Skip to main content

SFTP Data Transfer

You can add an SFTP user to PHC. This allows the use of standard SFTP methods and tools to add files to a PHC project.

Adding an SFTP user to PHC is not the same as adding a PHC user. An SFTP user uses standard SFTP CLI commands or SFTP apps, such as Cyberduck or FileZilla, to upload files into PHC. The SFTP user cannot access PHC through the normal PHC web app. The SFTP user receives the equivalent of an API key and write-only permissions.

note

SFTP access to PHC is restricted to Write Access.

SFTP Data Transfer Roles

In many cases, the PHC admin may need to grant a third party access to upload SFTP files. If this is the case, the admin and the uploader each need to perform specific tasks to establish access. If the admin is creating SFTP access for themselves, the admin performs all the tasks.

Uploader Tasks

PHC Admin Tasks

Generate a Public/Private Key Pair

The SFTP service uses an SSH public key to authenticate an SFTP user. The uploader needs to generate the public/private key pair.

The following procedure gives the basic commands to generate these keys with OpenSSH. OpenSSH is installed on Windows, Mac, and Linux operating systems by default. If you need a more detailed procedure, search the web for OpenSSH and your particular operating system.

Note: PHC requires that the keys are generated with RSA encryption.

  1. Open a terminal and enter the following:
$ ssh-keygen -t rsa
> Generating public/private rsa key pair.

> Enter file in which to save the key (/Users/dan/.ssh/id_rsa):
/Users/<username>/.ssh/<phc_key>
## Copy the default ssh file location from the displayed path and replace the default filename with a unique key name.

> Enter passphrase (empty for no passphrase):
## Press Enter for the no password option.

> Enter same passphrase again:
## Press Enter again to confirm the no password option.

>Your identification has been saved in /Users/dan/.ssh/phc_key
>Your public key has been saved in /Users/dan/.ssh/phc_key.pub
>....
## SSH also displays a key fingerprint and randomart image.

$ pbcopy < ~/.ssh/<phc_key>.pub
## This copies the public key to your clipboard.
  1. If you are a third party, paste your public key in a message and send it to the PHC admin.

    or

    If you are the PHC admin, leave the public key in your clipboard to use in the next procedure.

Wait

If you are an uploader, wait until you receive your username from a PHC admin before you complete the Transfer SFTP Files procedure.

Create an SFTP User in PHC

  1. On the left side menu of PHC, click Files and SFTP.
  2. Click the Add User button.

Add SFTP User The Add New User dialog displays. Use the following information to fill in the fields:

FieldDescription
UsernameThis is the username that authenticates with the SFTP service.
Home Directory(Optional) You may want to restrict where an SFTP user can add files within a project. You can do this by specifying a specific folder to use in the project as the user's home directory. The SFTP user will not be able to add files to any other location within the project. If left blank, the user can access the root level of project.
SSH Key NameA user-friendly name to identify the key.
SSH Public KeyThe public key portion of the public/private key pair. PHC requires the RSA encryption option. RSA encrypted keys begin with ssh-rsa.
  1. Click the Add User button on the dialog.

Transfer SFTP Files

The earlier procedures helped created the credentials needed to use SFTP. If you are working with a third-party uploader, you can send the credential table from Use SFTP Apps to Transfer PHC Files. Copy and paste the table into the email or chat message you will send the uploader. Replace the generic username information with the <phc-account-id>_username you created in PHC.

note

The PHC account ID is automatically added as a prefix to the username value provided.

Use SFTP CLI commands to Transfer PHC Files

After the user is added, click the added username on the SFTP page to display the SFTP Settings page. This includes the How to connect dialog dialog that gives the CLI command needed to connect and transmit files using the terminal. Once connected, you can transfer files into the project using standard SFTP commands.

Use SFTP Apps to Transfer PHC Files

The credentials needed to connect SFTP apps are described in the table below. You can also find these elements in the CLI command of the SFTP Settings page.

Credential TypeCredential or Source
ProtocolSFTP
Serversftp.us.lifeomic.com (If you are working in development, use sftp.dev.lifeomic.com. This is unusual.)
Username<phc-account-id>_ plus the username entered in the PHC Add User dialog. (Example, ab1283ajioj127_dan)
PasswordLeave blank if you did not use a password to generate the SSH key pair.
SSH Private KeyNavigate to the private key file you created or enter the directory path and filename. (Example, ~/.ssh/phc_key)

cyberduck

Audit Access and Event History

You can review SFTP access event history from the PHC web console.

  1. On the left side menu of PHC, click Files and SFTP.
  2. Under Username, click on a user to display the SFTP User details view.
  3. From the SFTP User details view, click on the Event History tab. This tab shows a listing of events for the SFTP user. This includes events for when the user connected, which files were added, and when they disconnected. SFTP User Events

Delete SSH Keys

A single SFTP user can have up to five SSH keys registered at one time.

For security, we recommend that you rotate your SSH keys. A time interval of three months is a common rotation period.

If you think that a user's private key has been compromised, you can remove it from the list of keys on the SFTP User details view. Once removed, that private key can no longer be used to access the SFTP service.

  1. Under Username, click on a user to display the SFTP User details view.
  2. Click the Settings tab.
  3. Under SSH Keys, click Delete next to the specific key. Add SFTP Delete