In order to send or get files using Cerberus rules and scheduled tasks, you will need to create an SFTP Event Target. Before starting, you will need to have the hostname or URL of the target server, and username. For password authentication, you will also have a password. For SFTP key authentication, see instructions below to create the key pair.
To start, navigate to 'Event Manager' > 'Event Targets'. Click 'New' and select Transfer File Target. See the ‘Add A New Event Target’ screenshot below
Add the Transfer File Target
Add information describing the server and user in the Transfer File Target panel. Refer to the 'Transfer File Target’ screenshot below
The Transfer File Event Target
- Label Give the target a descriptive label so you know what it's for
- Protocol Select the Protocol you want to use. Currently, we support FTP, FTPS, SFTP, and HTTP/S PUT/GET. Depending on the selected Protocol, certain options are available. For example, when FTP is selected, you can force upgrading to encrypted SSL channels by clicking Require SSL.
- When checked, Verify Remote Certificate will ensure that the host’s certificate and peer chain are valid; this option is available whenever a SSL channel is used, but not for unencrypted FTP or for SFTP.
- Server which server to contact
- Optional Path where to send the file (if you don't want to place the files in a subdirectory). Simply leave blank if the files will drop into the root directory that the user has access to.
- Username (always required)
- Password (Only required if you are doing 'password' or 'password and public/private key authentication')
-
Public Path/Private Key Path (SFTP Only. Required if you are doing 'public/private key authentication' OR 'password and public/private key' authentication. Unlike other SFTP clients, you will need both a private key AND a public key. This is different from using a standard client implementation, like WinSCP or Filezilla, where only the private key is required.
- Public Key should be in SSH Public Key Format
- Private Key should be in PEM format. If the private key is encrypted, check the Needs Key Password setting and enter the password.
Note: It is possible to use both username/password and certificates/public key to provide two-factor authentication.
How to Generate a public/private key pair for SSH SFTP Authentication:
We recommend you use PuTTYgen version 0.75 or above to create the key pair:
PuTTYgen download and install
PuTTYgen is normally installed as part of the normal PuTTY .msi
package installation. There is no need for a separate PuTTYgen download. Download the PuTTY installation package. For detailed installation instructions, see PuTTY installation instructions.
Running PuTTYgen
Go to Windows Start menu → All Programs → PuTTY → PuTTYgen.
Creating a new key pair for authentication
To create a new key pair, select the type of key to generate from the bottom of the screen (using RSA
with 2048 bit key size is typical).
Click Generate, and start moving the mouse within the Window. Putty uses the mouse movements to collect randomness. The exact way you are going to move your mouse cannot be predicted by an external attacker. You may need to move the mouse for some time, depending on the size of your key. As you move it, the green progress bar should advance.
Once the progress bar becomes full, the actual key generation computation takes place. This may take from several seconds to several minutes. When complete, the public key should appear in the Window. You can now specify a passphrase for the key.
Save the Putty generated private key by clicking Save private key to <filename>.ppk (You will NOT use this file. This is just to have a copy in case you need to recreate your supported public key).
Export the Private Key for the Cerberus Event Target:
Go To 'Conversions' > 'Export OpenSSH key'. Save the private key as <filename>.pem. This will be used by the Cerberus Event Target.
Save the Public Key:
In order to save the public key in the right format, you must copy the public key code from the 'Public key for pasting into OpenSSH authorized_keys file' section and paste the data manually into a text editor like Notepad. Once you have done that, save the file as <filename>.pub. Do not use the 'Save public key' button! It will create the public key in the wrong format and your connection will fail.
In the Cerberus Event Target you are creating...
...point the Public Key Path field to the .pub key file you created
...point the Private Key Path field to the .pem key file you created
Test the Event Target
Click the Test button to verify that Cerberus is able to connect to the server and login; it doesn’t actually transfer a file, but it’s a good starting point for verifying that your Target is configured properly.
If you have problems connecting, go to the Log screen in the user interface, enable Debug Mode by clicking on the ‘bug’ icon, and test again. The log will now have detailed information about the connection and may provide some clues (ie. warnings/error messages) as to what changes you need to make to successfully complete the connection.
Comments
0 comments
Article is closed for comments.