UFTP (UNICORE FTP) is a file transfer tool similar to Unix’ FTP. Its main features include high-performance file transfers from client to server (and vice versa), list directories, make/remove files or directories, sync files and data sharing. In addition, users can easily share their data even with users who do not have Unix-level access to the data.
The data access server (
uftpd) is running on JUDAC. Users are authenticated
with a public/private SSH key pair to an authentication server. JSC operates the authentication server
for the purpose of UFTP data transfers from/to JUDAC.
The UFTP SSH keys are independent from the keys used for SSH access to the systems. Users must maintain separate key pairs and follow the guidelines below concerning the UFTP key management. Failure to comply may result in account blockage as a preventive security measure.
Installing the uftp client on your workstation
uftp client is a Java application (requires Java 8 or later) that you can install on your workstation machine
(Linux/Mac OS/Windows) to be able to transfer data between your workstation and JSC.
Using the uftp client on JSC machines
On JUWELS, JURECA and JUSUF the client is already installed and can be loaded with:
$ module load uftp
On JUDAC the client is pre-installed.
You can use it to transfer data from JSC to other HPC sites offering a UFTP server (e.g. HLRS, LRZ, CSCS, …).
The UFTP installation at JSC uses public/private key pairs for authentication and authorization, these keys can be generated by the standard SSH tools.
The private key resides on the workstation where the
uftp client is running, the public key
must be on |SYSTEM_NAME| in the
For security reasons it is a critical requirement that the utilized SSH keys are not used for any other purpose than UFTP and are in particular not used to enable SSH-based access (including SCP and SFTP) to any system.
A UFTP public/private key pair can be generated using
ssh-keygen with the
-f id_uftp argument. Please see here for information about key generation.
We suggest to protect the UFTP private key with a passphrase. If an automated data transfer is required, the key may be generated without passphrase as long as the above mentioned security measures are respected. In this case, we suggest replacing the key on regular basis. Please note that theft of the private key may allow a malicious attacker to access, modify and/or destroy your data. JSC reserves the right to change this policy at any time in case of a change to the threat assessment.
On your workstation where the
uftp client will be running, generate a key pair:
$ cd $HOME $ mkdir -p .uftp $ cd .uftp $ ssh-keygen [see above] -f ./id_uftp
To authorize the key for JUDAC access, copy the public key into the correct file on JUDAC :
$ ssh user@|SYSTEM_NAME|.fz-juelich.de mkdir -p .uftp $ scp id_uftp.pub user@|SYSTEM_NAME|.fz-juelich.de:.uftp/authorized_keys
Note that similar to SSH, the
.uftp/authorized_keys can contain multiple public keys.
Usage and examples¶
The following environment variables should be defined for convenience
$ export UFTP_USER=<your_remote_user_id> $ export UFTP_AUTH_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC: $ export UFTP_KEY=$HOME/.uftp/id_uftp
UFTP_USER refers to your remote user ID at JSC.
You can specify it also on the command line with the
-u username option
Retrieve information about the remote server
$ uftp info --user $UFTP_USER--identity $UFTP_KEY $UFTP_AUTH_URL
List contents of a remote directory
$ uftp ls --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca
Download a single file to the current directory
$ uftp cp --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/test .
Download multiple files using wildcards
$ uftp cp --user $UFTP_USER --identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/testdir/* .
Uploading files using wildcards
$ uftp cp --user $UFTP_USER --identity $UFTP_KEY "/tmp/test/*" $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca
Resuming file transfer(s)
If a long-running transfer got interrupted, you can try to resume it by adding the “-R” option:
$ uftp cp -R ---user $UFTP_USER -identity $UFTP_KEY $UFTP_AUTH_URL/p/home/jusers/$UFTP_USER/jureca/testdir/* .
(be careful with this, especially in case of multithreading / file splitting)
By default, files will be shared for “anonymous” access. This will allow anyone who knows the sharing link to access the file using common HTTP tools. Shares can be limited to certain users.
First we need to set the following environment variable. On JURECA and JUWELS it is already set when loading the uftp module.
$ export UFTP_SHARE_URL=https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/share/JUDAC
List shares with
$ uftp share --user $UFTP_USER --identity $UFTP_KEY --list
To share a file with anybody
$ uftp share --user $UFTP_USER --identity $UFTP_KEY /p/home/jusers/$UFTP_USER/jureca/test
This will print the shared link on the screen. You can use
wget to download it. To restrict the access to a specific user use the
--access option. For example,
$ uftp share --user $UFTP_USER --identity $UFTP_KEY --access "CN=schuller1, OU=ssh-local-users" /p/home/jusers/$UFTP_USER/jureca/test
Note that the
CN=... part contains the remote user ID of the target user and
OU=ssh-local-users is the same for all users.