FileZilla Forums

Today I started getting "too many authentication failures" error and I realized that it's because Filezilla is trying to use my SSH keys to authenticate via SFTP. How do I simply disable public key authentication? I'm not sure why this isn't an option.

If you did set your keys in the global settings, or if you use PuTTY's Pageant tool, the keys are tried against every SFTP server. That's what globally defined means.

You can define Public Key Authentication per server, in the Site Manager (select protocol as "SFTP" and Logon Type as "key file"). Keys defined that way apply only to that one server.

It seems like the only way I could get this to stop is to kill the ssh-agent process running on the macbook. I cannot authenticate via SSH keys and don't want FileZilla to try using them, but it doesn't seem like there's a way to turn this option off if the ssh agent is running on the local system. Is that right?

The OS SSH agent holds the global (system-wide) keys. They will be used by all SSH/SFTP applications, not just FileZilla.

I think there is some confusion here. I am trying to avoid SSH keys altogether. I do not want to use SSH keys, but FileZilla is forcing me to. I just want to authenticate using my password, but even after providing my password, FileZilla still tries to authenticate using SSH keys.

Configure your SSH agent to not load keys into it.

Gotcha. Sounds great!

I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy): This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.
You can even start a second instance of filezilla that does use the ssh-agent for the servers you want to authenticate to with pubkey auth: The & at the end simply starts the preceding command in the background so you can continue using the shell for starting more commands.

And yes, I had the idea of compiling my own filezilla and got stuck in dependency hell before thinking of simple bash logic.

May all poor souls that suffer from the filezilla behavior with ssh-agent find their way here!

Cheers, vin

vincitus wrote: ↑

2021-11-07 17:55

I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):

Code: Select all

machine@user:~$ SSH_AUTH_SOCK=null filezilla &

This has been helpful to me. Thank you.

I needed to use the ssh-agent only with the ssh command but not with FileZilla. The reason is that I was trying to connect (with FileZilla) to a server that required a password. But such server dropped the connection if you provided one or more keys to it and all they failed. It didn't ask for a password as a last resort.

So I've decided to have 2 .desktop files for FileZilla - one that includes the SSH_AUTH_SOCK variable and another one that doesn't. That way I can decide whether to use the ssh-agent or not, at any time.

vincitus wrote: ↑

2021-11-07 17:55

I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):

Code: Select all

machine@user:~$ SSH_AUTH_SOCK=null filezilla &

This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.

Yeay! Thank you!

I installed the latest FileZilla on Linux Mint (the version in the Repository is ancient), using the instructions in
How to install FileZilla FTP client in Linux | Web Developers Planet https://www.webdevsplanet.com/post/inst ... a-in-linux
with the .tar.xz Download

That doesn't use the regular way of starting the program, so I added an alias to my ~/.bashrc file: Finally, a host that doesn't use SSH keys, works!