Page 1 of 1

Key file logon type prompts for password all of a sudden

Posted: 2019-03-14 21:48
by htm1
I've been using a key file with FileZilla to avoid having to enter a password. All of a sudden, I am prompted for a password every time I try to logon even though I'm still using a key file and the Logon Type is still set to Key File. I just upgraded to Mojave on Mac so I'm wondering if that has something to do with it. Any ideas?

Re: Key file logon type prompts for password all of a sudden

Posted: 2019-03-20 00:07
by htm1
I thought this was a Mojave issue but it doesn't look like it. FileZilla prompts for the key password every time I launch the app and connect. Why is that? It's not saved in the Keychain.

Re: Key file logon type prompts for password all of a sudden

Posted: 2019-03-20 08:12
by botg
FileZilla only asks for a key file password if the file is encrypted. Try inspecting your key file with ssh-keygen, removing any password if needed.

Re: Key file logon type prompts for password all of a sudden

Posted: 2019-03-20 18:16
by htm1
I believe I imported a key and FileZilla seems to have converted it to a .ppk file. FileZilla prompts for a password when you do this so I cannot remove the password on the keyfile. ssh-keygen doesn't work on the ppk file.

This behavior was not present before upgrading to Mojave. On El Capitan the keyfile just logged me in without a prompt. The whole reason I went with a key was so I didn't have to save or type a password. The way this works, I might as well just have FileZilla save a password for each site. Is there anyway around this?

I added the keyfile's password to the keychain using this:

ssh-add -K ~/.ssh/id_rsa

That works for ssh and persists after reboot. I can ssh into my server in terminal and not get prompted for a password, and if I do that first I can use FileZilla without being prompted for a password. However, if I don't first ssh into the web server using Terminal, FileZilla will always prompt for a password.

Re: Key file logon type prompts for password all of a sudden

Posted: 2019-03-21 08:05
by botg
I believe I imported a key and FileZilla seems to have converted it to a .ppk file. FileZilla prompts for a password when you do this so I cannot remove the password on the keyfile.
Try removing the password from the original file, then import it and convert if need.

I added the keyfile's password to the keychain using this:

ssh-add -K ~/.ssh/id_rsa

That works for ssh and persists after reboot. I can ssh into my server in terminal and not get prompted for a password, and if I do that first I can use FileZilla without being prompted for a password.
That's normal, expected and desired behavior of any SSH agent.

Re: Key file logon type prompts for password all of a sudden

Posted: 2019-03-22 03:05
by htm1
I finally got this to work. It turns out Apple did change the behavior with Sierra and later. Here's what works assuming you are already using SSH keys to connect to a server in Terminal. This does not require a separate FileZilla key:

1. Create or Edit your ~/.ssh/config file to include:

Host *
UseKeychain yes
AddKeysToAgent yes
ForwardAgent yes
IdentityFile ~/.ssh/id_rsa

2. Issue the following command in Terminal:

ssh-add -K ~/.ssh/id_rsa

3. Create this file:

~/Library/LaunchDaemons/local.computername.AddSSHKeysAtLogin.plist

Contents of the file:

<plist version="1.0">
<dict>
<key>Label</key>
<string>local.mycomputername.AddSSHKeysAtLogin</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh-add</string>
<string>-A</string>
</array>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

That's it! Now after you reboot you will not be required to enter your SSH Key password.