Connect to SFTP server
Moderator: Project members
-
- 504 Command not implemented
- Posts: 8
- Joined: 2011-02-23 16:38
Connect to SFTP server
I am using 3.3.4.1 portable version of filezilla client.
I am trying to understand connection process to a SFTP server, already set up and running.
If I connect from filezilla to an SFTP server on port 22, I get the fingerprint warning
Unknown host key
The server's host key is unknown. You have no guarantee that the server is the computer you think it is.
Host: ...
Fingerprint: ...
Trust this host and carry on connecting?
Always trust this host, add this key to the cache
Digging into Filezilla options, I notice that I can add private keys under SFTP node.
Is it related to the warning ?
Which keys should I add here ?
Who is supposed to send me these keys ?
Adding correct keys, will suppress warning ?
In general, does SFTP client need certificates/keys as well as password ?
Thanks, I am a bit confused
I am trying to understand connection process to a SFTP server, already set up and running.
If I connect from filezilla to an SFTP server on port 22, I get the fingerprint warning
Unknown host key
The server's host key is unknown. You have no guarantee that the server is the computer you think it is.
Host: ...
Fingerprint: ...
Trust this host and carry on connecting?
Always trust this host, add this key to the cache
Digging into Filezilla options, I notice that I can add private keys under SFTP node.
Is it related to the warning ?
Which keys should I add here ?
Who is supposed to send me these keys ?
Adding correct keys, will suppress warning ?
In general, does SFTP client need certificates/keys as well as password ?
Thanks, I am a bit confused
Re: Connect to SFTP server
No, not related to this warning.Digging into Filezilla options, I notice that I can add private keys under SFTP node.
Is it related to the warning ?
All SFTP sessions are encrypted and authenticated by the server's host key. If the host key is unknown, then you have no guarantee that you really are connecting to the correct server. Please contact your server administrator over a secure channel so that he can tell you the host key so that you can compare it against what FileZilla thinks it is connecting to.
If they match, all fine and dandy. If they mismatch, you're being the victim of an active attacker intercepting all your connections.
-
- 504 Command not implemented
- Posts: 8
- Joined: 2011-02-23 16:38
Re: Connect to SFTP server
Hi botg thx for reply.
I use freeftpd as sftp server and it generates 2 keyfile privatekey.rsa and privatekey.dsa. I opened them and the content is something like that:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCu+Mt8xP2u4FvXf6vxxZ9ertjJ4fih+02KOowoqkpXb8BVgvAC
UCTOcOrxDIuDNyQTsUgzMhH6TlxpRcCKsC54IcFxUNapIv/WvDk+SeDxdmPYj7If
eq6HixXMMXnOsPY
.....
-----END RSA PRIVATE KEY-----
what am I supposed to do with that files ?
If I try to import into filezilla those file (settings-->SFTP -->filezilla converts them into its format) and try to connect to SFTP server, I get warning connection anyway.
Is there a client authentication process (certificate, key ..), beyond password ?
Thanks, links to read also welcome.
I use freeftpd as sftp server and it generates 2 keyfile privatekey.rsa and privatekey.dsa. I opened them and the content is something like that:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCu+Mt8xP2u4FvXf6vxxZ9ertjJ4fih+02KOowoqkpXb8BVgvAC
UCTOcOrxDIuDNyQTsUgzMhH6TlxpRcCKsC54IcFxUNapIv/WvDk+SeDxdmPYj7If
eq6HixXMMXnOsPY
.....
-----END RSA PRIVATE KEY-----
what am I supposed to do with that files ?
If I try to import into filezilla those file (settings-->SFTP -->filezilla converts them into its format) and try to connect to SFTP server, I get warning connection anyway.
Is there a client authentication process (certificate, key ..), beyond password ?
Thanks, links to read also welcome.
Re: Connect to SFTP server
Nothing will prevent that warning dialog. FileZilla will never blindly trust anything (certificates, server keys, ...) but always ask the user for confirmation.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 8
- Joined: 2011-02-23 16:38
Re: Connect to SFTP server
Ok, I see.boco wrote:Nothing will prevent that warning dialog. FileZilla will never blindly trust anything (certificates, server keys, ...) but always ask the user for confirmation.
Can you help me to implement public key authentication through freeftpd sftp server and filezilla ftp client ? If I understand correctly, it is possible to import public or private key into client and log on without a password .. but I cannot find howto to do this.
Pls help.
Thanks.
Re: Connect to SFTP server
You should generate a new key ASAP. Publishing the private key, or even parts of it, it's the equivalent of broadcasting the combination to your safe on national television.joker197cinque wrote:-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCu+Mt8xP2u4FvXf6vxxZ9ertjJ4fih+02KOowoqkpXb8BVgvAC
UCTOcOrxDIuDNyQTsUgzMhH6TlxpRcCKsC54IcFxUNapIv/WvDk+SeDxdmPYj7If
eq6HixXMMXnOsPY
.....
-----END RSA PRIVATE KEY-----
-
- 504 Command not implemented
- Posts: 8
- Joined: 2011-02-23 16:38
Re: Connect to SFTP server
Hi botg, don't worry I randomly changed some letters/casebotg wrote:You should generate a new key ASAP. Publishing the private key, or even parts of it, it's the equivalent of broadcasting the combination to your safe on national television.joker197cinque wrote:-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCu+Mt8xP2u4FvXf6vxxZ9ertjJ4fih+02KOowoqkpXb8BVgvAC
UCTOcOrxDIuDNyQTsUgzMhH6TlxpRcCKsC54IcFxUNapIv/WvDk+SeDxdmPYj7If
eq6HixXMMXnOsPY
.....
-----END RSA PRIVATE KEY-----
Any help appreciated.
Re: Connect to SFTP server
Changing some letters is not enough. You still have published a significant portion of the key, compromising the security of your server.
-
- 504 Command not implemented
- Posts: 8
- Joined: 2011-02-23 16:38
Re: Connect to SFTP server
Thanks for your effort in helping me, actually it is not a server on the internet but a local client on which I am testing a ftp demo server.botg wrote:Changing some letters is not enough. You still have published a significant portion of the key, compromising the security of your server.
When we will be ready to start we'll generate new key pair for the real exposed on the internet server.
Thanks.
Re: Connect to SFTP server
But...can't you get the private key from somewhere and enter it is FileZilla settings somewhere?boco wrote:Nothing will prevent that warning dialog. FileZilla will never blindly trust anything (certificates, server keys, ...) but always ask the user for confirmation.
Re: Connect to SFTP server
If you feel the urge of replying to a seven year-old topic, at least read it. The private key is never handed out by the server (hence the name "private"). If it becomes known publicly, then it is compromised.
[s]All FileZilla stores is the public key (which can only verify authenticity). It might be possible to inject a public key into the trustedcerts.xml (no idea, I'm not the dev), if you know the syntax used. But it hard to do it automatically.[/s]
[s]All FileZilla stores is the public key (which can only verify authenticity). It might be possible to inject a public key into the trustedcerts.xml (no idea, I'm not the dev), if you know the syntax used. But it hard to do it automatically.[/s]
Last edited by boco on 2018-02-05 17:13, edited 1 time in total.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Connect to SFTP server
trustedcerts.xml has nothing to do with SFTP keypairs. It's for protocols such as FTP over TLS that use certificates.
-
- 500 Command not understood
- Posts: 3
- Joined: 2018-02-22 13:48
- First name: Eddie
- Last name: Stephenson
Re: Connect to SFTP server
I also tried to connect to a SFTP Server...without any luck...
i want do backup my managed wordpress sites from godaddy and download the files to my desktop via FTP.
When i try to connect with filezilla i get a "Proxy error: 403 Forbidden".
i want do backup my managed wordpress sites from godaddy and download the files to my desktop via FTP.
When i try to connect with filezilla i get a "Proxy error: 403 Forbidden".