Additional File Operations

Overview

In a similar way, you can also perform secure copy (scp), and secure file transfer (sftp) operations using a native client. By accessing files on a target computer through the Delinea Connector, you can authenticate with your own credentials, then use the local or domain accounts stored in the Privileged Access Service to perform secure file operations on a remote computer. No direct interaction with the portal is required, but the activity is captured and visible in dashboards and reports.

As with secure shell sessions, you can log on manually without using a stored password if you have a user name and password with File Transfer permission. If you don’t have the File Transfer permission, you can request access from a designated approver if a request and approval work flow is enabled.

The information you provide to authenticate and access the target computer is the same as the information required to open a secure shell session. However, you must have the File Transfer permission to perform scp or sftp operations.

For example, to copy a file from one computer to another using scp, the connection information would be similar to the following:

Copy 
/home/smith02$ scp Login-user@Connector‑FQDN:Source‑filenameDestination-filename

You would then be prompted for the login-user password, the target computer host name, and the target account and use sftp command to perform operations.

You can perform many additional file operations using the secure file transfer protocol. For example, you can use sftp to list directory contents, rename files, or delete files. The connection information would be similar to the following:

Copy 
/home/smith02$ sftp Login-user@Connector-FQDN

You would then be prompted for the login-user password, the target computer host name, and the target account.

The scp and sftp file transfer protocols are supported for any target system type and most native clients regardless of the operating system from which the connection is made.

Interactive Authentication

On some platforms, the sftp client cannot perform interactive authentication when multiple prompts are required. If the sftp client can’t communicate with the connector for authentication, you can use a connection string profile to specify the parameters required to complete the file transfer.

Connection Strings

In addition to the formats described in "Saving connection profiles", a new field may be prepended to the connection string to indicate whether you need shell access or file access. Adding the type of access to the connection string is useful in scripts to skip the following interactive prompt:

Copy 
Do you need ssh shell access or file transfer access?

For domain accounts, the format is:

Copy 
accesstype@domainUser@domainName@hostname@user

For local accounts, omit the domainName, as in:

Copy 
accesstype@localUser@@hostname@user

SSH connection strings

You can use an SSH client connection string to connect.

ssh user@targetHostname@loginAccount@connectorHostname

The connection string consists of:

  • User: Local account of the target machine (user@targetHostname)
  • Delinea PAS Cloud username (loginAccount)
  • Connector hostname: (connectorHostname)

If the target hostname or account isn't specified, you will be prompted for this information.

For example:

ssh myuser@111.111.111.111@pasclouduser@email.com@222.222.222.22

This will generate a password prompt and any other required authentication prompts.