Professional Documents
Culture Documents
SFTP - Tui Infotec - Com.user Manual - en
SFTP - Tui Infotec - Com.user Manual - en
tui-
infotec.com
Date: 03.12.2020
7.1 Login ...............................................................................................................................................................................14
7.2 System update and maintenance ............................................................................................................................15
7.3 Service level ..................................................................................................................................................................15
Version control
Version Ersteller Datum Kommentar
1.11 Stephan Kilian 24.10.18 Start of version Header, and added new
Hostkeys
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 3 of 15
Date: 03.12.2020
1. Quick Start
1.1 Private/public Key and where do I find my password?
On sftp.tui-infotec.com there is no password at all. The login is done with a private/public Key. You
can compare it with a Key (private key) and a lock (public key). You can hand over the lock to
somebody and he can build it in his door, so that I can open the door with my key. But I need to
take care of my key, because everybody who has the key can open the door.
It is like that with the private key. Everybody who has my private key will have access to my account.
But the public key I can transfer via email, because here we have only the “lock”. If somebody steals
my lock, it is not so bad, because he can just put it to another door, so that I can open it.
In real live it is not possible to put different locks on a door, but in the IT-World it is possible to put
different Public Keys into one Account.
Private Key
Public Key
Account A
Account B
Bob
Private Key
Public Key
sftp.tui-infotec.com
Alice
Example:
Bob creates a private/public Key Pair. With the public key he requests access to account A. His public
key will be put into Account A and Bob is now able to login to Account A.
Also Alice creates a private/public Key and requests another account – Account B. Now Bob also
wants Alice to access his Account A. For that Bob ask his Administrator to put the public key of Alice
additional to Account A as well. Now Alice and Bob have access to Account A.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 4 of 15
Date: 03.12.2020
1.2 How to start?
• Windows User read in Capter “4.4.1 Creating under Windows” how to create
Public/Private Key.
• For requesting a Account, you need:
o Public key with email of the owner of the public key.
o Wish of username for the account o Email address of
the account owner
• In Chapter “5.2 Windows” you read how you can login after the account is created.
2. Connection information
DNS-Name: sftp.tui-infotec.com
IP: 62.48.80.6
Port: 30625
(for security reasons we do not use the default port. We use our postal
code)
DSA MD5 fingeprint: ac:fb:0f:30:50:0e:d6:18:80:32:ce:f8:9b:89:ff:70
RSA MD5 fingerprint: a4:0c:51:02:9b:3c:8f:b9:d9:79:27:3c:b5:f8:35:45
ECDSA MD5 fingerprint: 83:6d:bb:30:f6:4a:85:98:23:ef:69:21:b0:3b:9f:56
3.2 Username
For each account we need an email address. If it is a technical account, it is also fine with a group
mail address. It should be a suitable name for the account, as long it is not already occupied. The
username need to match the following criteria:
• Max. 32 characters long
• characters allowed are 0-9,a-z,_,-
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 5 of 15
Date: 03.12.2020
3.4 Directory structure
In the home directory of the user you find:
• upload – directory:
Only in this directory the user can write.
• sftp.tui-infotec.com.user-manual.en.pdf:
Here you find the newest user manual for sftp.tui-infotec.com in English.
• account.info.txt:
In this file you find information about the account like responsible email, cost centre, etc.
The responsible account contact need to make sure, that the information in this file is up to
date.
3.5 Upload volume
100-fold of the disc size of up and downstream is included in the price.
3.6 Connection
Unused connections will be dropped after 5 minutes for security reason.
You are allowed to run 10 connection in parallel and maximal 10 connections per IP-Address and per
minute.
4. User creation
4.1 Disk space
1GB disc space is included in the price.
For additional space you need to pay the actual SAN B2 (gold) incl. backup price. You can increase your
space in GB steps.
You can set a threshold for the disk usage. Above this usage you get an alert email. The default is above
85% a mail to the account owner.
4.2 Order
To order, modify or delete a user, please go to the Service portal of TUI-InfoTec:
https://test.jira.tuigroup.com/plugins/servlet/desk/portal/40/create/400===
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user1@tui.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user2@tui.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkpPHp6r2cgy7Tw66KyC2fadlavVBrNDuN5xOdfhj
W3e+cpBD2hfeMAe*****shorted*****pQpNL96HmsU= user3@irgendwo.com
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 6 of 15
Date: 03.12.2020
If you want to modify an existing account, you have the possibility of
overwriting the existing keys or to add them to the existing keys.
Costumer: e.g. “TUI Travel PLC”, “TUI UK Ltd” (it might be also filled in automatically)
Optional:
Disk space: 1GB (default value)
Email Threshold disk usage: Threshold of disk usage in %. Above this value you get a email.
(default 85%)
Email Resipient: recipient email action. You can choose between:
• Send only email to account owner (default)
• do not send emails at all, even the usage is above the threshold
• use Emails which are provided in the comments of the pubkeys
• use account owener email and use Emails which are provided in the
comments of the pubkeys
• set a own email address only for alerting
4.4 Create a public key
We need a public RSA key with 4096 bits. Below you find documentation how to do on Windows and
Unix. The Tools are only a suggestion.
Or in older Versions of putty you need to choose “SSH-2 RSA” with 4096:
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 7 of 15
Date: 03.12.2020
• As “Key comment” use the email address of the account owner. Then use copy and paste
to get the whole string below „Public key for pasting into OpenSSH authorized_keys file“.
Save the string in a simple editor like “Editor” or “Notepad”.
• Copy and paste all Letters in the Area “Public Key for pasting into OpenSSH
authorized keys file”. Save it in a simple text file (In Windows you best use the “Editor” or
Notepad”)
This string is your public key which TUI-InfoTec needs for creating the account. This string is exactly
1 line. If you want to give access to more keys, then you need to append the other public keys below.
Press „Save private key“ to save your private key. Everybody who has access to this key is able to
connect to the FTP Account. For this you must keep the key on a private location. It is also a good
idea to set a passphrase to protect the key.
e.g.:
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 8 of 15
Date: 03.12.2020
$ ssh-keygen -t rsa -b 4096 -C test@test.com Generating
public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
ef:d9:68:3f:b6:de:b5:8a:fc:11:8d:4b:f3:8f:09:88 test@test.com
The key's randomart image is:
+--[ RSA 4096]----+
| |
| |
| |
| o |
| S =.|
| o .. = |
| E o .o ..|
| .o++o.+o|
| .+**==..|
+-----------------+
5. Clients
The clients need to be provided, configured and operated by the user.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 9 of 15
Date: 03.12.2020
To help you with the start, here are some examples, which you could of course widen out.
5.1 Unix
5.1.1 Interactive login
In Unix you can use sftp.
Here is an example with “listing files” – “change to directory upload” – “upload file” – “get file” – “terminate
connection”
5.1.2 batch
If you want to use the above example in a batch, it would look like:
echo: The commands from the interactive example are divided through new line
separator “\n”.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.13..docx Page 10 of 15
Date: 03.12.2020
-b: Forces the sftp command to get the commands from a file. In our case we use “-“
behind “-“ to get the input from stdin. The option BatchMode make sure that no interactive
questions will appear. echo $?: With the next command „echo $?“ you can get the return code
of the script.
Connecting to sftp.tui-infotec.com...
Host key verification failed.
Connection closed
In this case the Server Host Key is not known. You might need to connect manually as described in
„4.5 First login“
lftp -c "debug 3;
set ssl:key-file ~/.ssh/id_rsa; set cmd:fail-exit yes;
set xfer:log no; open sftp://<YOUR_USER_ID>:x@sftp.tui-infotec.com:30625;
cd upload; put test -o test_transfering
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 11 of 15
Date: 24.10.2018
mv test_transfering test
"
lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa.pub; set cmd:fail-exit yes; set xfer:log no;
open sftp:// <YOUR_USER_ID>:x@sftp.tui-infotec.com:30625; mirror --delete -v upload
<YOUR_LOCAL_DESTINATION_DIR>; ls /upload"
and the other way around. From local to the sFTP Server dir.
lftp -c "debug 3; set ssl:key-file ~/.ssh/id_rsa.pub; set cmd:fail-exit yes; set xfer:log no;
open sftp://< YOUR_USER_ID>:x@sftp.tui-infotec.com:30625; mirror -R --delete -v
<YOUR_LOCAL_SOURCE_DIR>; upload ls /upload"
5.2 Windows
5.2.1 Interactive login
Another client software is the opensource software winscp. You can get it from
http://www.heise.de/download/winscp.html
Here two Screenshots to connect to the host. At least you need to set „Host name“, „Port number“,
„User name“ and under „Advanced“ in the right tree under „SSH/Authentication“ you need to
provide the path to your private key.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 12 of 15
Date: 24.10.2018
5.2.2 Batch
Under Windows you are also able to write a batch. In this example we use the program winscp.
The execution:
6. Possible problems
6.1 Disk full
If the disk is full, you get a not so clear error message. Example:
Solution: You either need to delete files or increase the space of the user.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 13 of 15
Date: 24.10.2018
6.2 Wrong directory
If you want to upload something in the root directory, you get the following:
Solution: Change to the „/upload“ directory. Only here the user has write permissions.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 14 of 15
Date: 24.10.2018
7.2 System update and maintenance
To get a high security, it is important to update a system as soon as possible.
Unfortunately we need a short service interruption.
This update can be done daily in the time between 6 and 7 o’clock (CET/CEST).
For bigger maintenance there is still the maintenance Window for bronze which can be found in the
contract available.
7.3 Service level
The Service level is bronze.
The Service is disaster resistant and will be moved to a different data centre in such a scenario. The
data will be synced every 15 minutes. For that it could be that you lose the last 15 minutes of the
data. Then you would need to upload the data from the last 15 minutes again.
Document: sftp.tui-infotec.com.user-
© TUI InfoTec 2018
manual.en.1.11.docx Page 15 of 15
Date: 24.10.2018