Secure FTP Test
In computing, the SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
This test emulates a user connecting to an SFTP server (on Windows/Unix) and performing an operation on the server. The operation may either be a GET or a PUT. For the specified operation, this test measures the availability of the SFTP server and its response time.
Target of the test : An SFTP server
Agent deploying the test : An external agent
Outputs of the test : One set of results for each SFTP server monitored.
Parameters | Description |
---|---|
Test Period |
How often should the test be executed. |
Host |
The hostname (or IP address) of the FTP server. |
Port |
The port number on which the FTP server is listening. |
Password Profile, User, Password, and Confirm Password. |
Password Profiles in eG enable centralized creation and maintenance of user credentials. If you have already configured a password profile in eG, which contains the credentials of a user with rights to connect to the SFTP server, then select that Password Profile from this drop-down list. In this case, the User, Password, and Confirm Password text boxes will be automatically populated with the credentials stored within the chosen Password Profile. On the other hand, If such a Password Profile does not pre-exist, then proceed to manually specify the credentials of a user who can connect to the SFTP server, against the User and Password text boxes. In this case, you will have to manually confirm the password by retyiping it in the Confirm Password text box. |
Private Key Path, Private Key Pass, and Confirm Password |
Secure FTP servers are protected using public key authentication. This is a secure logging method using SSH. Instead of a password, the procedure uses a cryptographic key pair for validation. To enable the eG agent to emulate a file transfer via SFTP, you first need to secure the communication between the eG agent and the SFTP server using public key authentication. To know how to configure public key authentication using SSH for an SFTP server, follow the instructions detailed in Configuring Public Key Authentication for a Secure FTP (SFTP) Server. Public key authentication involves generating a public key and private key, known as the key pair, on the eG agent host. The private key is named, id_rsa, and public key file is named, id_rsa.pub. Once the keys are generated, you will need to store the private key in agent host, and copy the public key to the SFTP server. To enable the eG agent to connect to the SFTP server, you need to configure the eG agent wilth the path to the private key file on the local host. For this, specify the full path to the id_rsa private key file against the Private Key File parameter. When generating the key pair, if you had chosen to store the key pair in the default location, then your Private Key File specification will be: /home/<Username>/.ssh/ folder (on Unix; on Windows, this will be C:\Users\<Username>\.ssh folder). However, if you had chosen to specify a different location for storing the key pair, then make sure you specify that path here. Then, in the Private Key Pass text box, specfy the pass phrase that you provided at the time of generating the key pair. Confirm the pass phrase by retyping it in the Confirm Password text box. |
RemoteFile |
The remote file that is downloaded in the case of GET operation; In the case of a PUT operation, the remote file represents the file to which data is uploaded. |
RemoteFolder |
The RemoteFolder indicates the remote SFTP folder where the specified RemoteFile exists. For example, this can be / or /sftpRoot or /mysftpFolder, in the case of a GET operation. In the case of a PUT operation, the RemoteFolder represents the remote destination folder. |
LocalFile |
The local folder that is written to in the case of a GET operation. In the case of a PUT operation, this string represents the name of the file that is uploaded to the SFTP server. If this value is “none”, then the test will write the downloaded data to the eG agent's logs folder. |
CMD |
Signifies the command to be executed by the test whether GET or PUT . |
Timeout |
The maximum time (in seconds) that the client will wait for a response from the FTP server. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Availability |
This measurement indicates whether the server was able to respond successfully to the query made by the test. |
Percent |
Availability failures could be caused by several factors such as the SFTP server being down, the SFTP server being misconfigured, authentication problems, file access permission problems, network failures, etc. Temporary unavailability may also occur if the SFTP server is overloaded. |
Total response time |
This measurement indicates the total time taken by the server to respond to the requests it receives, including the data transfer time. |
Secs |
An increase in the total response time can occur because there are too many simultaneous requests or because of a bottleneck with any of the applications executing on the server. |
Configuring Public Key Authentication for a Secure FTP (SFTP) Server
Public key authentication is a secure logging method using SSH. Instead of a password, the procedure uses a cryptographic key pair for validation.
The broad steps for configuring public key authentication for all communications between the eG agent and an SFTP server are as follows:
-
On the eG agent host, generate a private and public key, known as the key pair. The private key stays on the agent host.
-
Copy the corresponding public key to the SFTP server.
Each of these steps are discussed elaborately below.
Generating the key pair on the eG agent host
To achieve this on a Linux host running the eG agent, follow the steps below:
-
Login to the eG agent host as a user with Administrative privileges. and open the Linux shell prompt.
-
Check if any keys pre-exist on the host. For that, issue the following command at the prompt:
ls -l ~/.ssh/id*
-
Typically, keys will be stored in the /home/<username>/.ssh folder. If keys pre-exist, then the contents of the .ssh folder will be returned as the output of the above command. If there are no keys on the agent host, then the output will indicate that the .ssh folder does not exist.
-
If no keys exist, create a new .ssh folder under /home/<username>, by issuing the following command:
mkdir ~/.ssh
-
Change the permission of the folder to 700.
chmod 700 ~/.ssh
-
Next, issue the following command to generate the key pair:
ssh-keygen
-
The command will first prompt you to specify where the key pair should be stored. As mentioned earlier, a key pair is stored in the /home/<username>/.ssh folder, by default. Also, by default, the private key is stored in the file id_rsa, and the public key is captured into the file id_rsa.pub.
Enter file in which to save the key (/home/<username>/.ssh/id_rsa):
-
To save the key pair in the default location and with the default names, press Enter at the above prompt. On the other hand, if you want to save the key pair in a different location and with different names, then specify the full path (including the file name) to the storage location at the prompt above. Make a note of the full path to the id_rsa file (be it the default location, or the custom location that you provide at this prompt). This path should be configured as the Private Key Path of the Secure FTP test.
-
Finally, enter a passphrase to secure the key. After specifying the passphrase, press Enter again, and then confirm the passphrase by retyping it when prompted.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Make a note of this passphrase, as you need to configure the Private Key Pass parameter of the Secure FTP test with it.
-
Lastly, the program prints out information about where the keys are stored.
-
Finally, confirm that the key are indeed in the default/specified (as the case may be) directory. If you had chosen to store the keys in the default location, then execute the following command to verify if the keys have been created in that location:
ls -l ~/.ssh/
-
If you had earlier (at step 7 above) saved the key files using their default names, then you will find the following file names in the output of the above command:
-
id_rsa, which is the private key
-
id_rsa.pub is the public key
-
If the eG agent monitoring the SFTP server is running on a Windows host, then follow the steps below to generate the key pair on the agent host:
-
Login to the eG agent host as a user with Administrative privileges, and open the Windows command prompt.
-
At the prompt, issue the following command:
ssh-keygen
-
The command will first prompt you to specify where the key pair should be stored. As mentioned earlier, a key pair is stored in the C:\Users\<username>\.ssh folder, by default. Also, by default, the private key is stored in the file id_rsa, and the public key is captured into the file id_rsa.pub.
Enter file in which to save the key (C:\Users\<username>/.ssh/id_rsa):
-
To save the key pair in the default location and with the default names, press Enter at the above prompt. On the other hand, if you want to save the key pair in a different location and with different names, then specify the full path (including the file name) to the storage location at the prompt above. Make a note of the full path to the id_rsa file (be it the default location, or the custom location that you provide at this prompt). This path should be configured as the Private Key Path of the Secure FTP test.
-
Finally, enter a passphrase to secure the private key. After specifying the passphrase, press Enter again, and then confirm the passphrase by retyping it when prompted.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Make a note of this passphrase, as you need to configure the Private Key Pass parameter of the Secure FTP test with it.
-
With that, key pair generation will come to an end. If you had earlier (at step 4 above) saved the key files using their default names and in the default location, then you will find the following files in the C:\Users\<username>\.ssh directory:
-
id_rsa, which is the private key file
-
id_rsa.pub is the public key file
-
Copying the public key to the SFTP server
To achieve this, do the following on the SFTP server to be monitored:
-
Login to the server as a user with Administrator privileges.
-
Check if the .ssh folder pre-exists on the server. On Linux, run the following command at the prompt to perform this check.
ls -l ~/.ssh/
In case of Windows, use Windows Explorer and browse the C:\Users|<username> directory for the .ssh folder.
-
If the .ssh folder does not exist, then create it. On Linux, issue the command below to create this folder in the /home/<username> directory.
mkdir ~/.ssh
After creating the folder, change its permission on Linux by issuing the following command.
chmod 700 ~/.ssh
On Windows on the other hand, you can create the .ssh folder in the C:\Users\<username> directory via Windows Explorer.
-
Next, copy the id_rsa.pub file from the eG agent host to the .ssh folder (that you created at step 3 above) on the SFTP server.
-
Rename the id_rsa.pub file as authorized_keys.
-
On Linux, change the permissions of the file by issuing the following command:
chmod 600 ~/.ssh/authorized_keys
With that, the SFTP server will allow access to the eG agent host, as the eG agent host now owns the private key that corresponds to the server's public key stored in authorized_keys.