Recent Searches

    Popular Articles

    Articles
    View all
      Topics
      View all
        Tickets
        View all
          no results

          Sorry! nothing found for

          SFTP Server

          Healthcare Blocks can enable SFTP functionality on an existing or new server. SFTP is FTP tunneled through SSH.

          Roles

          Your SFTP server has two types of users - administrators and external users.

          By default, you are an administrator, and you will use SSH to connect via port 22. You can also use the SCP command to retrieve files.

          External users, on the other hand, will connect via port 222, using the SFTP command or a desktop SFTP software to transfer files.

          Creating New SFTP Users

          First, SSH to your server using an administrator account:

          ssh my-username@my-server-address

          Next, use the SFTP admin tool to manage users:

          sudo sftp_admin create_user username

          The admin tool will generate and display a random password. If you'd like to change the password, do:

          sudo sftp_admin change_pw username

          To view a list of users:

          sudo sftp_admin list_users

          To delete a user:

          sudo sftp_admin del_user username

          Where Files are Stored

          Your SFTP server uses a Linux concept known as CHROOT to physically isolate each SFTP user to a specific part of the filesystem. Thus, it is impossible for an SFTP user to access another user’s data. The exception, of course, are administrator accounts, which can access the entire filesystem via SSH and SCP protocols.

          User-specific files are located in user-named subdirectories under /data/sftp_chroot/users.

          When a user is created, a default subdirectory named files is also created. Files should be uploaded into this location because the SFTP subsystem does not permit uploads in the parent directory.

          If you'd like to rename the files directory or have others automatically created when users are created, you can edit /data/sftp_chroot/config.yaml and set one or more names:

          # inside /data/sftp_chroot/config.yaml:
userdirs:
  - inbound
  - outbound

          Note: each user directory also contains a directory named dev. Do not delete this directory as it is required by the SFTP subsystem for logging purposes.

          Viewing Activity Logs

          To satisfy HIPAA requirements, all SFTP activity is logged. You can view recent activity by using the following commands.

          # view all log entries
sudo grep 'sftp' /var/log/syslog

# tail in real-time
sudo tail -f /var/log/syslog | grep 'sftp'

          Older logs are stored in S3. See accessing archived logs for more info.

          How to Enable Filesystem Backups

          Please refer to this article for guidance.

          Example Command Line SFTP Session

          # connect
sftp -P 2222 myuser@host

# list directories on server
ls

# list directories on local computer
lls

# change directory
cd files

# upload file
put patients.csv

# download file
get claims-summary.pdf

          Please create a ticket if you'd like to add SFTP functionality to an existing or new server.

          Preview
          0 of 0