This topic describes how to use a local SFTP client tool to log on to Bastionhost and access a host for which you want to perform O&M operations. Xftp is used as an example.


  • An O&M tool that supports SFTP, such as Xftp, WinSCP, or FlashFXP, is installed on your local host.
  • Bastionhost O&M addresses are obtained. You can obtain these addresses in the O&M Portals section on the Overview page of Bastionhost. For more information, see Log on to Bastionhost. O&M Portals section


  1. Start the Xftp tool. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, enter a Bastionhost O&M address, the default port number 60022, and the username and password to access Bastionhost on the General tab. Then click OK to connect to Bastionhost.
    Configure SFTP-based connection
  2. Optional: If multi-factor authentication (MFA) is enabled for a RAM user, enter the verification code obtained from the bound MFA device (the Alibaba Cloud app) in the two-step verification dialog box that appears and click OK.
    Two-step verification dialog box
  3. After you log on to Bastionhost, view the authorized hosts on the right side.
    • The directory whose name starts with !now in the host list (the directory in the first line in the following figure) is used for transcoding. If an encoding error occurs on any host directory in the host list, you can double-click the transcoding directory, and right-click the blank space and choose Refresh from the shortcut menu to transcode a garbled directory name.

    • Valid credentials must be added to required authorized groups. Otherwise, you cannot access ECS instances for SFTP-based O&M.
    View the list of authorized hosts
  4. Double-click the host for which you want to perform O&M operations to access the host directory and transfer files.