Installing IBM Aspera Proxy

To install IBM Aspera Proxy, log into your computer as root, and follow the steps below.

  1. Download the Aspera product installer from the Aspera download site.
    Use the credentials Aspera has provided to your organization to access:
    http://downloads.asperasoft.com/en/downloads/42

    If you need help determining your access credentials, contact your Aspera account manager.

  2. Launch the installer by running the following commands with root privileges:

    RPM

    # rpm -Uvh ibm-aspera-proxy-version.rpm 
    For upgrades, use -U instead of -i. -U is the same except that it removes all other versions of the package after the new one is installed.

    DEB

    # dpkg -i aspera-proxy-version.deb
    For upgrades, see your system's man page or other documentation for dpkg.

    This starts the IBM Aspera Proxy daemon and makes adjustments to the iptables system settings.

  3. Install the license.
    In a terminal window, create the following file. Open the file with a text editor and paste your license key string into it:
    /opt/aspera/proxy/etc/aspera-license

    If you’re updating an existing license, open the file and replace the existing license string with a new one.

    Save and close the file, then run the following command to verify the installed version is correct:

    # ascp -A
  4. Review or update OpenSSH authentication methods.
    Open your SSH server configuration file with a text editor:
    /etc/ssh/sshd_config

    To allow public key authentication, set PubkeyAuthentication to yes. If you also plan to allow password authentication, which is less secure than keys, set PasswordAuthentication to yes:

    ...
    PubkeyAuthentication yes
    PasswordAuthentication yes
    ...
    Note: For information about security options with Aspera products, see Appendix: Securing Your SSH Server.

    Save and close the file, then run one of the following commands to restart SSH.

    Note: Depending on the Linux type and version, your system's restart procedure uses either init or systemd. To determine which of these your system uses, you can run either or both the following:
    $ ps -C systemd
    $ ps -C init
    If the output reports that there are systemd processes, use the systemctl command. If no systemd processes are reported, you can generally assume the system uses init. (Although the above command for init searched for init, a return of init may be misleading if it's actually a symlink to systemd.)

    systemd

    # systemctl sshd restart 

    init

    # service ssh restart 
  5. Generate a new self-signed certificate.
    Self-signed certificates that use an IP address instead of a hostname can no longer be used. For security reasons, if the Proxy server uses the self-signed certificates that were generated during installation, transfers through forward proxy are now refused, because these certificates do not include the hostname. Also, if you are upgrading from a previous version of Proxy, your client certificates may be using an IP address instead of the hostname.

    To generate a new certificate and key that includes the hostname, run the following command on the Proxy server:

    # /opt/aspera/proxy/bin/generate-cert.sh hostname

    This command replaces the existing aspera_server_cert.pem in the Proxy installation with a new certificate that includes the hostname.