By default the RSA Identity Governance & Lifecycle hardware appliance is configured to allow the transfer of files to and from the hardware appliance via FTP. Your site may require that you transfer data files securely to the RSA Identity Governance & Lifecycle server using SFTP rather than the FTP protocol. This document describes how to configure SFTP for the RSA Identity Governance & Lifecycle hardware appliance using a username and password method rather than using public and private keys.
To configure SFTP for the RSA Identity Governance & Lifecycle hardware appliance, login as the
root user and create a new SFTP user as follows. Note that an SFTP account requires shell access to the appliance. In this example a user called
sftpuser is created.
- Create the user:
useradd sftpuser
- Change the user directory to point to the ftp directory:
usermod sftpuser -d /home/oracle/ftp
- Check that the user creation was successful:
cat /etc/passwd
The output should look similar to:
# cat/etc/passwd
sftpuser:x:1001:500::/home/oracle/ftp:/bin/bash
- Create a password for the user:
# passwd sftpuser
New password: <enter new password here>
Retype new password: <re-enter new password here>
passwd: password updated successfully
- Change the home directory and files to owner sftpuser and group oinstall:
chown sftpuser:oinstall /home/oracle/ftp –R
- Check that the owner and group modifications were successful:
ll /home/oracle/ftp
The output should look similar to the following:
# ll /home/oracle/ftp
total 56
-rw------- 1 sftpuser oinstall 0 May 18 1996 .bash_history
-rw-r--r-- 1 sftpuser oinstall 1177 Sep 25 2018 .bashrc
drwx------ 2 sftpuser oinstall 4096 Jun 27 2017 .config
-rw-r--r-- 1 sftpuser oinstall 1637 Sep 11 2014 .emacs
drwxr-xr-x 2 sftpuser oinstall 4096 Jun 27 2017 .fonts
-rw-r--r-- 1 sftpuser oinstall 305 Aug 21 2015 .i18n
-rw-r--r-- 1 sftpuser oinstall 861 Sep 11 2014 .inputrc
drwx------ 2 sftpuser oinstall 4096 Jun 27 2017 .local
-rw-r--r-- 1 sftpuser oinstall 6043 Aug 9 2018 .muttrc
-rw-r--r-- 1 sftpuser oinstall 1028 Sep 25 2018 .profile
-rw-r--r-- 1 sftpuser oinstall 1952 Aug 21 2015 .xim.template
-rwxr-xr-x 1 sftpuser oinstall 1112 Jun 3 2016 .xinitrc.template
drwxr-xr-x 2 sftpuser oinstall 4096 Jun 27 2017 bin
drwxr-xr-x 2 sftpuser oinstall 4096 Mar 13 06:31 public_html
- Change the primary group of the user to oinstall:
usermod -g oinstall sftpuser
- Check that the group was successfully changed:
groups sftpuser
The output should look similar to the following:
# groups sftpuser
sftpuser : oinstall
NOTE: If the Operating System ISO is re-installed, the SFTP user will need to be recreated.
For more information on configuring and using FTP with RSA Identity Governance & Lifecycle, please see Appendix A of the
RSA Identity Governance & Lifecycle documentation for your specific version.