SFTP Gateway AWS User Expiration
Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
In SFTP Gateway 2.001.00, we added user expiration as a new feature. You can configure SFTP user accounts to automatically deprovision after a set time. This can useful if you want to grant an external vendor SFTP access, but don't want this access to be indefinite.
We understand that the user expiration feature is a narrow user case, and it can result in data loss if you accidentally expire (delete) users unexpectedly. For this reason, this feature is disabled by default, and hidden from the web admin UI while disabled.
If you want to opt into user expiration, you will need to explicitly make this change by editing a config file via the command line.
Enabling user expiration
To enable user expiration, edit the file
Add (or modify) the following following property:
In the web admin UI, go to the Settings page, and refresh the browser.
You should see two new form fields:
- Enable User Expiration: You can enable or disable user expiration.
- Default User Expiration Days: The SFTP user will expire in this number of days after provisioning. This is a global default that can be overridden on a per-user basis.
Now, when you manage users, you'll see this new form field:
The Expiration Date by default is set to a week in the future. You can change this default in the Settings page by modifying the Default User Expiration Days value.
What happens when an SFTP user is expired
When an SFTP user is expired, the account is deleted. Your end user will no longer be able to log in. Also, the SFTP user's files will be deleted from the local Linux filesystem.
The user's upload destination in S3 gets deleted by default
as well. This behavior is configurable in
You can retain the expired user's files in S3 by changing
this setting to