SFTP use with key pair

Message

robena · #1 Post by **robena** » 2007-03-20 20:27

I need to access an SFTP server that only allows access with the use of a public/private key pair.

It does not allow a login based on an user account and password.

Can I do that with FileZilla?

#2 Post by **botg** » 2007-03-22 12:57

Since the SFTP support in FileZilla is based on PuTTY, you can use the Pageant tool from PuTTY for public key authentication. http://www.chiark.greenend.org.uk/~sgta ... nload.html

robena · #3 Post by **robena** » 2007-03-26 13:53

That works like a charm, thanks!

Nazo · #4 Post by **Nazo** » 2007-04-21 07:53

Great for you, but not everyone. There are several reasons this isn't really a true solution:

1. Running Pageant isn't exactly intuitive and it is also rather a lot of extra steps which the user knows each step of the way should be unnecessary.
2. I like to run FileZilla from a flash drive on the go as it can be rather convenient. Running Pageant on another system adds a layer of insecurity if you forget to close it down plus it's even harder to run via flash drive (especially with the inconsistencies of drive letters on different systems.)
3. I have, thus far, been unable to locate a linux solution, so when I most needed proper sftp support in FileZilla I was simply screwed and had to do each file one by one by hand in psftp instead (and, of course, it lacks basics like wildcard support, tab completion, and etc -- I really wish someone would replace psftp with something like the wonderful ncftp client, but just about anything would be better than such a featureless client...) Unfortunately, WINE didn't seem to work at all for me at least (besides, IMO it would be wrong for anyone to rely on WINE -- not only is it a third party application, but it is unreliable in all too many circumstances and imperfect in even the best cases. I wish this would improve, but realistically speaking it is highly unlikely that anyone will ever unlock all of MS's hidden undocumented secrets.)

Number 3 was something of a fatal problem for me as I found no workaround. For security reasons I'm using keyfile authentication on my server, and that means that it is the only way to log in as it defeats the purpose of trying to increase security. Surely it can't be that hard to have basic keyfile authentication built in though? Even if you don't care about the lack of any way to get FileZilla to log in while using linux (or Mac I'm betting,) numbers 1 and 2 should be enough reason to warrant the addition, surely?

Nazo · #5 Post by **Nazo** » 2007-06-02 02:51

So is there no hope of this ever being fixed then? I've been trying all I could with linux with still no luck. Someone suggested ssh-agent, so I tried that and it seems filezilla can't work with it. Is internal support for keyfiles that hard to implement? Sftp and psftp are both just horrible clients, but right now I can't find any alternatives for linux or if you don't want to use an agent.

RoseBud · #6 Post by **RoseBud** » 2009-06-13 02:16

Nazo wrote:So is there no hope of this ever being fixed then? I've been trying all I could with linux with still no luck. Someone suggested ssh-agent, so I tried that and it seems filezilla can't work with it. Is internal support for keyfiles that hard to implement? Sftp and psftp are both just horrible clients, but right now I can't find any alternatives for linux or if you don't want to use an agent.

I'm using version 3.2.2.1 in Ubuntu Linux and was able to use ssh-agent with FileZilla. First I opened a terminal and used ssh-add to add the key that I want to use to the ssh-agent. Then I entered the server information into FileZilla that I want to connect to, making sure to set the Server Type to SFTP.

Hope this helps.

jdratlif · #7 Post by **jdratlif** » 2009-06-13 16:36

Nazo wrote:1. Running Pageant isn't exactly intuitive and it is also rather a lot of extra steps which the user knows each step of the way should be unnecessary.

Seems pretty easy to me. The directions were pretty clear and it's a one-time setup. I just double-click my key when I'm on Windows.

Nazo wrote:2. I like to run FileZilla from a flash drive on the go as it can be rather convenient. Running Pageant on another system adds a layer of insecurity if you forget to close it down plus it's even harder to run via flash drive (especially with the inconsistencies of drive letters on different systems.)

It's always bad not to logout from a public terminal. This isn't Pageant's fault.

I'm not sure I understand how drive letters impact usage of FileZilla or Pageant.

Nazo wrote:3. I have, thus far, been unable to locate a linux solution, so when I most needed proper sftp support in FileZilla I was simply screwed and had to do each file one by one by hand in psftp instead (and, of course, it lacks basics like wildcard support, tab completion, and etc -- I really wish someone would replace psftp with something like the wonderful ncftp client, but just about anything would be better than such a featureless client...) Unfortunately, WINE didn't seem to work at all for me at least (besides, IMO it would be wrong for anyone to rely on WINE -- not only is it a third party application, but it is unreliable in all too many circumstances and imperfect in even the best cases. I wish this would improve, but realistically speaking it is highly unlikely that anyone will ever unlock all of MS's hidden undocumented secrets.)

ssh-agent works great. Maybe you should talk about the problems you are having with it specifically. I'm sure someone here can help you.

gftp supports sftp and it's GUI, if FileZilla is so much trouble. I never liked it, but it's another alternative to the command line.

As for your rant on WINE, I say bah! Third party application? What do you call FileZilla, OpenSSH, and Pageant? I'm not saying WINE is perfect, far from it, but I for one find it very useful.

Nazo wrote:Number 3 was something of a fatal problem for me as I found no workaround. For security reasons I'm using keyfile authentication on my server, and that means that it is the only way to log in as it defeats the purpose of trying to increase security. Surely it can't be that hard to have basic keyfile authentication built in though? Even if you don't care about the lack of any way to get FileZilla to log in while using linux (or Mac I'm betting,) numbers 1 and 2 should be enough reason to warrant the addition, surely?

I don't know what your problem is, but I use FileZilla on Windows, Mac, and Linux all with public key authentication.

How about you tell us what happens when you try, and what you are doing, and then we'll try to help you?

p6ril · #8 Post by **p6ril** » 2009-06-15 15:44

hi guys, I've checked the wiki in order to test the FileZilla Server and FileZilla client locally to my PC using an SSL connection. I use the latest version of FileZilla 3.2.4.1 and I'm a bit confused. It seems that the client doesn't require Pageant to connect to the server ... althougth this is the way it is documented. When I connect to the FTP server (with every options checked in the SSL configuration i.e. Enable SSL, Allow explicit SSL, Force SSL) I receive the certificat from the server and then I'm granted access to the FTP shared folders wehter Pageant is running or not ... any explanation for this ? Note that I haven't entered the private key in FileZilla client, so I wonder how it does work (unless this is specific to my local configuration and shouldn't work from the outside world) ?

Thanks for your help

#9 Post by **botg** » 2009-06-15 16:30

FTPS and SFTP are completely different things.

p6ril · #10 Post by **p6ril** » 2009-06-16 09:47

obviously my mistake ... unbelievable I've read the "SFTP using SSH2" wiki 3 or 4 times and each time I was convinced it was all about FTPS over SSL. I don't fully understand both concepts and thus mixed them both. Thanks for the englightment.

FileZilla Forums

SFTP use with key pair

SFTP use with key pair

Re: SFTP

Re:

Re: SFTP use with key pair

Re: SFTP use with key pair

Re: SFTP use with key pair