This topic describes how to use an SFTP client tool on your computer to log on to a bastion host and access a host for which you want to perform O&M operations. In this example, Xftp is used.


  • An O&M tool that supports SFTP, such as Xftp or WinSCP, is installed on your computer.
  • Bastionhost O&M addresses are obtained. You can obtain these addresses in the O&M Portals section on the Overview page of Bastionhost. For more information, see Log on to Bastionhost.O&M Portals section


  1. Start the Xftp tool. Click the New icon on the File menu. In the Properties of New Session dialog box, enter the O&M address of the bastion host, the default port number 60022, and the username and password to access the bastion host on the General tab. Then click OK to connect to the bastion host.
    Configure SFTP-based connection
  2. Optional:If multi-factor authentication (MFA) is enabled for a RAM user, enter the verification code that you obtained from the bound MFA device (the Alibaba Cloud app) in the Two-Step Verification dialog box and click OK.
    MFA verification code
  3. After you log on to the bastion host, view the hosts that you can manage on the right. View the list of authorized hosts
  4. Double-click the host for which you want to perform O&M operations to access the host directory and transfer files.
    Note If you cannot access the host directory, use one of the following methods to resolve the issue:
    • Clear the cache on Xftp. For example, if you use Xftp 6.0, you can click Options in the menu bar. In the Options dialog box, click the Security tab. In the History section, click Clear.