Changes from Partner FTP
Why the change from FTP from SFTP?
The File Transfer Protocol (FTP) has long been a convenient mechanism for transferring files over a network. Over the past few years, several web browsers, notably Google Chrome and Mozilla Firefox, made decisions to end support for FTP due to low usage, bugs, and more importantly security issues. Additionally we are starting to see instances of partners blocking FTP traversal across their firewalls according to their Enterprise Security Standards.
To bring the service in line with industry standards the Partner FTP content repository is migrating to SFTP which allows for authenticated and encrypted protection of Red Hat Pre-GA content that is being shared with our Partners. The Partner SFTP content repository uses username + key based authentication to secure access. The username is chosen by the partner (required for enabling) and the public key is managed by the partner via the SFTP key management interface (accessible once enabled).
When will FTP cease operation?
The Partner FTP service is scheduled to cease operation at the end of Q2'23 (June 30 2023).
Has there been any change to the directory structure?
Yes. The way the SFTP service had to be structured required dropping the first level directory (1c5d859a) placing the partner specific cryptic hash directory in the root (/). The original Partner FTP directory structure is actually two levels deep:
/1c5d859a/your-partner-directory-hash-here
On the original FTP service the root (/) and first level directory (/1c5d859a) are blind meaning a listing returns no results. It is only after changing into the partner specific cryptic hash directory that a listing returns any results (all the pre-ga content). This “blind” directory approach along with a cryptic hashed first level and partner specific directories is how Red Hat has historically “protected” the repository content. It is security through obscurity (the cryptic hashes) which does not adhere to enterprise security standards and necessitated moving to authenticated SFTP.
Last updated