Define an SFTP Job

Working with Workload Objects › File Transfer Jobs › Define an SFTP Job

Define an SFTP Job

You can define an SFTP job to transfer binary and ASCII files using the Secure File Transfer Protocol (SFTP). The SFTP protocol supports wildcard transfers, so you can upload multiple files to a remote FTP server or download multiple files to the agent computer.

The SFTP job supports the following types of authentication for file transfer:

User authentication

This authentication requires the FTP user ID and password for authentication to the SFTP server.

Public-key authentication

This authentication requires the private key and passphrase for authentication to the SFTP server. If you create the private key using a blank passphrase, the passphrase is not required for the authentication.

Note: The SFTP job does not support public or private keys that are generated using Putty Gen or that are encrypted in DES3 format.

Multifactor authentication

This authentication requires both the FTP user ID and password and the private key and passphrase for authentication to the SFTP server.

Note: To run these jobs, your system requires CA WA Agent for UNIX, Linux, Windows, or i5/OS.

Follow these steps:

Open the Application that you want to add the job to in the Define perspective.
The Application appears in the workspace.
Select the SFTP job from the File Transfer group in the Palette view, and drag the job to the workspace.
The SFTP icon appears on the Application workspace view.
Right-click the SFTP icon, and select Edit from the pop-up menu.
The Basic page of the SFTP dialog opens.
Complete the following required fields:
Name

Defines the name of the job that you want to schedule.

Limits: 128 alphanumeric characters, plus the special characters commercial at (@), pound (#), dollar sign ($), underscore (_), square brackets ([]), brace brackets ({}), and percent sign (%) as a symbolic variable introducer character.

Agent name

Specifies the name of the agent where the secure transfer takes place.

Note: The drop-down list displays all the agents that are defined in the Topology for the specified job type.

Transfer direction

Indicates the direction of transfer (Download or Upload).

Default: Download

Transfer code type

Specifies the type of data you are transferring. Options are as follows:

Binary

Indicates a binary transfer.

ASCII

Indicates an ASCII transfer.

i5/OS: If the ASCII file to be transferred already exists on the target computer, the file is written using the encoding of the existing file. If the file does not exist, the file is written using the ASCII CCSID (Coded Character Set Identifier) defined on the agent. The default is 819.

Note: To transfer ASCII files, we recommend that the SFTP server that your agent computer communicates with is compliant with protocol level 4 or higher. To transfer ASCII files to or from an SFTP server that is compliant with protocol level 3 or lower, select the operating system type of the SFTP server from the The remote os type drop-down.

Default: Binary

Server address

Specifies the DNS name or IP address of a remote server.

Example: 172.24.36.107 (IPv4) or 0:0:0:0:0:FFFF:192.168.00.00 (IPv6)

Remote directory

Specifies the file's remote source directory (if downloading) or the file's remote destination directory (if uploading).

Remote file name
Specifies the file's source location (if downloading) or the file's destination (if uploading). This field is not required if you are uploading multiple files.

Notes:
- For uploads, you must specify the file name without wildcards.
- For downloads, you can use wildcards for the file name. The asterisk (*) is a wildcard for zero or more characters and the question mark (?) is a wildcard for a single character.
- If a wildcard is used in a remote file name for download, the local file name (the target) must refer to a directory. A wildcard transfer is equivalent to an mget transfer using an FTP client.
- You cannot rename files if wildcards are used.
Local file name
Specifies the file's destination (if downloading) or the file's source location (if uploading).

Notes:
- For downloads, you must specify the full path and file name without wildcards.
- For uploads, you can use wildcards for the file name. The asterisk (*) is a wildcard for zero or more characters and the question mark (?) is a wildcard for a single character.
- If a wildcard is used in a local file name for upload, the Remote file name field is not required. A wildcard transfer is equivalent to an mget transfer using an FTP client.
- You cannot rename files if wildcards are used.
- You cannot use wildcards in the path.
- If the agent user does not have access to the file's location, specify the user that has access to the location in the Run as user field.
User
Specifies the user ID of the user with the authority to download the file from the remote FTP server or upload the file to the remote FTP server. This field is required for user authentication and multifactor authentication. The user must be defined in the Topology. This field supports the use of a namespace for a user that has more than one password. Contact your administrator for the user name defined in the Topology.

Examples: Bob, Production:Bob

Notes:
- The drop-down list displays all the user IDs that are defined in the Topology for the specified agent. You must have at least Read access to the ADMIN.Network Topology permission to view this list.
- If you use public-key authentication, this field is optional. You can specify a user that is not defined in the Topology and run the SFTP job without a password.
PrivateKey Path

Specifies the full path for the private key file on the FTP client. This field is required for public-key and multifactor authentication.

Limits: 256 characters

PrivateKey passphrase

Specifies the passphrase for the private key.

Limits: 256 characters

Note: If you created the private key using a blank passphrase, this field is not required for authentication.
(Optional) Specify the following additional information:
Server port

Specifies the port number of the remote server.

Default: 22

Local user
Specifies a user ID on the UNIX or Linux computer where the agent is installed. This user ID determines the access permissions of a downloaded file on the agent computer and does not apply to uploads. When the file is downloaded, the file is created with this user as the file owner. To set the owner of a downloaded file, the agent must run as root.

Notes:
- The local user does not need to be defined in the Topology.
- Your agent administrator can specify a default local user for all FTP, Secure Copy, and Secure FTP jobs by setting the ftp.download.owner parameter in the agent's agentparm.txt file.
- The value in this field overrides the default setting specified in the ftp.download.owner parameter in the agent's agentparm.txt.
Run as user
Specifies the user ID that runs the job on behalf of the agent user. You can use this field to access remote resources that the agent user does not have access to. You are restricted to how you can access data on remote computers. To access restricted remote resources, you can run the job under a user ID that has access to those resources. The user must be defined in the Topology. This field supports the use of a namespace for a user that has more than one password. Contact your administrator for the user name defined in the Topology.

Examples: Bob, Production:Bob

Notes:
- The drop-down list displays all the user IDs that are defined in the Topology for the specified agent. You must have at least Read access to the ADMIN.Network Topology permission to view this list.
- This user must have access to the file’s location that you specify in the Local file name field.
- On UNIX, the password for this user is not required.
The remote os type

Specifies the remote operating system type in a secure file transfer (UNIX or Windows). The remote operating system type is used to determine the path separator on the remote system.

Note: To transfer ASCII files to or from an SFTP server that is compliant with protocol level 3 or lower, select the operating system type of the SFTP server.
Click OK.
The Secure FTP job is defined.

Example: Upload a File Using User Authentication

Suppose that you want to upload the logs.tar file to the /u/tmp directory on the hpsupport server using user authentication. The job uses the Secure File Transfer Protocol (SFTP).

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_UPLOAD
- Agent name—WINAGENT
- Server address—hpsupport
- Remote directory—/u/tmp
- Remote file name—logs.tar
- Local file name—D:\temp\logs.tar
- User—causer
Select the Upload and Binary option buttons.
Click OK.

Example: Upload Multiple Files Using User Authentication

This example uploads the files in the c:\temp\upload directory to the /u1/build/uploaded directory on the aixunix server using user authentication. The job uses the Secure File Transfer Protocol (SFTP). Since the value in the Local file name field contains a wildcard, no value is specified in the Remote file name field.

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_UPLOAD_MULTIPLE
- Agent name—WINAGENT
- Server address—aixunix
- Remote directory—/u1/build/uploaded
- Local file name—c:\temp\upload\*
- User—causer
Select the Upload and Binary option buttons.
Click OK.

Example: Upload a File Using Public-Key Authentication

This example uploads the upload_test.txt file from the C:\ca directory to the E:\ftp directory on a remote FTP server using public-key authentication.

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_UPLOAD
- Agent name—SFTPAGENT
- Server address—winserver
- Remote directory—E:\ftp
- Remote file name—upload_test.txt
- Local file name—C:\ca\upload_test.txt
- PrivateKey path—C:\rsa_user1
- PrivateKey passphrase—abcd
Select the Upload and ASCII option buttons.
Click OK.

Example: Upload a File Using Multifactor Authentication

This example uploads the upload_test.txt file from the C:\ca directory to the E:\ftp directory on a remote FTP server using multifactor authentication.

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_UPLOAD
- Agent name—SFTPAGENT
- Server address—winserver
- Remote directory—E:\ftp
- Remote file name—upload_test.txt
- Local file name—C:\ca\upload_test.txt
- User—causer
- PrivateKey path—C:\rsa_user1
- PrivateKey passphrase—abcd
Select the Upload and ASCII option buttons.
Click OK.

Example: Download a File from an FTP server to a Remote Location using Run as User

Suppose that you want to download a file (download_test.txt) from a remote FTP server to a remote location that the agent user does not have access to. An additional user (user2) that has access to the remote location is specified.

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_DOWNLOAD
- Agent name—SFTPAGENT
- Server address—linuxserver
- Remote directory—/home/user1
- Remote file name—download_test.txt
- Local file name—/mnt/share1/download_test.txt
- User—user1
- Run as user—user2
Select the Download and ASCII option buttons.
Click OK.

Example: Download an ASCII File from an SFTP Server that is Compliant with Protocol Level 3 or Lower

Suppose that you want to download an ASCII file (download_test.txt) from a remote SFTP server (linuxserver) that is compliant with protocol level 3 or lower. Select the operating system (UNIX) of the SFTP server from the The remote os type drop-down.

Follow these steps:

Enter the following information in the Basic page:
- Name—SFTP_UPLOAD
- Agent name—SFTPAGENT
- Server address—linuxserver
- Remote directory—/home/user1
- Remote file name—download_test.txt
- Local file name—/mnt/share1/download_test.txt
- User—user1
- The remote os type—UNIX
Select the Download and ASCII option buttons.
Click OK.

More information:

Using a Namespace for a User that has Different Passwords