Announcement

Collapse
No announcement yet.

SFTP: how do I connect with a key pair only?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • spetrie
    replied
    I have managed to connect to servers via private key authentication, but you have to ensure that you don't check the Anonymous login box. Enter your username and leave the password blank. Check the save password box.
    When you now login the system authenticates with your username and public / private key. (You don't need to enter your password)

    This is similar to tunnelier, you need a username but no password.
    I am connecting to an OppenSSh 3.8 server

    Leave a comment:


  • Zoë
    replied
    I've added supporting pageant to our wishlist.

    Leave a comment:


  • muhqu
    replied
    Any chance to get ssh-agent support á la PuTTY Agent? ...as it currently seems to be not working.

    I know, pageant support is just a "nice to have" as configuring a private key works for 99% of cases.

    Leave a comment:


  • jdmarch
    replied
    Thanks, Chris. That's quite straightforward and worked fine.

    FWIW, my confusion came from not realizing that there was a separate FTP Profile dialog (I was wondering what "Authentication Tab" Marjolein was referring to! When I originally looked at the Profile dropdown, my hasty impression was that this was only a list of URLs.

    I realize that the help system is still very much in progress, so this is probably a redundant suggestion, but I suggest that the FTP tab of the Browse dialog have a help page which explicitly says to use the Profile dropdown (or its successor) to configure an SSH keyfile and for other advanced FTP configuration options.

    Leave a comment:


  • Chris
    replied
    Jonathan,

    It looks like Cirrus is prompting for a password when it doesn't need one because it is already authorized by the private key.

    Here are the steps I used to connect to an SFTP server running OpenSSH 3.9p1 on Redhat Enterprise Linux 4:

    In Tools|FTP Profiles, go to the Authentication tab.
    For private key file, browse to the private key file.
    Enter the passphrase for the private key file. (I generated this on my test server using the "ssh-keygen" command)
    Connect to the SFTP server using a path of the form "sftp://[email protected]/".
    You will get a password prompt, but you can leave it blank. Checking the "save password" box with the blank password will prevent you from being prompted again.

    The above steps worked for me on the RHEL4 test system. Please let me know if they work for you.

    I'll also add the password prompting when using private key authentication to our bug list to be fixed.

    Leave a comment:


  • jdmarch
    replied
    Thanks, Chris.

    Leave a comment:


  • Chris
    replied
    Jonathan,

    Thanks for posting about the public/private key problem. I'll try to get this setup on one of our test servers and let you know what I figure out.

    Leave a comment:


  • jdmarch
    replied
    I'm in a similar conundrum. Over 3 years ago I set up a public/private key pair for accessing a particular FTP site. I load the private key into putty\pageant, then, using another FTP client (Total Commander with SFTP plugin), just open the site on port 22, giving a user name but no password or pass phrase AFAICT.

    When I try to open this site in Cirrus, it wants a password.

    What am I missing or perhaps forgetting? (I have not thought about this since setting it up 3+ years ago, so perhaps there's another configuration step that I did with the other FTP client which I'm neglecting in Cirrus?)

    Thanks.

    Leave a comment:


  • Marjolein Katsma
    replied
    I'm in but...

    Update: main user of the server where I need to upload is almost as unfamiliar with the process as I am - at least in giving others access to where he normally is the only one with access (this is an emergency solution...). So it turns out I did need a user name after all.

    Once I entered that in Tunnelier (leaving it set to "Initial method" public key - slot 1) I could connect - files are uploading now. Once that's finished I'll still need Cirrus to do some work on the server though.

    Originally posted by Aaron View Post
    I'm going to dive into this issue (find/make an ftp with pass keys and test this scenario), but first I'll let you know the intended behavior:

    The ftp should have your public key already, so we do not need it. The pair comes from you having the private key browsed and selected. Edit: A way to paraphrase that is, you keep your private key private, and give out the public key to anyone who needs it/you to connect to them.

    Then type in your passphrase and close the dialog/save. You do not want to click create, because that will overwrite your files with a new key. That is probably why it is not working.
    That's the first thing that's confusing: with the way the "Create" and passphrase are arranged (right next to each other and in the same panel) it looks as if you have to press the button to complete the 'SSH Public Key authentication' process.

    Originally posted by Aaron View Post
    When the ftp connects, you shouldn't need to enter a password. Does this work for you?
    Withe username added now, it did prompt me for password when connecting - but since I cannot specify an "Initial method" as with Tunnelier, I doubt it's using the SSH keys at all?
    Edit: I think it should not be prompting for a password at all - private key+passphrase + username should be sufficient, and that's how it works in other programs.

    Originally posted by Aaron View Post
    We can address the other issues (server specific settings, etc) after we get this transfer working
    Basically it's working now - but I'm worried that it's not using the key pair at all, let alone "initially".

    Remaining problems:
    • Confusing dialog (visually) mixing up "importing" and "creating" key pairs
    • No way to actually "import" keys (as Tunnelier is doing) so different key pairs can be selected for different connections / servers: it seems as if Cirrus just uses a (single) pointer to the location of the keys
    • No way to specify "initial method" of authentication (and as far as I know authentication with *only* key pair should also be possible but I cannot test that now)

    It might not be a bad idea to have a look at how Tunnelier handles this.

    Aren't you glad we're having a bit of an emergency?

    (I'll be out most of the day - while Tunnelier continues uploading - will check back when I return.)
    Last edited by Marjolein Katsma; 16-Nov-2007, 05:08 PM. Reason: adding new insight

    Leave a comment:


  • Aaron
    replied
    Don't need to create

    I'm going to dive into this issue (find/make an ftp with pass keys and test this scenario), but first I'll let you know the intended behavior:

    The ftp should have your public key already, so we do not need it. The pair comes from you having the private key browsed and selected. Edit: A way to paraphrase that is, you keep your private key private, and give out the public key to anyone who needs it/you to connect to them.

    Then type in your passphrase and close the dialog/save. You do not want to click create, because that will overwrite your files with a new key. That is probably why it is not working.

    When the ftp connects, you shouldn't need to enter a password. Does this work for you?

    We can address the other issues (server specific settings, etc) after we get this transfer working
    Last edited by Aaron; 15-Nov-2007, 04:10 PM. Reason: describing the key pair

    Leave a comment:


  • SFTP: how do I connect with a key pair only?

    I wish this were for testing only, but I'm in a situation where I need BC/Cirrus badly to create a mirror of a site - I've pulled the files content successfully (very! and efficiently, too! ) with Cirrus but the target server will allow only access by key pair.

    Trying to set this up with Cirrus (having downloaded all content to my local machine) I'm running into two problems setting up a session to connect to the target site:
    • First of all, I need to set up the FTP profile. I have been given a private + public key pair, plus a pass phrase. Now, apparently, I need to go to the Authentication tab. Here I run into the first problem: it tells me "These settings are used for all profiles". That's a problem, of course, because the key pair I've been give to use is exclusive to the target server - I will need different ones for different servers.
      Ignoring that for a moment, I try to browse to my private key file, then enter the pass phrase, and hit the Create keys button. I then get a dialog "Generate SSH Key Pair" where I have to again enter the same pass phrase, again browse to my private key file (<name>) - and it then automatically seems to find the public key file I've been given (<name>.pub). Now that's extremely confusing: why would I need to browse to the private key file, and enter the ass phrase, twice? At this point I already am not confident this will work...
    • Now I go and set up a session, where for "right folder" I hit a browse button again, and in the Browse for folder - right side" dialog enter the host name and starting directory, and then try "Connect and Browse" - which doesn't work. I've tried with "Anonymous login" checked and unchecked - but neither works and I see no way to specify that I want (need) to connect authenticating by key pair only, no user name / password at all.


    Needless to say, when I try to connect with the session just created, I'm not getting anywhere.

    So am I missing something in this for me unfamiliar process or is this just not possible with Cirrus? In the latter case, I would suggest to make it a possibility at least. I was hoping Cirrus would make tunneling via Tunnelier unnecessary but it doesn't seem to be there yet...

    I'll see what I can do with Tunnelier + Cirrus (or even BC2), but please either explain what I'm missing, or consider extending SFTP so key pair authentication is not only possible, but (optionally) server-specific!
Working...
X