Convert Public SSH Key to key filezilla accepts?

[darienal]

Apologies the whole SSH Key send receive process is still something I do infrequently. We have a partner who has published their public SSH key on a web for partners to use to connect in .txt format. I'm unsure how to convert this key into a format that filezilla will accept as part of the key file login type.

[boco]

If it is their server's Host key, they probably put it up for verification. Hopefully that site isn't fully public. Just connect to their SFTP server, and the server will present you its Host key. Just make sure both keys match (the one displayed vs. the one in the .txt).

In this scenario, no need to convert anything.

[darienal]

Ah understood. Thanks! And no they do ip and md5 based Access restrictions I believe.

[darienal]

If it is their server's Host key, they probably put it up for verification. Hopefully that site isn't fully public. Just connect to their SFTP server, and the server will present you its Host key. Just make sure both keys match (the one displayed vs. the one in the .txt).

In this scenario, no need to convert anything.

Since I'm only entering a username(there is no password according to my contact) would I use the filezilla login type ask for password?

[boco]

Could you write what key(s) exactly they posted on that website. DON'T post the key itself, only the description they gave. I cannot imagine that they put public key authentication data on that website, but if they did, they are doing it wrong.

Again: Don't post the key itself, that's confidential!

[darienal]

This page contains public SSH and PGP keys. Keys are valid for 2 years after creation.

If your company receives files from pease download the following key:

And the link reference is an ssh public key in a text file.

[boco]

I fear that exceeds my level of knowledge regarding SFTP. Maybe @botg knows what's going on.

[botg]

Public keys are by definition public. You can post them online, print them in a news paper, or project them onto the moon next to the coca-cola logo. For easier comparison of different keys, public keys have associated fingerprints.

For every public key, there is a corresponding private key, which, as the name implies, must be kept private. A private key should never leave the machine it was created on.

Private keys are used to create signatures. Public keys are used to verify that a given signature was created by the private key corresponding to the public key.



In SSH/SFTP, public/private key pairs are used for authentication, in two ways:

1) There is the server host key. The server has the private key, and it freely sends the public key to everyone connecting to the server. During the handshake with the server, it creates a signature as a proof that it knows the private key matching the public key it advertises and sends the signature to the client.

The client then verifies that the fingerprint of the public host key matches the fingerprint that the server is supposed to have. The operator of the client may need to assist with this step and compare the fingerprint with a reference host key fingerprint received from the server administrator via some other, secure channel, e.g. handed over in a face to face meeting on a piece of paper. If both the fingerprints match, and the signature is valid, then the server is authenticated, the client now has that guarantee that it is speaking to the correct server.

2) Clients can authenticate themselves against the server in various ways, for example using a password. Alternatively, a public/private keypair can be used. Here, the client is in possession of a private key. Prior to connecting to the server for the first time, the client operator takes note of his public key and submits it to the server administrator over a secure channel. The server administrator then tells the server which public key this user has.

Upon connecting to the server, the client creates a signature with his private key and sends the signature together with the public key to the server. The server then verifies that the received public key fingerprint matches the reference key fingerprint deposited by the server administrator. If both the fingerprints match, and the signature is valid, the client is authenticated and the server knows that the client connecting really is the user it claims to be.




What does this mean in terms of FileZilla Client?

1) Host keys: There's nothing to configure. When you first connect to a server, FileZilla prompts you to verify the host key. You merely need to compare the displayed fingerprint with the one you have received from the server administrator.

2) Public/private key authentication as alternative to password-based authentication. All you need is a private key. The corresponding public key must have been communicated to the server administrator in advance. In the Site Manager of FileZilla select "Key file" as logon type and enter the path to the private key file. FileZilla supports all common private key file formats, and asks you to convert the file if necessary.

[darienal]

Complete miscommunication. We are all good, there was a key pair generated previously the website key has nothing to do with it, that's for something else.