O&M engineers can view audit records of uploading or downloading files by using Secure File Transfer Protocol (SFTP) client tools or command line tools on bastion hosts. This topic describes how to use SFTP client tools and command line tools to transfer files to bastion hosts and view audit records.
Transfer files by using a client tool
You can use a client tool, such as Xftp and WinSCP, to transfer files to a bastion host. The bastion host can audit and record your operations. This topic uses Xftp as an example.
Prerequisites
Xftp is installed on your computer.
The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section of the Overview page in the console of the bastion host. For more information, see Overview page.
NoteBastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to implement disaster recovery. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.
Procedure
Start Xftp. Click the General tab, enter the O&M address of the bastion host, the port number, and the username and password. Then, click OK.
The default port number of the bastion host is 60022.
Optional: Enter the verification code and click OK.
If multi-factor authentication (MFA) is enabled for the account that you use, you must enter the verification code that you obtained from the bound MFA device.
After you log on to the bastion host, view the hosts that you can manage on the right. Then, double-click the host on which you want to perform O&M operations.
Access the host directory and transfer files.
If you cannot access the host directory, use one of the following methods to resolve the issue:
Check whether the username and password of the host are managed in Bastionhost. If the username and password of the host are not configured in Bastionhost, configure the username and password of the host. For more information, see Manage a host account.
Check whether the name of the host directory is garbled. If the name of the host directory is garbled, you can double-click a transcoding directory and ignore the error message. Then, you can right-click the blank space and select Refresh to transcode the garbled directory name.
Clear the cache on your client tool. For example, if you use Xftp 6.0, you can click Options in the menu bar. In the Options dialog box, click the Security tab. In the History section, click Clear.
NoteIf none of the preceding methods resolve your issue, join the DingTalk group numbered 33797269 to consult technical experts.
Optional: Log on to the bastion host and view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.
Transfer files by using a command line tool
You can use a command line tool to connect to a bastion host and upload and download files. The bastion host can audit and record your operations.
When you use a command line tool to transfer files, MFA is not supported.
Prerequisites
The O&M addresses of a bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page of the console of the bastion host. For more information, see Log on to the console of a bastion host.
Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to implement disaster recovery. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.
Procedure
Open the command line tool and run the following sftp command:
sftp-P<port><username>@<bastionhostaddress><port>: This parameter is required. Replace
portwith the SSH-compliant O&M port for the bastion host. The default port is 60022.<username>: This parameter is required. Replace
usernamewith the username of the bastion host.<bastionhostaddress>: This parameter is required. Replace
bastionhostaddresswith the O&M address of the bastion host.
Enter the username and password of the bastion host and press Enter.
Run the ls command to view the host directory of the server.
The following figure shows the host directory. The name of the host directory is in the following format:
ssh_Username of the asset on which you can perform O&M operations@Asset IP address:Asset port number.
Run the cd command to go to the host directory of the server.
cd<filename><filename>: This parameter is required. Replace
filenamewith the name of the actual host directory.Run the get or put command to download or upload files.
File download command
get<File name on the remote server><File directory on your computer>File upload command
put<File name on your computer><File directory on the remote server>
Optional: Log on to the bastion host and view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for sessions and view session details.