SFTP Account Management

SFTP Account Management

Last updated: 2022-03-10 16:55

Intro

This page explains how the create and delete account on the Covid sFTP Server. Most of the time, these accounts are used by the organisations that are sending data to be processed. There are a few exceptions for pushing exports of data, but these have been replaced by the replication as much as possible.

Tools

To be able to complete the steps, you need to have access to the following information:

  • Launch Putty from the Citrix WebPage
  • Connect to the sFTP Server using the sciensano account
  • Have access to the shared KeyPass

It is better if you have (even basic) knowledge of the Linux command line. If you don't, be aware that Linux paths are case sensitive… this can be the source of many issues. Trick using Putty, you can paste by right clicking when the app has the focus.

Startup

Start the following tools as they will be needed for the next steps:

Open the Covid Share KeyPass
Go to \\CVD-P-SAS01\Tools and launch KeePass

Start Putty
From the Citrix Portal, start Putty Connect to server 10.72.144.46

User
sciensano

Password
Look it up in the COVID Shared KeyPass (the one labeled SFTP Account 2)

Adding an user

  1. Open the sFTP Folder in the KeePass
  2. Create the new user in KeePass (password gets generated automatically)
    • If the user is for a Data Provider, check in file Covid19CC_DATAProviders (Dropbox\HD_Projects\HD9999_COVID19_Lab\COVID19_Lab_Follow_Up) for the user name (login)
    • If the user is for the (Lime)Hosp project, use the hospital name and add _hosp at the end of the login name.
    • Don’t forget the save the KeyPass update
  3. Using Putty, go to folder covid-sftp
    cd covid-sftp
  4. Use the Helper script to generate the required content for the next steps.
    • Delete to output file of the helper script (if it exists)
      rm to_add.txt
    • Execute the helper script for each new user to add
      ./add.sh
      Reply to the prompts for user name and password for the new users(s)
    • Check the output of the script to make sure all is OK
  5. Print the content of the output file so you can copy/paste it.
    cat to_add.txt
  6. Copy the printed text (just selecting text in Putty copies it).
    • Copy WHOLE lines, the indentation is very important.
    • Once you have copied the content in a safe place (you’ll need it later). Delete the output of the helper script.
      rm to_add.txt
  7. Go to folder ansible/group_vars/ngsusers/
    cd ansible/group_vars/ngsusers/
  8. Edit file vars
    nano vars
    • go to the end of the file (you can use PageDown / Arrow Keys, nano is nicer than vi)
    • paste the content copied at the end of step 6 at the end of the file
      make sure that indentation is the same of the previous line and that there are no empty lines in the list of users
    • save the updated file (CTRL-X and follow the prompts at the bottom)
  9. Go back to the root of the ansible folder
    cd ../.. (or cd ~/covid-sftp/ansible/)
  10. Execute Ansible in “Check” mode to make sure all is ok
    ansible-playbook ngssftp.yml --check --ask-vault-pass
    There will be a prompt for the VAULT password, find it in KeePass.
  11. If there are no errors reporting in the previous step, execute Ansible again to apply the update
    ansible-playbook ngssftp.yml --ask-vault-pass
    There will be a prompt for the VAULT password, find it in KeePass.
  12. Exit Putty
    exit
  13. Check that the newly created accounts are working
    • Using WinSCP connect using each account created
    • If the account is for the “hosp” project
      • create a new directory “hosp” under the “upload” folder (next to “test” and “finished”)
      • add the new account to the exclusion list in “CONTROL.T_LST_VAL”
  14. Send the info about the newly created account(s) back to support
    DO NOT SEND PASSWORD IN CLEAR TEXT
    • Use https://Password.arxus.eu to create a encoded link to the login info
      • Set the options to 5 days and 5 views
        Use the following template as the content
        - username:
        password:
      • Copy the generated link
  15. Create a new mail to support using this template

    Hello,

    The sFTP account for 'XXXXXXX' has been created.
    A link with the account info has been created.
    The link is valid for 5 days and 5 view.
    <<PASTE ARXUS LINK>>

    Best regards,

    The Covid Team    .
  16. Congrats it's done.

Deleting an user

  1. Using Putty. Go to folder covid-sftp
    cd covid-sftp
  2. Go to folder ansible/group_vars/ngsusers
    cd ansible/group_vars/ngsusers/
  3. Edit file vars
    nano vars
    • find the user you want the delete in the list
    • add a line like this one under the username
      state: absent
      make sure to indent it correctly, it must be aligned with username and password like this:
      - username: demo
      state: absent
      password: 'very_long_value'
      uuid: 'another_long_value'
    • save the updated file (CTRL-X and follow the prompts at the bottom)
  4. Go back to the root of the ansible folder
    cd ../.. (or cd ~/covid-sftp/ansible/)
  5. Execute Ansible in “Check” mode to make sure all is ok
    ansible-playbook ngssftp.yml --check --ask-vault-pass
    There will be a prompt for the VAULT password, find it in KeePass.
  6. If there are no errors reporting in the previous step, execute Ansible again to apply the update
    ansible-playbook ngssftp.yml --ask-vault-pass
    There will be a prompt for the VAULT password, find it in KeePass.
  7. Exit Putty
    exit
  8. Check that the newly deleted accounts are not able to connect anymore
    • Using WinSCP connect using each account deleted, it must fail
      The password for the user should be available in the sFTP folder of the KeePass
  9. Congrats it's done.