SFTP Gateway Support

3.0

SFTP Gateway AWS User Expiration

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

Overview

In SFTP Gateway 2.001.00, we added user expiration as a new feature. You can configure SFTP user accounts to automatically deprovision after a set time. This can useful if you want to grant an external vendor SFTP access, but don't want this access to be indefinite.

We understand that the user expiration feature is a narrow user case, and it can result in data loss if you accidentally expire (delete) users unexpectedly. For this reason, this feature is disabled by default, and hidden from the web admin UI while disabled.

If you want to opt into user expiration, you will need to explicitly make this change by editing a config file via the command line.

Enabling user expiration

To enable user expiration, edit the file /opt/sftpgw/sftpgateway.properties.

Add (or modify) the following following property:

sftpgateway.userexpiration=true

In the web admin UI, go to the Settings page, and refresh the browser.

You should see two new form fields:

azure-user-expiration-settings

  • Enable User Expiration: You can enable or disable user expiration.
  • Default User Expiration Days: The SFTP user will expire in this number of days after provisioning. This is a global default that can be overridden on a per-user basis.

Now, when you manage users, you'll see this new form field:

azure-user-expiration-date

The Expiration Date by default is set to a week in the future. You can change this default in the Settings page by modifying the Default User Expiration Days value.

What happens when an SFTP user is expired

When an SFTP user is expired, the account is deleted. Your end user will no longer be able to log in. Also, the SFTP user's files will be deleted from the local Linux filesystem.

The user's upload destination in S3 gets deleted by default as well. This behavior is configurable in /opt/sftpgw/sftpgateway.properties:

sftpgateway.userexpirationdeletescloudpath=true

You can retain the expired user's files in S3 by changing this setting to false:

sftpgateway.userexpirationdeletescloudpath=false
SFTP Gateway AWS Disable FoldersEnabling FTPS using vsftp