Current Generation Transfer Clients and Servers utilize SSH for user authentication.  SSH typically uses the Operating System's accounts which could be on the local system or based on a remote directory service; such as LDAP and Active Directory).  There are two main methods for authentication in FASP.  You can use a User/Password combination or SSH Key Pairs.  Both methods with examples are provided in this document.

Username and Password

This is by far the simplest authentication method when using FASP.  The transfer initiator provides credentials of a user account that is authorized on the remote Aspera Node.  Depending on your specific application, there are different ways to specify the username and password.  this is usually passed through when preparing the transfer.

Java FASP Manager SDK

RemoteLocation remote = new RemoteLocation("aspera.example.com", "transfer_user", "transfer_password");

.NET (C#) FASP Manager SDK

RemoteFileLocation remote = new RemoteFileLocation("aspera.example.com", "transfer_user", "transfer_password");

C++ FASP Manager SDK

Aspera::FaspManager::Location *remote;remote = Aspera::FaspManager::Location::CreateRemote( "aspera.example.com", "transfer_user" , "transfer_password" );

JavaScript Connect API

 

SOAP Job Submission API

 

SSH Key Pair

Another option is to use SSH Key Pairs in OpenSSH format (since v3.3 ascp no longer supports putty private keys).  This method works by installing the public key in the authorized user's keys file on the remote Aspera Server and the transfer initiator needs the corresponding private key when starting the transfer.  In order to setup key based authentication you need to follow a few simple steps to setup the server before attempting authorization in your application.  More information on how to bypass password authentication in SSH is available.

To begin you need to generate a pair of keys, the public and private key, in the OpenSSH format.  Depending on your OS their are tools available to generate these keys; for example in UNIX based systems you can use ssh-keygen.

After you have your keys generated you need to install the public key on the remote Aspera Node.  To do this you need to copy the contents of the public key to the file .ssh/authorized_keys in the directory of the user. If you do not see the .ssh folder you may need to create it and the authorized_keys file.  The location of this varies by OS:

  • Windows Vista/2008 and Later: C:\Users\{USER}\.ssh
  • Windows XP/2003 and Earlier: C:\Documents and Settings\{USER}\.ssh
  • Macintosh: Users/{USER}/.ssh
  • Linux: /home/{USER}/.ssh

You now need to install the private key on the host where the transfer will be initiated from.  To do this make sure that the private key file is accessible from the application that will be launching the transfer.  You should also verify that the rights on the private key file are compatible with the needed permission and rights for SSH.

Now that the keys are installed you can start the transfer using the private key's path.  This will vary based on the SDK or API that you are using.  Below are the examples for the different products that use authorization.

Java FASP Manager SDK

RemoteLocation remote = new RemoteLocation("aspera.example.com", "transfer_user", "c:\Documents\userkey_dsa.openssh", null);

.NET (C#) FASP Manager SDK

RemoteFileLocation remote = new RemoteFileLocation("aspera.example.com", "transfer_user", "c:\Documents\userkey_dsa.openssh", null);

C++ FASP Manager SDK

 

JavaScript Connect API

When using Key Based Authentication with Connect Plugin the private key is installed on the machine with the Connect Plugin (the installer includes the private key).  The public key that corresponds to that private key is available in the installation directory of the Aspera Connect Server as aspera_id_dsa.pub.  This public key needs to be copied to the same file as mentioned above (.ssh/authorized_keys).  Key based authentication should be used with transfer authorization.

 

SOAP Job Submission API

 
Video player

Video

×