File transfer with SFTP (SSH File Transfer Protocol)

Application

SFTP (SSH File Transfer Protocol) provides a secure way to connect client applications to the control and to transfer files at high speed from a PC to the control. The connection is routed via an SSH tunnel.

Requirements

Description of function

SFTP is a secure transmission protocol supported by various operating systems for client applications.

To set up the connection, you need a key pair consisting of a public and a private key. You transfer the public key to the control and assign it to a user through the user administration. The private key is required by the client application to set up a connection to the control.

HEIDENHAIN recommends using the CreateConnections application to generate the key pair. CreateConnections is installed together with the PC software TNCremo with version 3.3 and higher. CreateConnections lets you transfer the public key directly to the control and assign it to a user.

You can also use other software to generate the key pair.

Setting up an SFTP connection with CreateConnections

For an SFTP connection using CreateConnections, the following are required:

  • Connection with secure protocol, such as TCP/IP Secure
  • User name and password of the desired user are known
  •  
    Tip

    When you transfer the public key to the control, you must enter the user's password twice.

    If user administration is inactive, the user user is logged in. The password for the user user is user.

To set up an SFTP connection:

  1. Select the Settings application
  2. Select Network/Remote Access
  3. Select DNC
  4. Activate the Setup permitted toggle switch
  5. Create a key pair with CreateConnections and transfer it to the control
  6.  
    Manual

    For more information, refer to the integrated help system of TNCremo.

    You can open the context-sensitive help function of the TNCremo software by pressing the F1 key.

  7. Deactivate the Setup permitted toggle switch
  8. Transfer the private key to the client application
  9. Connect the client application to the control
  10.  
    Manual

    Please refer to the manual of the client application.

Notes

  • When user administration is active, you can set up only secure network connections via SSH or OPC UA (#56-61 / #3-02-1*). If non-secure network connections exist, you must set them up again as secure connections. If user administration is inactive, the control also automatically blocks non-secure LSV2 or RPC connections. In the optional machine parameters allowUnsecureLsv2 (no. 135401) and allowUnsecureRpc (no. 135402), the machine manufacturer can define whether the control will permit non-secure connections.
  • During the connection, the rights of the user to whom the used key is assigned are active. The directories and files displayed, as well as the access options, vary depending on the permissions.
  • You can also transfer a public key to the control by using a USB device or network drive. In this case, you do not need to activate the Allow password authentication check box.
  • In the Certificate and keys window, you can select a file with additional public SSH keys in the Externally administered SSH key file area. This allows you to use SSH keys without having to transfer them to the control.