Transfer files between your on-premises machine and managed hosts through Bastionhost using Secure File Transfer Protocol (SFTP). Bastionhost acts as the secure gateway — all file transfer sessions are audited and recorded.
How it works
When you connect an SFTP client to Bastionhost, the bastion host authenticates you, then routes your session to the target managed host. Your credentials for the managed host are retrieved from the bastion host. Every upload and download is logged as an auditable session.
Choose a method
| Method | Best for |
|---|---|
| Client tool (Xftp, WinSCP) | Windows users or those who prefer a graphical interface |
Command line (sftp) | Users comfortable with a terminal or who need scripted transfers |
Transfer files using a client tool
Connect an SFTP client such as Xftp or WinSCP to Bastionhost for graphical file transfer. The following steps use Xftp 7 as an example.
Prerequisites
Before you begin, make sure that you have:
Hosts and a user imported to the bastion host, with the user authorized to manage those hosts. For setup instructions, see Add hosts. To manage users and permissions, see Manage users and Authorize users or user groups to manage assets and asset accounts
The O&M address of the bastion host instance, available in the Bastion Host Information section on the Overview page. See Overview of the Bastionhost console
NoteBastionhost provides the O&M address as a fixed domain name backed by dynamic IP addresses. Always use the domain name for connections — IP-based connections may break when the underlying address changes.
Xftp 7 installed on your on-premises machine
Connect and transfer files
Open Xftp and choose File > New.
On the General tab, enter the bastion host connection details, then click OK.
Field Value Host The O&M address of the bastion host Port 60022(default SSH port). To use a different port, see Configure a port numberUsername Your bastion host username Password Your bastion host password 
If two-factor authentication is enabled, enter your verification code and click OK. To configure two-factor authentication, see Enable two-factor authentication.
After logging in, the hosts you can manage appear on the right. Double-click the target host to open its directory. If you cannot access the host directory, try the following: For more troubleshooting guidance, see FAQ about SFTP-based file transmission.
(Optional) Review audit records of the file transfer session. Log on to the Bastionhost console (see Log on to the console of a bastion host) and see Search for and view sessions.
Transfer files using a command line tool
Use the sftp command to connect to Bastionhost and upload or download files from a terminal.
Prerequisites
Before you begin, make sure that you have the O&M address of the bastion host instance, available in the Bastion Host Information section on the Overview page. See Overview of the Bastionhost console.
Bastionhost provides the O&M address as a fixed domain name backed by dynamic IP addresses. Always use the domain name for connections — IP-based connections may break when the underlying address changes.
Connect and transfer files
Run the following command to connect to the bastion host:
Parameter Required Description <port>Yes O&M port for the bastion host. Default: 60022. To use a different port, see Configure a port number<username>Yes Your bastion host username <bastionhost-address>Yes The O&M address of the bastion host sftp -P <port> <username>@<bastionhost-address>Enter your bastion host password and press Enter.
If two-factor authentication is enabled, enter your verification code. To configure two-factor authentication, see Enable two-factor authentication.
Run
lsto list the hosts you can manage.
Run
cdto navigate to the target host directory:cd <host-directory>Replace
<host-directory>with the directory name of the host shown in thelsoutput.Download or upload files using
getorput:Download a file from the host:
get <remote-filename> <local-directory>Upload a file to the host:
put <local-filename> <remote-directory>
(Optional) Review audit records of the file transfer session. Log on to the Bastionhost console (see Log on to the console of a bastion host) and see Search for and view sessions.