“ to save your private key. Everybody who has access to this key is able to
connect to the FTP Account. For this you must keep the key on a private location. It is also a good
idea to set a passphrase to protect the key.

4.4.2 Creating under Unix


In Unix you can use the following command to create the keypair:

ssh-keygen -t rsa -b 4096 -C „email address of key owner”

e.g.:

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 8 of 15

Date: 03.12.2020
$ ssh-keygen -t rsa -b 4096 -C test@test.com Generating
public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
ef:d9:68:3f:b6:de:b5:8a:fc:11:8d:4b:f3:8f:09:88 test@test.com
The key's randomart image is:
+--[ RSA 4096]----+
| |
| |
| |
| o |
| S =.|
| o .. = |
| E o .o ..|
| .o++o.+o|
| .+**==..|
+-----------------+

The public key is ~/.ssh/id_rsa.pub.

4.5 First login


If you login the first time, you will be asked to verify the „key fingerprint“. Make sure that you only
accept the exact string as you find here. Your sftp program will pick one of the following possibilities:
DSA MD5 fingeprint: ac:fb:0f:30:50:0e:d6:18:80:32:ce:f8:9b:89:ff:70
RSA MD5 fingerprint: a4:0c:51:02:9b:3c:8f:b9:d9:79:27:3c:b5:f8:35:45
ECDSA MD5 fingerprint: 83:6d:bb:30:f6:4a:85:98:23:ef:69:21:b0:3b:9f:56 If
it is not the same, please contact the TUI-InfoTec Service Desk.

Example for Windows:

Example for Unix:

$ sftp -oPort=30625 example@sftp.tui-infotec.com Connecting


to sftp.tui-infotec.com...
ECDSA key fingerprint is SHA256:5FvVrfnuo7E7QO7pL/EEo7oc8jcNU4JPnWSl/0CA66k.
ECDSA key fingerprint is MD5:83:6d:bb:30:f6:4a:85:98:23:ef:69:21:b0:3b:9f:56.
Are you sure you want to continue connecting (yes/no)?

5. Clients
The clients need to be provided, configured and operated by the user.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 9 of 15

Date: 03.12.2020
To help you with the start, here are some examples, which you could of course widen out.

5.1 Unix
5.1.1 Interactive login
In Unix you can use sftp.
Here is an example with “listing files” – “change to directory upload” – “upload file” – “get file” – “terminate
connection”

$ sftp -oPort=30625 <YOUR_USER_ID>@sftp.tui-infotec.com


Connecting to sftp.tui-infotec.com...
Welcome to sftp.tui-infotec.com
[[…Ausgabe gekürzt..]] sftp>
ls
account.info.txt sftp.tui-infotec.com.user-manual.pdf upload
sftp> cd upload sftp> put .bashrc
Uploading .bashrc to /upload/.bashrc
.bashrc 100% 2595 2.5KB/s 00:00 sftp>
get ../.ssh/authorized_keys
Fetching /upload/../.ssh/authorized_keys to authorized_keys
/upload/../.ssh/authorized_keys 100% 757 0.7KB/s 00:00
sftp> quit

5.1.2 batch
If you want to use the above example in a batch, it would look like:

echo -e "ls\ncd upload\nput .bashrc\nget ../.ssh/authorized_keys\nquit" | sftp -b - -o port=30625


o=BatchMode=yes <YOUR_USER_ID>@sftp.tui-infotec.com echo $?

echo: The commands from the interactive example are divided through new line
separator “\n”.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 10 of 15

Date: 03.12.2020
-b: Forces the sftp command to get the commands from a file. In our case we use “-“
behind “-“ to get the input from stdin. The option BatchMode make sure that no interactive
questions will appear. echo $?: With the next command „echo $?“ you can get the return code
of the script.

If the command fails with:

Connecting to sftp.tui-infotec.com...
Host key verification failed.
Connection closed

In this case the Server Host Key is not known. You might need to connect manually as described in
„4.5 First login“

5.1.1 Batch Examples

5.1.1.1 File Listing

lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa; set cmd:fail-exit yes;


set xfer:log no; open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625;
cd upload; cls -1
"

5.1.1.2 get file

lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa; set cmd:fail-exit yes;


set xfer:log no; open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625;
cd upload; get test
"

5.1.1.3 delete file

lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa; set cmd:fail-exit yes;


set xfer:log no; open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625;
cd upload; rm test
"

5.1.1.4 upload files

lftp -c "debug 3;
set ssl:key-file ~/.ssh/id_rsa; set cmd:fail-exit yes;
set xfer:log no; open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625;
cd upload; put test -o test_transfering
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 11 of 15

Date: 24.10.2018
mv test_transfering test
"

5.1.2 Mirror dirs.


You also can mirror directories. In this case you only transfer the differences. In our example wie
use the command lftp which we also could have used in the examples above: Sync from sFTP
Server to local dir.

lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa.pub; set cmd:fail-exit yes; set xfer:log no;
open sftp:// <YOUR_USER_ID>:x@sftp.tui-infotec.com:30625; mirror --delete -v upload
<YOUR_LOCAL_DESTINATION_DIR>; ls /upload"

and the other way around. From local to the sFTP Server dir.

lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa.pub; set cmd:fail-exit yes; set xfer:log no;
open sftp://< YOUR_USER_ID>:x@sftp.tui-infotec.com:30625; mirror -R --delete -v
<YOUR_LOCAL_SOURCE_DIR>; upload ls /upload"

debug 3 loglevel. 3 for greeting messages and error messages.


set cmd:fail-exit yes
If you have more commands and one gets an error, then it will stop executing the
rest and exit with an error.
set xfer:log no
write no logfile
set ssl:key-file ~/.ssh/id_rsa.pub Path to
your private key.
open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625
Connection to the sFTP Server. X is for the password. Even we do not
need a password, in this case the program needs some string here.
mirror --delete
Sync the dir and delete not existing files on the target.
mirror -R -delete
Change direction of synchronisation.
-v Verbose

5.2 Windows
5.2.1 Interactive login
Another client software is the opensource software winscp. You can get it from
http://www.heise.de/download/winscp.html
Here two Screenshots to connect to the host. At least you need to set „Host name“, „Port number“,
„User name“ and under „Advanced“ in the right tree under „SSH/Authentication“ you need to
provide the path to your private key.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 12 of 15

Date: 24.10.2018
5.2.2 Batch
Under Windows you are also able to write a batch. In this example we use the program winscp.

The File: d:\download\sftp.txt:

open sftp://<YOUR_USER_ID>@sftp.tui-infotec.com:30625 -privatekey="D:\keys\id_rsa.pub"


cd /upload
ls exit

The execution:

D:\>D:\programme\WinSCP.exe /script=d:\download\sftp.txt /log=d:\download\sftp.log

6. Possible problems
6.1 Disk full
If the disk is full, you get a not so clear error message. Example:

sftp> put p16083651_1036_Generic.zip


Uploading p16083651_1036_Generic.zip to /upload/p16083651_1036_Generic.zip
p16083651_1036_Generic.zip 0% 32KB 32.0KB/s 21:44
ETA Couldn't write to remote file "/upload/p16083651_1036_Generic.zip": Failure

Solution: You either need to delete files or increase the space of the user.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 13 of 15

Date: 24.10.2018
6.2 Wrong directory
If you want to upload something in the root directory, you get the following:

sftp> put p16083651_1036_Generic.zip


Uploading p16083651_1036_Generic.zip to /p16083651_1036_Generic.zip Couldn't get
handle: Permission denied

Solution: Change to the „/upload“ directory. Only here the user has write permissions.

6.3 Host key verification failed.


The offered Hostkey is not the one which was saved originally.
Solution: Verify that the Hostkey is the same as under „2 Connection “. Only this one you
are allowed to accept.

6.4 Compromised private key


If you have the suspicion that somebody had access to the private key, you need to inform the
Service Desk and lock the account or exchange your p7( exc)8(b7( eli)-3(v8(i)-3 ey )-9.(n)11TJETQq0.000008871 0 5

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 14 of 15

Date: 24.10.2018
7.2 System update and maintenance
To get a high security, it is important to update a system as soon as possible.
Unfortunately we need a short service interruption.
This update can be done daily in the time between 6 and 7 o’clock (CET/CEST).
For bigger maintenance there is still the maintenance Window for bronze which can be found in the
contract available.
7.3 Service level
The Service level is bronze.
The Service is disaster resistant and will be moved to a different data centre in such a scenario. The
data will be synced every 15 minutes. For that it could be that you lose the last 15 minutes of the
data. Then you would need to upload the data from the last 15 minutes again.

Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 15 of 15

Date: 24.10.2018

You might also like