File transfer with SFTP (SSH File Transfer Protocol)
Application
SFTP (SSH File Transfer Protocol) provides a secure way to connect client applications to the control and to transfer files at high speed from a PC to the control. The connection is routed via an SSH tunnel.
Related topics
- User administration
- Principle of the SSH connection
- Firewall settings
- Comparison of the transmission duration of different protocols
Example: Transmission duration of different transmission types
Requirements
- PC software TNCremo with version 3.3 or higher is installed
- SSH service is permitted in the firewall of the control
Description of function
SFTP is a secure transmission protocol supported by various operating systems for client applications.
To set up the connection, you need a key pair consisting of a public and a private key. You transfer the public key to the control and assign it to a user through the user administration. The private key is required by the client application to set up a connection to the control.
HEIDENHAIN recommends using the CreateConnections application to generate the key pair. CreateConnections is installed together with the PC software TNCremo with version 3.3 and higher. CreateConnections lets you transfer the public key directly to the control and assign it to a user.
You can also use other software to generate the key pair.
Setting up an SFTP connection with CreateConnections
For an SFTP connection using CreateConnections, the following are required:
- Connection with secure protocol, such as TCP/IP Secure
- User name and password of the desired user are known
- Tip
When you transfer the public key to the control, you must enter the user's password twice.
If user administration is inactive, the user user is logged in. The password for the user user is user.
To set up an SFTP connection:
|
Notes
- When user administration is active, you can set up only secure network connections via SSH or OPC UA (#56-61 / #3-02-1*). If non-secure network connections exist, you must set them up again as secure connections. If user administration is inactive, the control also automatically blocks non-secure LSV2 or RPC connections. In the optional machine parameters allowUnsecureLsv2 (no. 135401) and allowUnsecureRpc (no. 135402), the machine manufacturer can define whether the control will permit non-secure connections.
- During the connection, the rights of the user to whom the used key is assigned are active. The directories and files displayed, as well as the access options, vary depending on the permissions.
- You can also transfer a public key to the control by using a USB device or network drive. In this case, you do not need to activate the Allow password authentication check box.
- In the Certificate and keys window, you can select a file with additional public SSH keys in the Externally administered SSH key file area. This allows you to use SSH keys without having to transfer them to the control.