Howto: Difference between revisions

From FileZilla Wiki
Jump to navigationJump to search
No edit summary
(Updated to document the ability to set key files in the connection manager.)
Line 1: Line 1:
== SFTP using SSH2: Key based authentication ==
== SFTP using SSH2: Key based authentication ==


Starting with version 3.0.8, FileZilla has a built-in key management page in the settings dialog.
There are three mechanisms for use of the FileZilla client with SSH2 keys.
 
# In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as "Key File" and specify the location of the private key file (in .ppk or .pem format - see below for conversion options from other formats.) The user is prompted for the key file's password if necessary, which may optionally be cached by Filezilla until it is next shut down.
Note: Importing a site's '''public''' key is not supported.
# In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's '''public''' key is not supported.
It's not possible to pre-cache a public key (which I had obtained as a keyfile from the site's administrator) to verify the server is the one you're trying to connect to. Eventually I had to run ssh-keygen -l -f <keyfile name> on a Linux box, then perform a visual comparison.
# (Windows only) Using the excellent [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.
 
=== Windows ===
For SFTP using SSH2, FileZilla utilizes the excellent [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.


If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
Line 15: Line 12:
Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.
Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.


I'm not sure how well this'll work on systems where you're not permitted to save your password, but after selecting "Don't save password" in the site manager for my server, I could exit the site manager by pressing "cancel" on the password dialog and then "Save and Exit". When you select your site from the list, again press "cancel" and it'll still attempt to connect.
This also works with the portable versions of FileZilla and PuTTY tools.
 
As you may or may not know, FileZilla can be easily carried around on portable media such as a USB stick and used from any PC. This also applies to the PuTTY tools, so if you stick Pageant and your PPK key file on to, for example, a USB stick, you can now access your server from any Windows PC.


==== Alternative Method ====
==== Alternative Method ====
In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can use the public key authentication in the site manager with the 'Interactive' Logontype. However, the .ppk file is converted to unprotected one if the original .ppk file is password-protected (FileZilla can do that for you when importing the file). As of 3.0.10, a password-protected key file is not supported yet.
=== Other platforms ===


FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.

Revision as of 13:45, 29 April 2016

SFTP using SSH2: Key based authentication

There are three mechanisms for use of the FileZilla client with SSH2 keys.

  1. In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as "Key File" and specify the location of the private key file (in .ppk or .pem format - see below for conversion options from other formats.) The user is prompted for the key file's password if necessary, which may optionally be cached by Filezilla until it is next shut down.
  2. In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's public key is not supported.
  3. (Windows only) Using the excellent PuTTY tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.

If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.

Now run Pageant. In your system tray, you'll see the Pageant icon appear. Right-click the icon and select "Add Key" and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you're done.

Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.

This also works with the portable versions of FileZilla and PuTTY tools.

Alternative Method

FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.

Retrieved from "https://wiki.filezilla-project.org/wiki/index.php?title=Howto&oldid=38055"