Not possible to disable SSH public key authentication?
Moderator: Project members
Not possible to disable SSH public key authentication?
Today I started getting "too many authentication failures" error and I realized that it's because Filezilla is trying to use my SSH keys to authenticate via SFTP. How do I simply disable public key authentication? I'm not sure why this isn't an option.
Re: Not possible to disable SSH public key authentication?
If you did set your keys in the global settings, or if you use PuTTY's Pageant tool, the keys are tried against every SFTP server. That's what globally defined means.
You can define Public Key Authentication per server, in the Site Manager (select protocol as "SFTP" and Logon Type as "key file"). Keys defined that way apply only to that one server.
You can define Public Key Authentication per server, in the Site Manager (select protocol as "SFTP" and Logon Type as "key file"). Keys defined that way apply only to that one server.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Not possible to disable SSH public key authentication?
It seems like the only way I could get this to stop is to kill the ssh-agent process running on the macbook. I cannot authenticate via SSH keys and don't want FileZilla to try using them, but it doesn't seem like there's a way to turn this option off if the ssh agent is running on the local system. Is that right?
Re: Not possible to disable SSH public key authentication?
The OS SSH agent holds the global (system-wide) keys. They will be used by all SSH/SFTP applications, not just FileZilla.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Not possible to disable SSH public key authentication?
I think there is some confusion here. I am trying to avoid SSH keys altogether. I do not want to use SSH keys, but FileZilla is forcing me to. I just want to authenticate using my password, but even after providing my password, FileZilla still tries to authenticate using SSH keys.
Re: Not possible to disable SSH public key authentication?
Configure your SSH agent to not load keys into it.
Re: Not possible to disable SSH public key authentication?
Gotcha. Sounds great!
-
- 500 Command not understood
- Posts: 1
- Joined: 2021-11-07 17:32
- First name: Tobias
- Last name: Damisch
Re: Not possible to disable SSH public key authentication?
I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):
This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.
You can even start a second instance of filezilla that does use the ssh-agent for the servers you want to authenticate to with pubkey auth:
The & at the end simply starts the preceding command in the background so you can continue using the shell for starting more commands.
And yes, I had the idea of compiling my own filezilla and got stuck in dependency hell before thinking of simple bash logic.
May all poor souls that suffer from the filezilla behavior with ssh-agent find their way here!
Cheers, vin
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):
Code: Select all
machine@user:~$ SSH_AUTH_SOCK=null filezilla &
You can even start a second instance of filezilla that does use the ssh-agent for the servers you want to authenticate to with pubkey auth:
Code: Select all
machine@user:~$ filezilla &
And yes, I had the idea of compiling my own filezilla and got stuck in dependency hell before thinking of simple bash logic.
May all poor souls that suffer from the filezilla behavior with ssh-agent find their way here!
Cheers, vin
Re: Not possible to disable SSH public key authentication?
This has been helpful to me. Thank you.vincitus wrote: ↑2021-11-07 17:55I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):Code: Select all
machine@user:~$ SSH_AUTH_SOCK=null filezilla &
I needed to use the ssh-agent only with the ssh command but not with FileZilla. The reason is that I was trying to connect (with FileZilla) to a server that required a password. But such server dropped the connection if you provided one or more keys to it and all they failed. It didn't ask for a password as a last resort.
So I've decided to have 2 .desktop files for FileZilla - one that includes the SSH_AUTH_SOCK variable and another one that doesn't. That way I can decide whether to use the ssh-agent or not, at any time.
-
- 500 Command not understood
- Posts: 2
- Joined: 2021-07-21 07:35
- First name: kiml
- Last name: Glerner
Re: Not possible to disable SSH public key authentication?
Yeay! Thank you!vincitus wrote: ↑2021-11-07 17:55I found the solution. It is very simple.
Just start filezilla from a bash setting SSH_AUTH_SOCK to something other than the ssh agent (null or whatever you might fancy):This sets the SSH_AUTH_SOCK shell environment variable only for this instance of filezilla, which means any other program (e.g. ssh) can still use the agent while filezilla wont be able to do so.Code: Select all
machine@user:~$ SSH_AUTH_SOCK=null filezilla &
I installed the latest FileZilla on Linux Mint (the version in the Repository is ancient), using the instructions in
How to install FileZilla FTP client in Linux | Web Developers Planet https://www.webdevsplanet.com/post/inst ... a-in-linux
with the .tar.xz Download
That doesn't use the regular way of starting the program, so I added an alias to my ~/.bashrc file:
Code: Select all
nano ~/.bashrc
alias myfz="SSH_AUTH_SOCK=null /opt/FileZilla3/bin/filezilla & "