UFTP Service

UFTP (UNICORE FTP) is a file transfer tool similar to Unix’ FTP. Its main features include high-performance file transfers from client to server (and vice versa), list directories, make/remove files or directories, sync files and data sharing. In addition, users can easily share their data even with users who do not have Unix-level access to the data.

The data access server (uftpd) is running on JUDAC. Users are authenticated with a public/private SSH key pair to an authentication server. JSC operates the authentication server

https://uftp.fz-juelich.de:9112/UFTP_Auth

for the purpose of UFTP data transfers from/to JUDAC.

Note

The UFTP SSH keys are independent from the keys used for SSH access to the systems. Users must maintain separate key pairs and follow the guidelines below concerning the UFTP key management. Failure to comply may result in account blockage as a preventive security measure.

Client setup

Installing the uftp client on your workstation

The uftp client is a Java application (requires Java 8 or later) that you can install on your workstation machine (Linux/Mac OS/Windows) to be able to transfer data between your workstation and JSC.

The latest version is available for download on sourceforge. The detailed documentation of the client is available on the UNICORE manual page.

Using the uftp client on JSC machines

On JUWELS, JURECA and JUSUF the client is already installed and can be loaded with:

$ module load uftp

On JUDAC the client is pre-installed.

You can use it to transfer data from JSC to other HPC sites offering a UFTP server (e.g. HLRS, LRZ, CSCS, …).

Key management

The UFTP installation at JSC uses public/private key pairs for authentication and authorization, these keys can be generated by the standard SSH tools.

The private key resides on the workstation where the uftp client is running, the public key must be on |SYSTEM_NAME| in the $HOME/.uftp/authorized_keys file.

Note

For security reasons it is a critical requirement that the utilized SSH keys are not used for any other purpose than UFTP and are in particular not used to enable SSH-based access (including SCP and SFTP) to any system.

A UFTP public/private key pair can be generated using ssh-keygen with the -f id_uftp argument. Please see here for information about key generation.

Note

We suggest to protect the UFTP private key with a passphrase. If an automated data transfer is required, the key may be generated without passphrase as long as the above mentioned security measures are respected. In this case, we suggest replacing the key on regular basis. Please note that theft of the private key may allow a malicious attacker to access, modify and/or destroy your data. JSC reserves the right to change this policy at any time in case of a change to the threat assessment.

On your workstation where the uftp client will be running, generate a key pair:

$ cd $HOME
$ mkdir -p .uftp
$ cd .uftp
$ ssh-keygen [see above] -f ./id_uftp

To authorize the key for JUDAC access, copy the public key into the correct file on JUDAC :

$ ssh user@|SYSTEM_NAME|.fz-juelich.de mkdir -p .uftp
$ scp id_uftp.pub user@|SYSTEM_NAME|.fz-juelich.de:.uftp/authorized_keys

Note that similar to SSH, the .uftp/authorized_keys can contain multiple public keys.

Usage and examples

The following environment variables should be defined for convenience

$ export UFTP_USER=<your_remote_user_id>
$ export UFTP_AUTH_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC:
$ export UFTP_KEY=$HOME/.uftp/id_uftp

The UFTP_USER refers to your remote user ID at JSC. You can specify it also on the command line with the -u username option

Retrieve information about the remote server

$ uftp info --user $UFTP_USER--identity $UFTP_KEY $UFTP_AUTH_URL

List contents of a remote directory

$ uftp ls --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca

Download a single file to the current directory

$ uftp cp --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/test .

Download multiple files using wildcards

$ uftp cp --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/testdir/* .

Uploading files using wildcards

$ uftp cp --user $UFTP_USER --identity $UFTP_KEY "/tmp/test/*" $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca

Resuming file transfer(s)

If a long-running transfer got interrupted, you can try to resume it by adding the “-R” option:

$ uftp cp -R ---user $UFTP_USER -identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/testdir/* .

(be careful with this, especially in case of multithreading / file splitting)

Data sharing

By default, files will be shared for “anonymous” access. This will allow anyone who knows the sharing link to access the file using common HTTP tools. Shares can be limited to certain users.

First we need to set the following environment variable. On JURECA and JUWELS it is already set when loading the uftp module.

$ export UFTP_SHARE_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/share/JUDAC

List shares with

$ uftp share --user $UFTP_USER --identity $UFTP_KEY --list

To share a file with anybody

$ uftp share --user $UFTP_USER --identity $UFTP_KEY /p/home/jusers/$UFTP_USER/jureca/test

This will print the shared link on the screen. You can use curl or wget to download it. To restrict the access to a specific user use the --access option. For example,

$ uftp share --user $UFTP_USER --identity $UFTP_KEY --access "CN=schuller1, OU=ssh-local-users" /p/home/jusers/$UFTP_USER/jureca/test

Note that the CN=... part contains the remote user ID of the target user and OU=ssh-local-users is the same for all users.