sftp-gcs icon indicating copy to clipboard operation
sftp-gcs copied to clipboard

Published 20 hours ago verified publisher icon kolban-google

Additional Users

Open ItsJamesMurray opened this issue 3 years ago • 1 comments

Hello! Thank you for putting this together.

I am trying to create a way for a vendor of one of my clients to send us data to our Storage Bucket. I followed the tutorial you posted on Medium and am able to get it running locally on my computer.

Two Questions:

  1. How can I create a username and password for the client? Is that something I do in sftp-gcs or do I set it up through
  2. When I end a session and then try to restart a session I get the following errors:
2021-07-13T23:10:18.423Z warn: [sftp-gcs] Unable to read /etc/ssh/ssh_host_rsa_key even though it exists.
2021-07-13T23:10:18.440Z warn: [sftp-gcs] Unable to find/access a system host key, using the application default host key.
fs.js:114
  throw err;

Any help would be appreciated -- I'm a SFTP rookie here so it is all new to me.

ItsJamesMurray avatar Jul 13 '21 23:07 ItsJamesMurray

Howdy James ... lets see if we can get you going. As always, realize that this is an OSS and is supplied fully as-is and should not be considered a Google product in any shape or form.

With that disclaimer ... the notion is that you host this sftp-gcs server either on one of your servers or on a GCP Compute Engine server. At that point, a user that you wish to have access to your GCP Cloud Storage Bucket can use an SFTP client to connect to this sftp-gcs server which will in turn act as a proxy to access the GCP Cloud Storage Bucket. There are two sets of identities in play here:

First there is the identity that your sftp client user will use to connect to the sftp-gcs server. You can either use shared SSH keys or you can specify a fixed userid/password pair. The sftp client user will then use one of those techniques to access the sftp-gcs server from their sftp client.

Once the end user has their sftp client connected to the sftp-gcs server, the next puzzle is what the connection between sftp-gcs and Google Cloud Storage looks like. This can be supplied either through the GOOGLE_APPLICATION_CREDENTIALS environment variable or through the --service-account-key-file parameter. This identities a single user that the sftp-gcs server presents itself as to Google Cloud Storage.

Let's see how this answer sits and post back as we pick up steam.

kolban-google avatar Jul 14 '21 00:07 kolban-google