.. include:: system.rst .. _uftp: UFTP Service ============ UFTP is a file transfer tool similar to Unix FTP. Its main features include high-performance file transfers from client to server (and vice versa), list directories, make/remove files or directories, sync files and data sharing. Users can easily share their data even with users who do not have Unix-level access to the data. The data access server (``uftpd``) is running on |SYSTEM_NAME|. Users are authenticated with a public/private SSH key pair to an authentication server. JSC operates the authentication server .. code-block:: none https://uftp.fz-juelich.de:9112/UFTP_Auth for the purpose of UFTP data transfers from/to |SYSTEM_NAME|. .. note:: The UFTP SSH keys are independent from the keys used for SSH access to the systems. Users must maintain separate key pairs and follow the guidelines below concerning the UFTP key management. Failure to comply may result in account blockage as a preventive security measure. Client setup ------------ You can install the ``uftp`` client on your desktop machine (Linux/Mac OS/Windows) to be able to transfer data from your desktop to supercomputers and vice versa. The latest version is available for download `on sourceforge`_. The detailed documentation of the client is available on the `UNICORE manual page`_. On JUWELS, JURECA and JUSUF the client is already installed and can be loaded with: .. code-block:: none $ module load uftp Key management -------------- The UFTP installation at JSC uses public/private key pairs for authentication and authorization and leverages the SSH key infrastructure for this purpose. .. note:: For security reasons it is a critical requirement that the utilized SSH keys are not used for any other purpose than UFTP and are in particular not used to enable SSH-based access (including SCP and SFTP) to any system. A UFTP public/private key pair can be generated using ``ssh-keygen`` with the ``-f id_uftp`` argument. Please see :doc:`here ` for information about key generation. .. note:: We strongly suggest to protect the UFTP private key with a passphrase. If an automated data transfer is required, the key may be generated without passphrase as long as the above mentioned security measures are respected. In this case we suggest regular key exchange. Please note that theft of the private key may allow a malicious attacker to access, modify and/or destroy your data. JSC reserves the right to change this policy at any time in case of a change to the threat assessment. The UFTP keys may only be stored in the directory ``~/.uftp``. Storage at any other location may lead to account blockage as a preventive security measure. .. code-block:: none $ cd $HOME/../shared $ mkdir -p .uftp $ cd .uftp $ ssh-keygen [see above] -f ./id_uftp To authorize the key for |SYSTEM_NAME| access, execute the following commands on |SYSTEM_NAME| .. code-block:: none $ mkdir -p $HOME/.uftp/ $ cat $HOME/../shared/.uftp/id_uftp.pub >> $HOME/.uftp/authorized_keys Usage and examples ------------------ The following environment variables should be defined for convenience .. code-block:: none $ export UFTP_USER=$USER $ export UFTP_AUTH_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC: $ export UFTP_KEY=$HOME/../shared/.uftp/id_uftp Defining ``UFTP_USER`` is not strictly necessary. If not specified on the command line with the -u username option, the client will use this environment variable as the username, if that is not defined, the current username (``$USER``) will be used which is identical to the JuDoor account name. **Retrieve information about the remote server** .. code-block:: none $ uftp info --identity $UFTP_KEY $UFTP_AUTH_URL **List contents of a remote directory** .. code-block:: none $ uftp ls --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$USER/jureca **Download a single file to the current directory** .. code-block:: none $ uftp cp --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$USER/jureca/test . **Download multiple files using wildcards** .. code-block:: none $ uftp cp --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$USER/jureca/testdir/* . **Uploading files using wildcards** .. code-block:: none $ uftp cp --identity $UFTP_KEY "/tmp/test/*" $UFTP_AUTH_URL/p/home/jusers/$USER/jureca **Resuming file transfer(s)** If a long-running transfer got interrupted, you can try to resume it by adding the "-R" option: .. code-block:: none $ uftp cp -R --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$USER/jureca/testdir/* . Data sharing ------------ By default, files will be shared for "anonymous" access. This will allow anyone who knows the sharing link to access the file using common HTTP tools. Shares can be limited to certain users. First we need to set the following environment variable. On JURECA and JUWELS it is already set when loading the uftp module. .. code-block:: none $ export UFTP_SHARE_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/share/JUDAC List shares with .. code-block:: none $ uftp share --identity $UFTP_KEY --list To share a file with anybody .. code-block:: none $ uftp share --identity $UFTP_KEY /p/home/jusers/$USER/jureca/test This will print the shared link on the screen. You can use ``curl`` or ``wget`` to download it. To restrict the access to a specific user use the ``--access`` option. For example, .. code-block:: none $ uftp share --identity $UFTP_KEY --access "CN=schuller1, OU=ssh-local-users" /p/home/jusers/$USER/jureca/test Note that the ``CN=...`` part contains the Unix user ID of the target user and ``OU=ssh-local-users`` is the same for all users. .. external links .. _on sourceforge: https://sourceforge.net/projects/unicore/files/Clients/UFTP-Client/ .. _UNICORE manual page: https://unicore-dev.zam.kfa-juelich.de/documentation/uftpclient-1.4.2/uftpclient-manual.html