All Products
Search

This Product

    Bastionhost:Perform SFTP-based O&M

    Document Center

    Bastionhost:Perform SFTP-based O&M

    Last Updated:Oct 21, 2025

    O&M engineers can log on to a bastion host from a Secure File Transfer Protocol (SFTP) client and select assets for file transfer. This topic describes how to use an SFTP client on your macOS server to log on to a bastion host and perform O&M operations. SecureFX and FileZilla are used in the examples.

    Prerequisites

    • Assets and users are imported to the bastion host, and users are authorized to access the assets. For more information, see Create a host, Manage users, and Authorize assets and asset accounts.

    • You have obtained the O&M address of Bastionhost. You can obtain the O&M address on the Overview page in the Bastion Host Information area. For more information, see Bastionhost page overview.概览

      Note

      Bastionhost provides fixed O&M addresses in domain name pattern, while using dynamic IP addresses to ensure security against attacks. The IP address resolved from the O&M address may change. You should use the domain name address assigned by Bastionhost for O&M operations to avoid O&M failures due to IP address changes.

    • An O&M tool that supports SFTP, such as SecureFX, is installed on your server.

    Use the SecureFX client

    1. Start SecureFX.

    2. In the upper-left corner, click Connect. In the dialog box that appears, click the 加号图标 icon.

      mac新建sftp连接

    3. In the dialog box that appears, enter the O&M address of the bastion host in the Hostname field, specify the port number and the username, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

      mac连接sftp

    4. Select the bastion host and click Connect.

      mac登录sftp

    5. In the Enter Secure Shell Password dialog box, enter the username and password of the account that is used to log on to the bastion host and click OK.

      mac输入用户名密码

    6. If two-factor authentication is enabled for the bastion host user, enter the verification code and click OK.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      mac输入mfa_sftp

    7. After you log on to the bastion host, go to the asset management page. Double-click a transcoding directory and ignore the error message. Then, you can right-click the blank space and select Refresh to transcode the host directory name.

      image

      If you cannot access the host directory, try the following methods to resolve the issue:

      • Check whether the username and password of the account that is used to log on to the host are managed in the bastion host. If the username and password are not managed in the bastion host, configure the username and password. For more information, see Manage a host account.

      • Clear the cache on SecureFX.

      For more information about SFTP-based file transfer, see FAQ about SFTP-based file transmission.

      Note

      If the issue persists, join the DingTalk group 33797269 for technical support.

    8. Optional. Log on to the bastion host to view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for and view sessions.

    Use the FileZilla client

    1. Start the command-line tool.

    2. Enter ssh -T -N -D 127.0.0.1:1080 -oport=60022 <Username of the bastion host>@<O&M address of the bastion host> and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of a bastion host, see Configure the bastion host port number.

      image

    3. Enter the password of the account that is used to log on to the bastion host and press Enter to connect to the bastion host. Do not close the window.

    4. If two-factor authentication is enabled for the bastion host user, enter the verification code.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

    5. Start the FileZilla client and go to the Settings page. Click Generic proxy, select SOCKS5, enter 127.0.0.1 in the Proxy host field, enter 1080 in the Proxy port field, and then click OK.

    6. Go to the Site Manager page and click New site. Enter the IP address of the asset on which you want to perform O&M operations in the Host field, enter 22 in the Port field, set Logon Type to Normal, specify the username and password of the account used to log on to the asset, and then click Connect. In the dialog box that appears, click OK.

    7. After the asset is connected to FileZilla, you can transfer files from or to the asset in FileZilla and the operations can be audited by using the bastion host.

    8. Optional. Log on to the bastion host to view the audit records of file upload or download operations. For more information, see Log on to the console of a bastion host and Search for and view sessions.

    Reference

    For information about issues that may occur during SFTP-based O&M operations and solutions, see FAQ about SFTP-based file transmission.