minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-28 19:42:10 +03:00
Code Activity

Minor fixes for several smaller issues (#1380)

Browse Source 
- Adds missing config settings throughout storage class page.
    
  Closes #1349
    
- Adds instructions for adding certificates for connecting by sftp.
    
  Closes #1354
    
- Corrects information about which key to use for self-signed CAs.
    
  Closes #1358
    
- Moves `context` to optional for batch key rotate jobs.
    
  Closes #1356

- clean up missing ref links causing build warnings.
This commit is contained in:
Daryl White
2024-12-04 11:17:52 -05:00
committed by GitHub
parent 774f4d570b
commit cfaedc843c
6 changed files with 62 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
source/includes/linux/file-transfer-protocol-not-k8s.rst
View File

@ -273,6 +273,52 @@ Once the MinIO Server verifies the client's certificate, the user can connect to
sftp -P <SFTP port> <server IP>
Procedure
+++++++++
The following procedure generates two key-value pairs, signs one with the other, then uses the resulting signed key to log in to the SFTP server.
1. Generate a key-value pair for the MinIO Server
.. code-block:: bash
:class: copyable
ssh-keygen -f ./ca_user_key
2. Generate a key-value pair for the user
.. code-block:: bash
:class: copyable
ssh-keygen -f ./minioadmin
Replace ``minioadmin`` with the user accessing the MinIO Server by SFTP.
3. Sign the user key-value pair key with the MinIO Server key-value pair key
.. code-block:: bash
:class: copyable
ssh-keygen -s ca_user_key -I minioadmin -n minioadmin -V +30d -z 1 minioadmin.pub
Move the ``minioadmin.pub`` key to the same directory as ``minioadmin`` key-value pair, such as ``~/.ssh/meaningful-directory``.
4. Start or restart the MinIO Server passing the generated public keys
.. code-block:: bash
:class: copyable
minio server --sftp="address=:8022" --sftp="ssh-private-key=/path/to/ca_user_key" --sftp="trusted-user-ca-key=/path/to/ca_user_key.pub"
5. Connect to the MinIO Server by sftp
.. code-block:: bash
:class: copyable
sftp -i ./minioadmin -oPort=8022 minioadmin@localhost
Require service account or LDAP for authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~