Not possible to disable SSH public key authentication?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
altjx
504 Command not implemented
Posts: 7
Joined: 2009-11-15 01:59

Not possible to disable SSH public key authentication?

#1 Post by altjx » 2020-06-05 14:19

Today I started getting "too many authentication failures" error and I realized that it's because Filezilla is trying to use my SSH keys to authenticate via SFTP. How do I simply disable public key authentication? I'm not sure why this isn't an option.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Not possible to disable SSH public key authentication?

#2 Post by boco » 2020-06-05 19:45

If you did set your keys in the global settings, or if you use PuTTY's Pageant tool, the keys are tried against every SFTP server. That's what globally defined means.

You can define Public Key Authentication per server, in the Site Manager (select protocol as "SFTP" and Logon Type as "key file"). Keys defined that way apply only to that one server.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

altjx
504 Command not implemented
Posts: 7
Joined: 2009-11-15 01:59

Re: Not possible to disable SSH public key authentication?

#3 Post by altjx » 2020-06-05 22:21

It seems like the only way I could get this to stop is to kill the ssh-agent process running on the macbook. I cannot authenticate via SSH keys and don't want FileZilla to try using them, but it doesn't seem like there's a way to turn this option off if the ssh agent is running on the local system. Is that right?

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Not possible to disable SSH public key authentication?

#4 Post by boco » 2020-06-05 23:28

The OS SSH agent holds the global (system-wide) keys. They will be used by all SSH/SFTP applications, not just FileZilla.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

altjx
504 Command not implemented
Posts: 7
Joined: 2009-11-15 01:59

Re: Not possible to disable SSH public key authentication?

#5 Post by altjx » 2020-06-06 00:00

I think there is some confusion here. I am trying to avoid SSH keys altogether. I do not want to use SSH keys, but FileZilla is forcing me to. I just want to authenticate using my password, but even after providing my password, FileZilla still tries to authenticate using SSH keys.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Not possible to disable SSH public key authentication?

#6 Post by botg » 2020-06-06 17:17

Configure your SSH agent to not load keys into it.

altjx
504 Command not implemented
Posts: 7
Joined: 2009-11-15 01:59

Re: Not possible to disable SSH public key authentication?

#7 Post by altjx » 2020-06-06 17:42

Gotcha. Sounds great!

vincitus
500 Command not understood
Posts: 1
Joined: 2021-11-07 17:32
First name: Tobias
Last name: Damisch

Re: Not possible to disable SSH public key authentication?

#8 Post by vincitus » 2021-11-07 17:55

I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):

Code: Select all

machine@user:~$ SSH_AUTH_SOCK=null filezilla &
This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.
You can even start a second instance of filezilla that does use the ssh-agent for the servers you want to authenticate to with pubkey auth:

Code: Select all

machine@user:~$ filezilla &
The & at the end simply starts the preceding command in the background so you can continue using the shell for starting more commands.

And yes, I had the idea of compiling my own filezilla and got stuck in dependency hell before thinking of simple bash logic.

May all poor souls that suffer from the filezilla behavior with ssh-agent find their way here!

Cheers, vin

negora
500 Command not understood
Posts: 1
Joined: 2022-09-05 06:20

Re: Not possible to disable SSH public key authentication?

#9 Post by negora » 2022-09-05 07:40

vincitus wrote:
2021-11-07 17:55
I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):

Code: Select all

machine@user:~$ SSH_AUTH_SOCK=null filezilla &
This has been helpful to me. Thank you.

I needed to use the ssh-agent only with the ssh command but not with FileZilla. The reason is that I was trying to connect (with FileZilla) to a server that required a password. But such server dropped the connection if you provided one or more keys to it and all they failed. It didn't ask for a password as a last resort.

So I've decided to have 2 .desktop files for FileZilla - one that includes the SSH_AUTH_SOCK variable and another one that doesn't. That way I can decide whether to use the ssh-agent or not, at any time.

lernerconsulting
500 Command not understood
Posts: 2
Joined: 2021-07-21 07:35
First name: kiml
Last name: Glerner

Re: Not possible to disable SSH public key authentication?

#10 Post by lernerconsulting » 2023-09-27 22:18

vincitus wrote:
2021-11-07 17:55
I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):

Code: Select all

machine@user:~$ SSH_AUTH_SOCK=null filezilla &
This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.
Yeay! Thank you!

I installed the latest FileZilla on Linux Mint (the version in the Repository is ancient), using the instructions in
How to install FileZilla FTP client in Linux | Web Developers Planet https://www.webdevsplanet.com/post/inst ... a-in-linux
with the .tar.xz Download

That doesn't use the regular way of starting the program, so I added an alias to my ~/.bashrc file:

Code: Select all

nano ~/.bashrc
alias myfz="SSH_AUTH_SOCK=null     /opt/FileZilla3/bin/filezilla &   "
Finally, a host that doesn't use SSH keys, works!

Post Reply