Highlighted
2 Bronze

SFTP and SCP access on Isilon

Jump to solution

I need to have SFTP and SCP access on our Isilon. I had enabled FTP and am able to connect via SFTP using the admin and root account (sftp admin@cyrrs620), but I want to have a user who does not have admin or root privileges, but can connect to the Isilon via sftp. I had read somewhere that SFTP access will be enabled for only Unix users (in general, not particularly for Isilon). What I want to know is:

1. Is there a way I can enable SFTP access for our AD users?

2. If no, how do I create a local user with limited privileges which will have SFTP and SCP access?

Till now I have tried creating a local user and adding it to the guest/ftp/ifs group in file provider, but its not working.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
4 Ruthenium

Re: SFTP and SCP access on Isilon

Jump to solution

Can I assume you are running OneFS v7.x?

If you are running v7.x, you will want to look into role-based access.  Specifically for SFTP which as you know is FTP secured via an underlying SSH session, the user therefore needs to be assigned at a minimum the following privilege:

ISI_PRIV_LOGIN_SSH

With OneFS v7.x, privileges are assigned via (system and user-defined) roles.  It should be enough to create a role with just that privilege and add the user (or group) to that role.

RBAC is covered in the Administration Guide for your version of OneFS (search for "Managing roles"😞

https://support.emc.com/search/?resource=DOC_LIB&AlloftheseWrds=onefs%20administration%20guide&Searc...

View solution in original post

10 Replies
Highlighted
4 Ruthenium

Re: SFTP and SCP access on Isilon

Jump to solution

Can I assume you are running OneFS v7.x?

If you are running v7.x, you will want to look into role-based access.  Specifically for SFTP which as you know is FTP secured via an underlying SSH session, the user therefore needs to be assigned at a minimum the following privilege:

ISI_PRIV_LOGIN_SSH

With OneFS v7.x, privileges are assigned via (system and user-defined) roles.  It should be enough to create a role with just that privilege and add the user (or group) to that role.

RBAC is covered in the Administration Guide for your version of OneFS (search for "Managing roles"😞

https://support.emc.com/search/?resource=DOC_LIB&AlloftheseWrds=onefs%20administration%20guide&Searc...

View solution in original post

Highlighted
2 Bronze

Re: SFTP and SCP access on Isilon

Jump to solution

Thanks Christopher, your information helped . I have not tried with a domain user yet, but a local user is currently good enough for me. I am now looking for options to restrict the user from navigating up from its home directory. Will post if I need any help. Thanks again .

0 Kudos
Highlighted
2 Bronze

Re: SFTP and SCP access on Isilon

Jump to solution

I am having issues restricting the user to its home folder. How can I do that?

0 Kudos
Highlighted
2 Bronze

Re: Re: SFTP and SCP access on Isilon

Jump to solution

Please see if the following document will help you achieve that.

0 Kudos
Highlighted
4 Ruthenium

Re: SFTP and SCP access on Isilon

Jump to solution

deykau,

Thanks for following up and letting us know of your progress.

In addition to the above, you may also want to refer to another KB article.  I'll simply list them both (one of which isi_cat) already brought to your attention.

emc14001307: "Restricting FTP users to their home directory"

emc14000926: "Locking FTP users into their home folder with vsftp"

0 Kudos
Highlighted
2 Bronze

Re: Re: SFTP and SCP access on Isilon

Jump to solution

Hi

If I want to set ten FTP users,  each  user  i must do  the operation as emc14001307?

thanks.

0 Kudos
Highlighted
Not applicable

Re: SFTP and SCP access on Isilon

Jump to solution

Can you please post the pdf of emc14000926: "Locking FTP users into their home folder with vsftp".  I am unable to get to this KB.

0 Kudos
2 Bronze

Re: Re: SFTP and SCP access on Isilon

Jump to solution

I only have the attachment: how to lock FTp users into a specific directory.

0 Kudos
Highlighted
3 Silver

Re: SFTP and SCP access on Isilon

Jump to solution

Anyone got lucky restricting the user to its home dir when using SFTP? the guide mentioned below is only for FTP, not SFTP.

And is there also a way to use Active Directory Users for login to SSH and/or SFTP?

0 Kudos