Adding SSH key messes up access to sites requiring password?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Adding SSH key messes up access to sites requiring password?

#1 Post by n0lqu » 2013-08-09 18:41

I have a number of SFTP sites I connect to using FileZilla, most of them using password authentication. Recently a new site required that we connect using SSH key authentication, so I created a key pair, sent them our public key, and added our the private key to FileZilla's Edit -> Settings -> Connection -> SFTP -> Public Key Authentication area. This allowed me to connect to the new site and everything works with this site. However now when I connect to a different, previously existing password-protected site that has always worked before, the connection fails with a "Server sent disconnect message type 11 (by application)" error, and the people operating the server say they see we are trying to connecting using a key instead of a password. If I remove our key from FileZilla's settings, I can once again connect, and if I add it, it fails. So the mere existence of the key is breaking this site that requires a password.

Why is this happening, and how can I specify that specific sites require key authentication, and other sites require password? All sites are saved in Site Manager as "Logon Type: Normal".

User avatar
botg
Site Admin
Posts: 31678
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Adding SSH key messes up access to sites requiring passw

#2 Post by botg » 2013-08-09 20:09

Probably broken or misconfigured server. SSH, and thus SFTP rotates all available authentication types until one gets found that works. Of course this only works if the server doesn't close the connection on the first login failure.

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#3 Post by n0lqu » 2013-08-12 13:59

Probably broken or misconfigured server. SSH, and thus SFTP rotates all available authentication types until one gets found that works. Of course this only works if the server doesn't close the connection on the first login failure.
Agreed. However, given I can't control the operation of the server, is there any way to specify within FileZilla that a site should authenticate with a password rather than key, or vice-versa? Or tell it to try password first, then key only if password fails? It appears to me it's trying key first, and then not getting a chance to try password.

User avatar
botg
Site Admin
Posts: 31678
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Adding SSH key messes up access to sites requiring passw

#4 Post by botg » 2013-08-12 18:54

There's no such option.

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#5 Post by n0lqu » 2013-08-12 19:00

Could such an option be added, or are there any good workarounds anyone can recommend? Right now, the only workaround I know is to delete the key from general preferences, add it back only when connecting to the specific site that requires it, then deleting it again when done so it doesn't mess up other sites.

User avatar
boco
Contributor
Posts: 24214
Joined: 2006-05-01 03:28
Location: Germany

Re: Adding SSH key messes up access to sites requiring passw

#6 Post by boco » 2013-08-13 01:13

Right now you could have two FileZilla instances with separate config dirs (e. g. one installed and one portable).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#7 Post by n0lqu » 2013-08-15 17:38

Okay, that's a possibility; still not as convenient as being able to just select a site from the site manager and it just works without having to remember which sites to use FileZilla A with, and which to use FileZilla B, but perhaps better than having to keep adding and removing the key.

It would be helpful to be able to specify on a site-to-site basis whether to use password or key on that particular site, or at least which to try first. Maybe, if the password is blank in a "Normal" logon, use key (if one or more exist). If password is non-blank, try password first, then try key. Or add another "Logon Type" for "Normal, password" and/or "Normal, key". Is there a request list or other place where I can raise this to the attention of the developers, for hopeful inclusion in a near future version?

User avatar
botg
Site Admin
Posts: 31678
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Adding SSH key messes up access to sites requiring passw

#8 Post by botg » 2013-08-15 19:36

What if the server requires password based login with an empty password? Sounds silly, but such servers exist :(

You really should convince your server administrator to fix the server's configuration to allow multiple authentication attempts using different methods.

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#9 Post by n0lqu » 2013-08-23 18:18

The server is run by someone else, of whose system I have no control. And yes, their system is apparently at fault, but it's messing with other systems I need to connect to simply because apparently FileZilla has no way to specify if it should authenticate via password or key. Sure, SSH is *supposed* to allow both trying both methods, and servers are *supposed* to as well, but in the real world you have to be able to make adjustments for things not operating entirely to the specs. That is the situation here. I'm not a big fan of the workarounds, which basically say I have to use two copies (regular and portable) or two configurations of FileZilla (one with the key and one missing the key), but they are doable. I would *much* prefer the ability to specify, somehow, which specific sites may a specific type of credentials. Because of the "blank password" option, it would probably be better to deliberately specify the type of authentication (i.e. add "normal, password" and "normal, key" as alternate logon types) rather than making assumptions based on the presence or absence of a password. Plus, that would avoid the kind of side effects I'm dealing with here, where the change could kill a previously working site.

So back to the question at hand, how or where would one go about making this request known to the developers?

User avatar
botg
Site Admin
Posts: 31678
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Adding SSH key messes up access to sites requiring passw

#10 Post by botg » 2013-08-24 08:12

So back to the question at hand, how or where would one go about making this request known to the developers?
Already taken care of, I am the developers.

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#11 Post by n0lqu » 2013-08-26 13:57

botg wrote:
So back to the question at hand, how or where would one go about making this request known to the developers?
Already taken care of, I am the developers.
Thank you! I'm sure there are a lot of items on the "wish list"; I apprecate this being added and hope to see it implemented in the near future.

David

timboskratch
500 Command not understood
Posts: 1
Joined: 2014-07-22 15:20
First name: Tim
Last name: Powell

Re: Adding SSH key messes up access to sites requiring passw

#12 Post by timboskratch » 2014-07-22 15:25

I just had this same issue today and managed to resolve it by changing the "logon type" of the connection using a password in the site manager. Instead of "Normal" I could select either "Interactive" or "Ask for Password" (not really sure what the difference is) and then when I tried to connect to the site again it gave me a prompt to enter my password and then connected successfully.

It's not ideal as it means you have to remember and re-type you password every time you connect, but better than having to install 2 instances of FileZilla.

I totally agree that it would be very useful in the Site Manager to have full options of how you would like FileZilla to connect to each site which is set up (whether to use a password, key, etc.)

Hope this is helpful!
Tim

n0lqu
504 Command not implemented
Posts: 7
Joined: 2013-08-09 18:25

Re: Adding SSH key messes up access to sites requiring passw

#13 Post by n0lqu » 2014-07-23 15:46

timboskratch wrote:I just had this same issue today and managed to resolve it by changing the "logon type" of the connection using a password in the site manager. Instead of "Normal" I could select either "Interactive" or "Ask for Password" (not really sure what the difference is) and then when I tried to connect to the site again it gave me a prompt to enter my password and then connected successfully.

It's not ideal as it means you have to remember and re-type you password every time you connect, but better than having to install 2 instances of FileZilla.

I totally agree that it would be very useful in the Site Manager to have full options of how you would like FileZilla to connect to each site which is set up (whether to use a password, key, etc.)

Hope this is helpful!
Tim
Thanks for the tip. In our case, we have many dozens of sites that use passwords -- I'm not sure how many of them are affected by this issue since I haven't gone through and tried them all, but I know it's certainly a few -- and currently only one that uses an SSH key. So keeping manual track of all those passwords wouldn't be practical. Since most of the time when we connect to system that uses the SSH key it's via a different (automated) process and we only connect via FileZilla on the rare occasion where we need to test something manually, we've been leaving our SSH key uninstalled, add it only when we need to connect to this system, and remove it immediately when we're done so other sites aren't affected.

User avatar
boco
Contributor
Posts: 24214
Joined: 2006-05-01 03:28
Location: Germany

Re: Adding SSH key messes up access to sites requiring passw

#14 Post by boco » 2014-07-23 16:57

'Interactive' is for people with servers that require a different password for every connection (or after a certain time). The 'Ask for password' can remember the password for the session and automatically uses the same for further transfers (or connections, if box ticked).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply