The Luna HSM Client software includes the pscp utility, used to securely move updates and certificates and other files from a source computer onto the Luna Network HSM appliance, or to move appliance certificates or log files out to a client computer.
NOTE For Linux/UNIX-based operating systems, you can also use the standard scp utility, with the same syntax described for pscp.
All packages from Thales are signed and encrypted and come with an authorization code (authcode) that must be provided to decrypt and use the package.
Client to appliance
pscp [options] [<user>@]<host/IP>:<source> <target>
Appliance to client
pscp [options] <source> [<source>...] [<user>@]<host/IP>:<target>
List files on the appliance
pscp [options] -ls <user>@<host/IP>:<file_path>
NOTE When using scp or pscp over an IPv6 network, enclose addresses in square brackets.
|-p||Preserve file attributes.|
|-q||Quiet -- do not show statistics.|
|-r||Copy directories recursively.|
|-S <path_to_SSH>||Specify the location of SSH.|
|-v||Show verbose messages.|
|-P <port>||Connect to the specified port.|
|-pw <password>||Login with specified password.|
|-unsafe||Allow server-side wildcards (dangerous).|
The following examples illustrate how to transfer files from a Luna HSM Client to a Luna Network HSM, and from a Luna Network HSM to a Luna HSM Client.
Transferring a file from a Luna HSM Client to a Luna Network HSM
/usr/safenet/lunaclient/bin/>scp test-file.txt admin@myluna: admin@myluna's password: ******** test-file.txt | 0 kB | 0.1 kB/s | ETA: 00:00:00 | 100% /usr/safenet/lunaclient/bin/>
The colon is required. Type nothing after the colon when moving files onto
the Luna Network HSM appliance. All files that are pscp’d to the appliance go
to a predetermined directory, which you cannot change (for security reasons).
While it is possible to change the filename during pscp (by typing a new
filename after the colon in the pscp command), this is not recommended,
since most operations expect certain filenames and can fail if those are
/usr/safenet/lunaclient/bin/>pscp test-file.txt admin@myluna:different-file.txt admin@myluna's password: ******** test-file.txt | 0 kB | 0.1 kB/s | ETA: 00:00:00 | 100% /usr/safenet/lunaclient/>
If the arriving file carries an unexpected name, it might not be handled correctly by subsequent commands.
If you have SSH located in a non-standard (UNIX) location, launch the pscp command with the "-S" option (that's an uppercase "S"), followed by the path to SSH, before supplying the paths to the source and target files, like:
pscp -S /usr/bin/ssh <source file> <dest file>
Transferring a file from a Luna Network HSM to a Luna HSM Client
bash-2.05# pscp admin@myLuna3:server.pem . admin@myLuna3's password: ********* server.pem 100% |*******************************************************| 928 00:0
Note the dot (.) at the end of the command, denoting “place the resulting file in the current directory”.