We have set up an SFTP server on AWS Transfer Family using the **Service-managed Identity Provider**, but it only supports SSH key-based authentication. Now, we need to migrate our on-prem SFTP server usernames and passwords to AWS. ### Questions: 1. **How can we configure password-based authentication** on our existing AWS Transfer Family SFTP server? 2. **Do we need to manually set up usernames and passwords** after configuring a custom identity provider? Please provide guidance on implementing this.

New user sign up using AWS Builder ID

New user sign up using AWS Builder ID is currently unavailable on re:Post. To sign up, please use the AWS Management Console instead.

AWS Transfer Family SFTP

We have set up an SFTP server on AWS Transfer Family using the Service-managed Identity Provider, but it only supports SSH key-based authentication. Now, we need to migrate our on-prem SFTP server usernames and passwords to AWS.

Questions:

How can we configure password-based authentication on our existing AWS Transfer Family SFTP server?
Do we need to manually set up usernames and passwords after configuring a custom identity provider?

Please provide guidance on implementing this.

Topics

Migration & Modernization

Tags

AWS Transfer for SFTP AWS Transfer Family

Language

English

vishnu

asked 11 days ago31 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

You can change the authentication method for the server in the console, under the identity provider settings. You can choose "password OR public key" to be able to support password-based authentication for users needing it but use SSH keys for users able to use them.

With a custom identity provider, the users are exclusively configured in that external identity provider, such as in the DynamoDB table that the AWS-provided, Lambda-based custom identity provider uses to store user data.

EXPERT

Leo K

answered 11 days ago

EXPERT

Gary Mclean

reviewed 11 days ago

vishnu
11 days ago

So, we don't need to recreate the server for these changes, correct? Also, can we use both the SSH key and password by editing the identity provider settings?

Lastly, do we need to manually create the usernames and passwords, or is there another way to migrate the on-prem SFTP server user details to AWS?
Leo K EXPERT
11 days ago

Yes, you should be able to change the authentication method selection without recreating the server. 2. With a custom identity provider (IdP), the passwords will be up to the IdP to manage. Typically, the answer to your question would be yes: you would generate random passwords for the users and set them in the DynamoDB table behind the custom IdP, but it's also possible to use some existing passwords or to integrate with an existing AD or other backend to use existing credentials for users.
rePost-User-8149119 EXPERT
10 days ago
Agreed with what's been said above except you would need to recreate the server to change the IdP type.

Relevant content

Enabling Password Based Authentication on Existing Transfer Family 'Service managed' SFTP Server
Adheeb
asked 10 months ago
AWS Transfer Family SFTP
Niren
asked 9 months ago
AWS Transfer Family SFTP server vs SFTP connector
AWS-User-0624041
asked 5 months ago
What type of endpoint is appropriate for my Transfer Family server?
AWS OFFICIALUpdated 2 months ago
How can I use a Lambda-backed API as the custom identity provider for my Transfer Family server without using CloudFormation?
AWS OFFICIALUpdated 3 years ago
How do I turn on Elastic IP addresses on my Transfer Family SFTP-activated server endpoint with a custom listener port?
AWS OFFICIALUpdated 2 months ago
How do I configure my Transfer Family server to use an Amazon EFS file system that's in another AWS account?
AWS OFFICIALUpdated 7 months ago
AWS Transfer Family announces an alternate port for SFTP servers
EXPERT
rePost-User-8149119
published a year ago
AWS Transfer Family announces multiple methods to authenticate SFTP users
EXPERT
rePost-User-8149119
published a year ago