FileZilla Forums

I am using Keagent (Keypassxc) to store my keys and this is working flawlessly with MacOS terminal but Filezilla is not making use if it? I remember on Windows its used to be working but on MacOS its not.

Make sure it is configured as session-wide or even system-wide SSH agent.

Its is for sure system wide as the Transmit is working fine with it.

Which version of FileZilla are you using?

I am using the latest version now and somehow its working fine now without any other change in my knowledge!

I am using the latest version now

Which is? No offense, but there have been cases where people thought a decade-old version has been the latest one.

Cuirrently, the actual latest one is 3.43.0.

I narrowed down the issue to SSH "IdentityFile" config. When I am setting "MaxAuthTries" to '1' I can SSH the host with the specific pinned key but Filezilla is still pushing all keys one by one hence failing to login due to max retry failure.

Is there something we can do?

BTW my version is 3.43.0

A limit of one is insane. Please consider the recommendation given in the SSH specifications:

RFC 4252 wrote:Additionally, the implementation SHOULD limit the number of failed authentication attempts a client may perform in a single session (the RECOMMENDED limit is 20 attempts).

botg wrote: ↑

2019-07-02 06:29

A limit of one is insane. Please consider the recommendation given in the SSH specifications:

RFC 4252 wrote:Additionally, the implementation SHOULD limit the number of failed authentication attempts a client may perform in a single session (the RECOMMENDED limit is 20 attempts).

The reason is I have multiple dozens of servers to manage and I have to keep the login process faster and I also have IDS/IPS which blocks the intruding IP after X no of failed attempts too but this is not related to those things as as per my observation Filezilla is probably not compatible with SSH Agent IdentiyFile as its always trying all keys.

Why do you have more than one key? Multiple keys do not increase security.

those are different clients production servers and ssh is exposed to world. If I use same key for all that in case of the key leak all servers will be in danger.

Its a multi customers and multi users (employees) infrastructure so there are many other security complications as well.

If it's pure key authentication you can specify each server's key directly in its Site Manager entry. I guess it doesn't work that way if the server needs key + password.

I have passphrase on all keys.

If you configure the password-protected key in FileZilla, then FileZilla will prompt for the key file password if needed.