Configure Additional SFTP Servers Using the FileXpress Secure Shell Proxy

The File Storage setting in FileXpress Gateway Administrator allows you to specify a single SFTP server for file storage. Any transfer site you define using Gateway Administrator uses a directory on this server. This option is easy to use and configure, and is the recommended configuration.

It is also possible to configure directory access on additional servers using the SFTP Directories feature of the FileXpress Secure Shell Proxy; however, directories made available this way are managed differently from transfer sites. Review the following limits and differences before you proceed.

  • Directories configured this way will not have access to transfer site features added in future releases.
  • To transfer files using the FileXpress Transfer Client, users must have access to at least one transfer site configured using the Gateway Administrator. Users who have no transfer sites will see a message saying that no transfer sites are available, even if they have access to one or more SFTP directories configured using the FileXpress Secure Shell Proxy. Use one of the following approaches to work around this limitation:
    • Ensure that all users have at least one transfer site configured in Gateway Administrator.
    • Direct users to connect directly to the FileXpress Secure Shell proxy using an alternate SFTP client, such as the Reflection FTP Client, instead of using the FileXpress Transfer Client. These users should connect using the listening port configured on the Network pane of the FileXpress Secure Shell Proxy (22 by default). Users connecting this way will see shared SFTP directories configured using the FIleXpress Secure Shell Proxy, as well as transfer sites created using Gateway Administrator.
  • To control who has access to a transfer site created using Gateway Administrator, you add or remove users and groups on the Transfer Site page. To control who has access to an SFTP directory configured in the FileXpress Secure Shell Proxy, you use the Subconfiguration feature.

The following procedure configures a shared directory on an SFTP server that will be available to all users.

To configure a connection to an SFTP server from the FileXpress Secure Shell Proxy

  1. Start the FileXpress Secure Shell Proxy console. It is installed in the Windows Start menu (or Apps list) under Attachmate FileXpress Gateway > FileXpress Secure Shell Proxy.
  2. From the Configuration tab, click SFTP Directories in the left panel, then click Add. This opens the Accessible Directory Settings dialog box.
  3. Enter a Virtual directory name. This is the folder name that will be visible to users.
  4. Select Remote SFTP server. This opens the Remote SFTP Server Connection dialog box.
    • For Host, specify the name or IP address of the SFTP server.
    • Click Retrieve to retrieve the public key used to authenticate this server.
    • For Remote SFTP username and Password, enter the credentials of the user account that will provide access to the file system on the remote SFTP server.
    • Under Remote base directory, click Browse to select the directory you want to make available to users. This must be a directory accessible to the user you entered for Remote SFTP username.
  5. Click Test Connection. You should see a message saying that the connection was successful.
  6. Click OK to close the dialog boxes and return to the SFTP Directories pane.

    Note: The User login directory option, including the default /Home directory, is not used for FileXpress users.

  7. Save your settings (File > Save Settings).

Use the next procedure to limit access to a directory on an SFTP server to members of a FileXpress group or to an individual FileXpress user.

To configure directory access for a FileXpress group or user

  1. From the FileXpress Secure Shell Proxy console Configuration tab, under Subconfiguration click either User Configuration or Group Configuration.
  2. Click Add.
  3. Click Domain (for user configuration) or set Group type to Domain (for group configuration).
    • For members of the FileXpress LDAP server, set the domain name to FileXpress.
    • For members of an added LDAP server, use the Domain name as it appears on the LDAP Servers page in Gateway Administrator.
  4. Enter the name of the user or group your are configuring.
  5. In the left portion of the Group Configuration dialog box, click SFTP Directories.
  6. Clear the Inherit directories check box.
  7. Click Add to open the Accessible Directory Settings dialog box.
  8. Configure the remote directory that will be available to this user or group, as described in the preceding procedure, starting with step 3.