Configuring SSH Tectia Server for a Secure File Transfer Use Case

In this section we introduce a use case where SSH Tectia Server is used for automated secure file transfer, and show how to configure the SSH Tectia Server for it. SSH Tectia Client does not require any configuration changes.

The target of the SSH Tectia Server configuration changes is to improve the security of the system for automated file transfers. This calls for some user restrictions on the SFTP usage. In this secure file transfer use case, we define the following restrictions on the SSH Tectia Server:

Public keys are the only allowed authentication method. See instructions in Enabling Public-Key Authentication.
SFTP service is allowed only for specially created user groups SFTP-users and admin. SFTP service is denied from all other users. See instructions in Settings for the Admin Group, Settings for the SFTP-users Group and Settings for the Rest of Users.
Members of SFTP-users have access to their user-specific home folders only. This can be defined with virtual folders. See instructions in Settings for the SFTP-users Group and Figure 5.15.
Terminal access is allowed only for administrators, from everyone else, it is denied. See instructions in Settings for the Admin Group and Settings for the Rest of Users.