SFTP Access
This page covers the operator's side of authorising someone outside the appliance — a vendor, a customer admin, or an on-call support engineer — to drop files into the appliance over SFTP. The screen described here is SFTP Access in the operator TUI.
Access here authorises file delivery only, whether the remote party connects with their own SSH key or with the appliance's SFTP password. Neither grants a shell on the appliance — that is a separate concern handled by the SSH Access screen.
When you need this
SFTP access is the answer when a file needs to land on the appliance and a USB stick is not practical. Two recurring situations:
- A vendor needs to deliver an update bundle remotely. Pulse support has built a new system tarball and signed it, and the operator does not want to drive to the plant to plug in a USB drive. Authorising the vendor's public key here lets them SFTP the bundle into the exchange directory; the operator then picks it up from the Update System screen.
- A customer wants to push their own TLS certificate. The customer's CA has issued a fresh certificate and key pair for the appliance's web interface, and the customer would rather upload it over the network than walk a USB drive to the rack. Authorising their key here lets them SFTP the PEM files into the exchange directory; the operator installs them from the TLS Certificates screen.
In both cases the authorised party never gets a shell — they can only put files into the exchange directory. The TUI is the boundary that decides what to do with those files.
Password login
Not every remote party has an SSH key, and setting one up just for a single delivery is often more effort than it is worth. For those cases the appliance also accepts a password, which works with any graphical SFTP client — FileZilla, WinSCP, Cyberduck, and the like.
The appliance generates its own SFTP password on first boot and shows it at the top of the SFTP Access screen, under Password login (any SFTP client):
- Host — the appliance's IP address.
- Port —
22. - Username —
pulse-transfer. - Password — shown as five groups of four characters (
xxxx-xxxx-xxxx-xxxx-xxxx), readable straight off the console.
Pass these four values to the remote party over a channel you trust and they can connect right away — no key exchange needed. The session is restricted exactly as it is for key access: chrooted to the exchange directory, with no shell and no forwarding.
There is one password per appliance, shared by everyone who logs in this way — that is the trade-off against keys. A key identifies one party and can be revoked on its own; the password is a single shared secret. Prefer keys when you need to authorise several parties independently, and reach for the password when you just need one delivery to happen quickly.
Regenerating the password
Press g to generate a fresh password. If one already exists the TUI asks you to confirm first, because the current password stops working the moment a new one is generated — every client using it, including your own, must be updated with the new value. On success the screen returns to the list with SFTP password regenerated. and the new password on display.
Regenerate once a delivery is finished, or any time you suspect the password has spread further than intended.
Adding a key
The screen lists the currently authorised keys below the password panel, with the keystroke row at the bottom showing what is available:
a add key (paste) • u add from USB • d remove • g regenerate password • esc backThere are two ways to add a key. Pick whichever fits the workflow — the result is identical.
Paste the key directly
Press a. A text field appears with the placeholder ssh-ed25519 AAAA... user@host.
- Ask the remote party for their SSH public key. It is the contents of a
.pubfile — a single line that starts with the algorithm name (ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256), then the base64-encoded key material, then an optional comment such asalice@vendor.com. - Paste the whole line into the field. The terminal must support paste — most modern terminal emulators do, and on the appliance console you typically paste with
Ctrl-Shift-Vor by middle-clicking, depending on the terminal. - Press
Enterto confirm. The TUI validates the line withssh-keygen. If the key is malformed, a red error appears below the field and nothing is added — fix it and try again. If the key is already on the list, the TUI refuses with the existing fingerprint so you know which entry to look at. - On success the screen returns to the list, the new key appears with its SHA256 fingerprint and comment, and a green status line confirms
Key added: SHA256:....
Press Esc to cancel without adding anything.
Pick a .pub file from a USB drive
Press u. The TUI scans the mounted USB drive for files ending in .pub and shows a picker.
- Plug a USB stick that contains the remote party's
.pubfile into the appliance. The TUI mounts the drive automatically at/mnt/usb. - Back on the SFTP Access screen, press
u. If no.pubfiles are found, the screen returns to the list with a redno .pub files found on USB drivemessage — copy the file to the USB drive's root and try again. - Move the highlight with the arrow keys (or
j/k) to the right file and pressEnter. The TUI reads the file, validates it, and adds the key. - As with paste, the screen returns to the list on success with a green confirmation and the new fingerprint.
Press Esc at any point to back out without adding a key.
The USB picker is the right path when the customer has handed you a thumb drive in person, or when the key was emailed as an attachment and saved to a stick rather than copied to the clipboard.
Listing and removing keys
The main view lists every authorised key, one per line. Each entry shows the SHA256 fingerprint and the key's comment field — usually an email address or a host identifier like alice@vendor.com. Use the fingerprint to identify which key is which when several look similar; the comment alone is not authoritative because anyone can put any text there.
To remove a key:
- Move the highlight with
↑/↓(ork/j) until the row you want to remove is selected. - Press
d. A confirmation prompt appears showing the fingerprint and comment of the key about to be removed. - Press
yto confirm orn(orEsc) to cancel.
On confirmation the key is rewritten out of the appliance's authorized_keys file and the screen returns to the list with Key removed. The removal takes effect immediately — any open SFTP session the holder of that key already has remains connected until they disconnect, but they cannot start a new one.
What the authorised party can do
Both authentication methods — an authorised key or the password — reach a single SFTP user: the pulse-transfer principal. That user is chrooted to the appliance's exchange directory, has no shell, and AllowTcpForwarding, X11Forwarding, and PermitTunnel are all off. In effect anyone who authenticates can:
- Connect over SFTP (port 22, username
pulse-transfer). - Put files into the exchange directory's
uploads/subtree. - Get files from the
downloads/subtree (used for files the appliance stages for download, such as backup archives and a generated CSR). - Not log in to an interactive shell.
- Not start a TCP forward, X11 session, or tunnel.
Operator-level shell access — for support engineers troubleshooting the appliance itself — is managed separately on the SSH Access screen. The two screens are independent: authorising a key here does not grant shell access, and authorising one there does not grant SFTP upload rights.
Where the files land
Files uploaded via SFTP land in /var/pulse-exchange/uploads/, organised into subdirectories by kind: updates/ for system update bundles and certificates/ for TLS PEM files. The exact paths are part of the SFTP user's chroot view — the remote party sees them at the root of their session.
The operator does not consume those files from this screen. Instead:
- Update System offers an SFTP Upload source that lists the bundles staged under
uploads/updates/and lets you select one to apply. - TLS Certificates offers a From SFTP exchange source that lists the PEM files staged under
uploads/certificates/and lets you pick a certificate/key pair to install.
A weekly cleanup timer removes files older than seven days from the exchange directory, so an upload that has been sitting around for a while will eventually be reaped. If something needs to stick around longer than that, consume it from the relevant TUI screen first.
Related screens
- SSH Access — manages operator-level shell access. Separate principal, separate key list.
- TUI Reference — the full menu, including the SFTP-source options on Update System and TLS Certificates.
- Installation — first-boot setup, where the appliance is provisioned but no SFTP keys are configured yet.