Applications

Cyberduck User Guide

| Product: Cyberduck

Overview

This guide provides comprehensive instructions for deploying and using the cloudimg Cyberduck AMI on Amazon Web Services. The AMI delivers a fully preconfigured Windows Server instance with Cyberduck installed and ready to use, enabling you to manage file transfers across cloud storage services and remote servers immediately after launch.

Cyberduck is a libre file transfer client for FTP, SFTP, WebDAV, Amazon S3, Google Cloud Storage, Microsoft Azure, OpenStack Swift, Backblaze B2, and many other cloud storage protocols. It provides an intuitive graphical interface for browsing, uploading, downloading, and managing files on remote servers and cloud storage platforms.

This AMI is ideal for system administrators who need a graphical file transfer tool for managing cloud storage, developers who work with multiple storage backends, or teams that need a centralized file management workstation accessible via remote desktop. By running Cyberduck on an AWS instance, you benefit from high bandwidth connections to AWS services such as S3, reducing transfer times significantly compared to local workstation transfers.

For any issues encountered while following this guide, please contact support@cloudimg.co.uk.

Prerequisites

Before launching the Cyberduck AMI, ensure you have the following in place.

AWS Account You need an active AWS account with permissions to launch EC2 instances, manage security groups, and access the AWS Marketplace.

EC2 Key Pair Create or identify an existing EC2 key pair in the region where you plan to launch the instance. This key pair is required to decrypt the Windows Administrator password after launch.

Security Group Prepare a security group that allows inbound RDP access. The required rule is outlined below.

Protocol Type Port Description
RDP TCP 3389 Remote Desktop Access

It is strongly recommended to restrict the source IP range for RDP access to your known IP addresses or corporate CIDR blocks rather than allowing access from 0.0.0.0/0.

Remote Desktop Client Install a Remote Desktop Protocol client on your local machine. Options include Microsoft Remote Desktop (available for Windows and macOS), Remmina (Linux), or any other RDP compatible client.

Minimum Instance Requirements

Minimum CPU Minimum RAM Required Disk Space
1 vCPU 1 GB 30 GB

A t3.small or larger instance type is recommended for comfortable use. If you plan to transfer large volumes of data, consider an instance type with enhanced networking capabilities.

Step by Step Setup

Follow the steps below to launch and connect to your Cyberduck instance.

Step 1: Launch the Instance

  1. Log in to your AWS account and navigate to the AWS Marketplace.
  2. Search for the cloudimg Cyberduck AMI.
  3. Select your desired instance type (t3.small or larger is recommended).
  4. Choose your preferred region and VPC configuration.
  5. Select the EC2 key pair you created in the prerequisites.
  6. Assign the security group with RDP access on port 3389.
  7. Configure storage (30 GB minimum on the root volume).
  8. Launch the instance.

Step 2: Wait for Status Checks

After launching the instance, navigate to the EC2 console and wait for the instance to show 2/2 status checks passing. This ensures the instance has fully booted and Windows has completed its initial setup. This process typically takes between 3 and 10 minutes.

Step 3: Retrieve the Administrator Password

  1. Open the EC2 console in the AWS region where you launched the instance.
  2. Select Instances from the left navigation panel.
  3. Locate and select your newly launched instance.
  4. Click Actions at the top of the page.
  5. Navigate to Security and then select Get Windows password.
  6. Click Browse and upload the private key file (.pem) from the key pair you selected during launch.
  7. Click Decrypt password.
  8. Copy the decrypted password and store it securely. This is your Administrator password.

Step 4: Connect via Remote Desktop

  1. Open your Remote Desktop client application.
  2. Create a new connection using the public IP address of your EC2 instance (or the private IP if connecting through a VPN or from within the same VPC).
  3. Enter the following credentials when prompted:
  4. Username: Administrator
  5. Password: The decrypted value from Step 3
  6. If a certificate warning appears, click Continue to proceed. This is expected for new connections.
  7. You will be connected to the Windows Server desktop.

Step 5: Launch Cyberduck

Once connected to the desktop, locate the Cyberduck shortcut icon on the desktop and double click it to launch the application. Cyberduck is preinstalled and ready for use immediately.

Server Components

The following software components are preinstalled on this AMI.

Component Version
Cyberduck Latest

The AMI is built on Windows Server and includes the base operating system along with Cyberduck preinstalled and configured. Cyberduck supports a wide range of transfer protocols out of the box including FTP, SFTP, WebDAV, Amazon S3, Google Cloud Storage, Microsoft Azure, and OpenStack Swift.

Filesystem Layout

The instance uses a single volume configuration.

Drive Purpose Minimum Size
C:\ Operating system and application 30 GB

Key directory locations on the instance:

Path Description
C:\Program Files\Cyberduck\ Cyberduck installation directory
C:\Users\Administrator\Desktop\ Desktop with Cyberduck shortcut
C:\Users\Administrator\AppData\Roaming\Cyberduck\ User configuration and bookmarks
C:\Users\Administrator\Downloads\ Default download location for transfers

If you plan to transfer or stage large volumes of data on this instance, consider attaching an additional EBS volume through the AWS console and using it as the download destination to avoid filling the system drive.

Managing the Application

Opening Cyberduck

Double click the Cyberduck icon on the Windows desktop. The application will launch and display the main browser window where you can create new connections or select from saved bookmarks.

Connecting to Amazon S3

  1. Click Open Connection in the Cyberduck toolbar.
  2. Select Amazon S3 from the protocol dropdown.
  3. Enter your AWS Access Key ID and Secret Access Key.
  4. Click Connect to browse your S3 buckets.

For enhanced security, consider attaching an IAM role to the EC2 instance instead of using static access keys. Cyberduck can automatically use instance profile credentials when configured appropriately.

Connecting via SFTP

  1. Click Open Connection in the Cyberduck toolbar.
  2. Select SFTP (SSH File Transfer Protocol) from the protocol dropdown.
  3. Enter the server hostname, port (default 22), username, and password or SSH key.
  4. Click Connect to browse the remote filesystem.

Connecting via FTP

  1. Click Open Connection in the Cyberduck toolbar.
  2. Select FTP (File Transfer Protocol) or FTP SSL (Explicit AUTH TLS) from the protocol dropdown.
  3. Enter the server hostname, port (default 21), username, and password.
  4. Click Connect to browse the remote filesystem.

Creating Bookmarks

To save frequently used connections, create a bookmark by navigating to Bookmark then New Bookmark in the menu bar. Fill in the connection details and the bookmark will appear in the main window for quick access in future sessions.

Transferring Files

To upload files, drag and drop them from the local Windows filesystem into the Cyberduck browser window. To download files, select the files in the remote browser and choose File then Download or drag them to your local desktop or folder.

Synchronizing Directories

Cyberduck supports directory synchronization between local and remote locations. Right click on a folder in the browser and select Synchronize to compare and synchronize files in both directions.

Scripts and Logs

Cyberduck Log Files

Cyberduck generates log files that can help diagnose connection and transfer issues.

Log Location Description
C:\Users\Administrator\AppData\Roaming\Cyberduck\log\ Application and transfer logs

To enable verbose logging for troubleshooting, open Cyberduck preferences, navigate to the advanced settings, and enable debug logging. This will produce detailed output about connection attempts and transfer operations.

Windows Event Logs

For system level diagnostics, use the Windows Event Viewer. Press the Windows key, search for Event Viewer, and open it to review application and system logs.

Troubleshooting

Cannot connect via RDP

  • Verify that the instance has passed 2/2 status checks in the EC2 console.
  • Confirm that your security group allows inbound TCP traffic on port 3389 from your IP address.
  • Ensure you are using the correct public IP address. If the instance was stopped and started, the public IP may have changed unless you are using an Elastic IP.
  • Check that your local firewall or corporate network is not blocking outbound RDP connections.

Password decryption fails

  • Ensure you are uploading the correct .pem file that matches the key pair selected during instance launch.
  • The password may take up to 15 minutes to become available after the first launch. Wait and try again if the option is greyed out.

Cyberduck cannot connect to S3

  • Verify that your AWS credentials (Access Key ID and Secret Access Key) are correct.
  • If using an IAM role attached to the instance, ensure the role has the necessary S3 permissions.
  • Check that the security group allows outbound HTTPS traffic on port 443, which is required for S3 API calls.
  • If you are connecting to S3 in a specific region, ensure the correct region endpoint is configured in the connection settings.

Cyberduck cannot connect to SFTP or FTP server

  • Verify that the target server hostname and port are correct.
  • Ensure the security group on this instance allows outbound traffic on the required port (22 for SFTP, 21 for FTP).
  • Confirm that the remote server's firewall allows inbound connections from this instance's IP address.
  • For SFTP connections using key based authentication, ensure the private key file is accessible and in the correct format.

File transfers are slow

  • Check the instance type and consider upgrading to one with enhanced networking for higher throughput.
  • For S3 transfers, using an instance in the same region as the target S3 bucket will significantly improve transfer speeds.
  • Large numbers of small files transfer more slowly than fewer large files. Consider archiving small files into a single archive before transferring.

Insufficient disk space

  • Monitor the C: drive usage through Windows Explorer or the dir command in the command prompt.
  • Attach an additional EBS volume and configure Cyberduck to use it as the default download directory.
  • Clean up completed transfers from the Downloads folder regularly.

RDP session disconnects frequently

  • Check your network connection stability.
  • Adjust the RDP client settings to reduce bandwidth requirements by lowering the display quality or disabling visual effects.
  • Ensure the instance is not running out of memory, which could cause Windows to become unresponsive.

Security Recommendations

Change the Administrator Password

After your first login, change the default Administrator password to a strong, unique password. Open the Windows command prompt or PowerShell and run:

net user Administrator YourNewStrongPassword

Note that once you change the password, the original decrypted password from the AWS console will no longer be valid.

Restrict RDP Access

Limit the security group rule for port 3389 to only your specific IP addresses or a trusted CIDR range. Avoid using 0.0.0.0/0, which would expose the instance to RDP brute force attacks from the entire internet.

Use IAM Roles Instead of Access Keys

When connecting Cyberduck to Amazon S3, attach an IAM role to the EC2 instance with the necessary S3 permissions rather than storing static access keys on the server. This eliminates the risk of credential leakage and provides automatic credential rotation.

Secure Stored Credentials

If you save connection bookmarks with passwords in Cyberduck, be aware that these credentials are stored locally on the instance. Ensure that only authorized users have RDP access to the instance.

Enable Windows Firewall Rules

Review and configure the Windows Firewall to restrict inbound and outbound traffic to only what is necessary for your file transfer workflows.

Keep Software Updated

Regularly update Cyberduck and Windows Server to ensure you have the latest security patches and bug fixes. Cyberduck includes a built in update checker accessible from the application menu.

Use Encrypted Transfer Protocols

Where possible, use SFTP or FTP over TLS instead of plain FTP to ensure that credentials and file data are encrypted in transit.

Use an Elastic IP

Assign an Elastic IP to your instance to maintain a consistent IP address across stop and start cycles. This also allows you to maintain consistent firewall rules on remote servers that whitelist this instance.

Enable CloudWatch Monitoring

Configure Amazon CloudWatch to monitor your instance metrics such as CPU utilization, memory usage, and disk space. Set up alarms to notify you if resources are running low.

Support

If you encounter any issues not covered in this guide, the cloudimg support team is available to help.

  • Email: support@cloudimg.co.uk
  • Phone: (+44) 02045382725
  • Website: www.cloudimg.co.uk
  • Address: 3rd Floor, 86 90 Paul Street, London, EC2A 4NE

Support is available for any issues related to the AMI, including connectivity problems, software configuration, and general guidance on using the preconfigured environment.

When contacting support, please include your EC2 instance ID, the AWS region, and a description of the issue along with any relevant error messages or screenshots.