FileZilla Server 1.4.1: Adding users programmatically
Moderator: Project members
-
- 500 Command not understood
- Posts: 3
- Joined: 2022-06-08 16:09
- First name: GIANLUCA
- Last name: PINOLI
FileZilla Server 1.4.1: Adding users programmatically
Hi,
I'm trying to find a way to add users to users.xml, although is quite simple create a User node, i've some problem creating HASH for the password.
I know there are many topic about this argument, but they seem to refer to the older versione of filezilla (0.9.x)
in filezilla server 1.4.1 creating a new user with the GUI, reading Users.XML, i can find somwthing like that:
...
<password index="1">
<hash>17zJM5wwWu99f/EiOGg5gdy9xA+1Os+2UolVPJ8lPIs</hash>
<salt>UNu88mu6vV0AiNptC/6SHbz/hD6GvUo4GtRg706E3gs</salt>
<iterations>100000</iterations>
</password>
...
I understand salt is a ramdom string, but how retrieve hash value?
In some topics in this forum I can find out tha the way is like:
password = "12345";
salt = "somelongstring6172617261";
result = SHA512(password + salt);
but both hash and salt seem to have a lenght of 64 char while in my users.xml file they are 43.
I've also tryed whith filezilla-server-crypt.exe, but since version 1.3 stdin seem to be involved.
Anyone have some suggestion?
Best regards
Gianluca Pinoli
I'm trying to find a way to add users to users.xml, although is quite simple create a User node, i've some problem creating HASH for the password.
I know there are many topic about this argument, but they seem to refer to the older versione of filezilla (0.9.x)
in filezilla server 1.4.1 creating a new user with the GUI, reading Users.XML, i can find somwthing like that:
...
<password index="1">
<hash>17zJM5wwWu99f/EiOGg5gdy9xA+1Os+2UolVPJ8lPIs</hash>
<salt>UNu88mu6vV0AiNptC/6SHbz/hD6GvUo4GtRg706E3gs</salt>
<iterations>100000</iterations>
</password>
...
I understand salt is a ramdom string, but how retrieve hash value?
In some topics in this forum I can find out tha the way is like:
password = "12345";
salt = "somelongstring6172617261";
result = SHA512(password + salt);
but both hash and salt seem to have a lenght of 64 char while in my users.xml file they are 43.
I've also tryed whith filezilla-server-crypt.exe, but since version 1.3 stdin seem to be involved.
Anyone have some suggestion?
Best regards
Gianluca Pinoli
Re: FileZilla Server 1.4.1: Adding users programmatically
filezilla-server-crypt has been changed so to get the password to hash from the standard input, for security reasons. Just follow what's written at the following link, but instead of passing the password as a parameter feed it in through stdin: viewtopic.php?f=6&t=54267&p=178461&hili ... pt#p178461
-
- 500 Command not understood
- Posts: 3
- Joined: 2022-06-08 16:09
- First name: GIANLUCA
- Last name: PINOLI
Re: FileZilla Server 1.4.1: Adding users programmatically
Is this the only way?
I'm trying to achievi it as a service, but I think this will not be possible...
Regards
Gianluca
I'm trying to achievi it as a service, but I think this will not be possible...
Regards
Gianluca
Re: FileZilla Server 1.4.1: Adding users programmatically
The password is hashed using pbkdf2 with hmac_sha256, then base64-encoded without padding, together with the random salt. Any tool able to do that is good for the occasion.
-
- 500 Command not understood
- Posts: 3
- Joined: 2022-06-08 16:09
- First name: GIANLUCA
- Last name: PINOLI
Re: FileZilla Server 1.4.1: Adding users programmatically
Thank you very much.
It works for me.
Regards
Gianluca
It works for me.
Regards
Gianluca
Re: FileZilla Server 1.4.1: Adding users programmatically
Can you share how you got this working?
We're trying to automatically generate hashed passwords with a salt for version 1.5.1 of Filezilla Server.
Thanks
We're trying to automatically generate hashed passwords with a salt for version 1.5.1 of Filezilla Server.
Thanks
Re: FileZilla Server 1.4.1: Adding users programmatically
I also got the same problem.
Try to use python to generate hash, however i'm getting hex not the hash like what I saw like below:
How can I get the 43 length of string based on the hash returned from pbkdf2_hmac?
Code: Select all
key = hashlib.pbkdf2_hmac(
'SHA256', # The hash digest algorithm for HMAC
password.encode('utf-8'), # Convert the password to bytes
salt.encode('utf-8'), # Provide the salt
100000 # It is recommended to use at least 100,000 iterations of SHA-256,
)
Code: Select all
C:\Program Files\FileZilla Server>filezilla-server-crypt test3
test
--test3@index=1 --test3.hash=cSEuk+yFGgWzSYV2hYyt2tE51SDq6p8YKqUdhBttCf0 --test3.salt=t6xJFWEVmhyX1ZTImoloLVoldPFvHIy5wCL4wm8mat4 --test3.iterations=100000
Re: FileZilla Server 1.4.1: Adding users programmatically
Did you base64-encode your result? See three posts above yours.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FileZilla Server 1.4.1: Adding users programmatically
Hi,
I am facing issue with version 1.8.1
I want to create user programmatically using php
my code is:
$iterations = 100000;
$salt = "GjnbiA3xutwGIfvD8jL9/d12c7JAm6x0sN/57b97iz0";
$hashedPassword = hash_pbkdf2("sha256", $password, hex2bin($salt), $iterations, 0, true);
$hashed_password = rtrim(base64_encode($hashedPassword), '=');
still password hash created with above code not accepted.
tried with random salt also.
Can anyone help with this please.
I am facing issue with version 1.8.1
I want to create user programmatically using php
my code is:
$iterations = 100000;
$salt = "GjnbiA3xutwGIfvD8jL9/d12c7JAm6x0sN/57b97iz0";
$hashedPassword = hash_pbkdf2("sha256", $password, hex2bin($salt), $iterations, 0, true);
$hashed_password = rtrim(base64_encode($hashedPassword), '=');
still password hash created with above code not accepted.
tried with random salt also.
Can anyone help with this please.
Re: FileZilla Server 1.4.1: Adding users programmatically
You must use random salt, do not use static salt.
Re: FileZilla Server 1.4.1: Adding users programmatically
Hi,
Thanks for the reply.
I tried random salt too. Still not able to log in using that user.
I also tried with salt generated by the Filezilla server with the same password, but hashed passwords are different from mine and the Filezilla server with the same password string and salt
Thanks for the reply.
I tried random salt too. Still not able to log in using that user.
I also tried with salt generated by the Filezilla server with the same password, but hashed passwords are different from mine and the Filezilla server with the same password string and salt
Re: FileZilla Server 1.4.1: Adding users programmatically
In your provided example, what is the salt being used?
Re: FileZilla Server 1.4.1: Adding users programmatically
This salt is used for checking hashed password matches or not
This salt is generated by filezilla server while adding user using admin interface
$salt = bin2hex(random_bytes(22));
$salt = substr($salt, 0, 43);
Before that i am using above code to generate salt value
This salt is generated by filezilla server while adding user using admin interface
$salt = bin2hex(random_bytes(22));
$salt = substr($salt, 0, 43);
Before that i am using above code to generate salt value
Re: FileZilla Server 1.4.1: Adding users programmatically
The salt should have 256 bits of entropy. You are only using using 172 bits of entropy.$salt = bin2hex(random_bytes(22));
$salt = substr($salt, 0, 43);
Re: FileZilla Server 1.4.1: Adding users programmatically
How can I achieve that can you explian