Data Transfer Service (Anonymous SSH + Rsync)
Overview
The SCI Cluster Data Transfer Service provides users with secure, controlled access to dedicated directories for uploading and downloading data via rsync over SSH.
Each user is assigned isolated directories with read-only and read–write permissions.
Access is granted through restricted SSH keys that allow only rsync commands — no interactive shell access.
How It Works
- Users connect via SSH using rsync.
- Authentication is done with pre-approved SSH public keys.
- Each key is restricted with options such as:
restrict→ disables shell and forwardingcommand="rsync --server --daemon ..."→ enforces rsync-only accessexpiry-time="YYYYMMDD"→ automatically disables expired keys
The server runs rsync in daemon mode, using a per-user configuration file that defines their data paths.
Access Model
Each user has two directories on the transfer server:
| Directory | Path | Access | Description |
|---|---|---|---|
| Read-only | /lustre/gmeteo/WORK/anonsftp/transfer/<user>/ro |
Read | Download-only area for the user |
| Read-write | /lustre/gmeteo/WORK/anonsftp/transfer/<user>/rw |
Read & Write | Upload area for incoming data |
If you need to share additional directories (outside of these default paths), please contact support — administrators must explicitly configure these in your rsync configuration file.
Access Policy
1. Request Access
To use this service, contact the SCI Support Team at
soporte@sci.unican.es
And provide:
- SSH public key you want to give access
- Desired expiry date (default: 6 months)
Upload and Download Examples
Upload data (read–write)
rsync -avP ./data/ <user>@ui.sci.unican.es::<user>-rw
Download data (read-only)
rsync -avP <user>@ui.sci.unican.es::<user>-ro ./downloads/
Security Features
- No interactive login — SSH access is strictly limited to rsync.
- Per-user configuration — completely isolated directories.
- Auto-expiring keys — access automatically revoked at expiry.
- Detailed logs stored in:
/lustre/gmeteo/WORK/anonsftp/rsyncd_log/<user>.log
Key Expiry and Renewal
Your SSH key will automatically expire on the date defined in its metadata (expiry-time).
To renew contact support with the desired expiry date.
Support
If you encounter any issues (authentication errors, permission denied, etc.), please contact:
SCI Cluster Support
soporte@sci.unican.es