Filezilla (MacOS) and Keagent support

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Filezilla (MacOS) and Keagent support

#1 Post by azfar » 2019-06-19 10:57

I am using Keagent (Keypassxc) to store my keys and this is working flawlessly with MacOS terminal but Filezilla is not making use if it? I remember on Windows its used to be working but on MacOS its not.

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#2 Post by botg » 2019-06-19 13:54

Make sure it is configured as session-wide or even system-wide SSH agent.

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#3 Post by azfar » 2019-06-20 11:35

Its is for sure system wide as the Transmit is working fine with it.

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#4 Post by botg » 2019-06-20 17:16

Which version of FileZilla are you using?

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#5 Post by azfar » 2019-06-27 22:04

I am using the latest version now and somehow its working fine now without any other change in my knowledge!

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#6 Post by botg » 2019-06-27 22:20

I am using the latest version now
Which is? No offense, but there have been cases where people thought a decade-old version has been the latest one.

User avatar
boco
Contributor
Posts: 24685
Joined: 2006-05-01 03:28
Location: Germany

Re: Filezilla (MacOS) and Keagent support

#7 Post by boco » 2019-06-28 01:42

Cuirrently, the actual latest one is 3.43.0.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#8 Post by azfar » 2019-07-01 12:22

I narrowed down the issue to SSH "IdentityFile" config. When I am setting "MaxAuthTries" to '1' I can SSH the host with the specific pinned key but Filezilla is still pushing all keys one by one hence failing to login due to max retry failure.

Is there something we can do?

BTW my version is 3.43.0

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#9 Post by botg » 2019-07-02 06:29

A limit of one is insane. Please consider the recommendation given in the SSH specifications:
RFC 4252 wrote:Additionally, the implementation SHOULD limit the number of failed authentication attempts a client may perform in a single session (the RECOMMENDED limit is 20 attempts).

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#10 Post by azfar » 2019-07-02 06:36

botg wrote:
2019-07-02 06:29
A limit of one is insane. Please consider the recommendation given in the SSH specifications:
RFC 4252 wrote:Additionally, the implementation SHOULD limit the number of failed authentication attempts a client may perform in a single session (the RECOMMENDED limit is 20 attempts).
The reason is I have multiple dozens of servers to manage and I have to keep the login process faster and I also have IDS/IPS which blocks the intruding IP after X no of failed attempts too but this is not related to those things as as per my observation Filezilla is probably not compatible with SSH Agent IdentiyFile as its always trying all keys.

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#11 Post by botg » 2019-07-02 07:27

Why do you have more than one key? Multiple keys do not increase security.

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#12 Post by azfar » 2019-07-02 13:01

:D those are different clients production servers and ssh is exposed to world. If I use same key for all that in case of the key leak all servers will be in danger.

Its a multi customers and multi users (employees) infrastructure so there are many other security complications as well.

User avatar
boco
Contributor
Posts: 24685
Joined: 2006-05-01 03:28
Location: Germany

Re: Filezilla (MacOS) and Keagent support

#13 Post by boco » 2019-07-02 16:16

If it's pure key authentication you can specify each server's key directly in its Site Manager entry. I guess it doesn't work that way if the server needs key + password.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

azfar
504 Command not implemented
Posts: 11
Joined: 2019-06-19 10:52
First name: Azfar
Last name: Hashmi

Re: Filezilla (MacOS) and Keagent support

#14 Post by azfar » 2019-07-02 18:13

I have passphrase on all keys.

User avatar
botg
Site Admin
Posts: 32378
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla (MacOS) and Keagent support

#15 Post by botg » 2019-07-02 18:16

If you configure the password-protected key in FileZilla, then FileZilla will prompt for the key file password if needed.

Post Reply