Difference between revisions of "Howto"

From FileZilla Wiki
Jump to navigationJump to search
(12 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
== SFTP using SSH2: Key based authentication ==
 
== SFTP using SSH2: Key based authentication ==
  
Starting with version 3.0.8, FileZilla has a built-in key management page in the settings dialog.
+
There are three mechanisms for use of the FileZilla client with SSH2 keys.
 +
# In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as "Key File" and specify the location of the private key file (in putty's .ppk or openssh's .pem format) The user is prompted for the key file's password if necessary, which may optionally be cached by Filezilla until it is next shut down.
 +
# In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's '''public''' key is not supported.
 +
# (Windows only) Using the  excellent [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.
  
Note: Importing a site's '''public''' key is not supported.
+
=== generate ssh key ===
It's not possible to pre-cache a public key (which I had obtained as a keyfile from the site's administrator) to verify the server is the one you're trying to connect to. Eventually I had to run ssh-keygen -l -f <keyfile name> on a Linux box, then perform a visual comparison.
+
Filezilla can use existing ssh key, but cannot generate ssh key itself.
 +
you can generate ssh key with putty or openssh. (now openssh is built-in in windows.)
  
=== Windows ===
+
* putty: use GUI program PuTTYgen to generate ssh key.
For SFTP using SSH2, FileZilla utilizes the excellent [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.
+
* openssh: open cmd.exe or powershell, type command <code>ssh-keygen -t rsa -b 2048 -f my-ssh-key</code> will generate private key <code>my-ssh-key</code> and public key <code>my-ssh-key.pub</code> .
  
 +
after generate new key, you need to add the public key to the file <code>~/.ssh/authorized_keys</code> ,
 +
or concact the system admin, then you can login with private key.
 +
 +
=== Using ssh key with putty's ssh agent ===
 
If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
 
If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
  
Line 15: Line 23:
 
Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.
 
Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.
  
I'm not sure how well this'll work on systems where you're not permitted to save your password, but after selecting "Don't save password" in the site manager for my server, I could exit the site manager by pressing "cancel" on the password dialog and then "Save and Exit". When you select your site from the list, again press "cancel" and it'll still attempt to connect.
+
This also works with the portable versions of FileZilla and PuTTY tools.
  
As you may or may not know, FileZilla can be easily carried around on portable media such as a USB stick and used from any PC. This also applies to the PuTTY tools, so if you stick Pageant and your PPK key file on to, for example, a USB stick, you can now access your server from any Windows PC.
+
==== Alternative Method ====
  
==== Alternative Method ====
+
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set. (Note, the "Normal" logon type should be set for the server in order to use the SSH agent socket.)
In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can use the public key authentication in the site manager with the 'Interactive' Logontype. However, the .ppk file is converted to unprotected one if the original .ppk file is password-protected (FileZilla can do that for you when importing the file). As of 3.0.10, a password-protected key file is not supported yet.
+
 
 +
==== On a Mac ====
 +
 
 +
If for some reason you are not using ssh-agent and on a Mac, don't worry about ssh key conversion. Just import your key via Settings and then use Normal mode in your site connection definition. The imported key will get used.
  
=== Other platforms ===
+
The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password.  They are adapted from [http://superuser.com/questions/280808/filezilla-on-mac-sftp-with-passwordless-authentication a thread on superuser.com] and summarized here so you don't have to search through a lot of dead ends:
  
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.
+
# In FileZilla->Settings.. select Connection->SFTP
 +
# Press the Add key file... button
 +
# Press Command-Shift-G to bring up a path selection window and type "~/.ssh"
 +
# Select the "id_rsa" key file and click Open (this imports the key)
 +
# Click OK to close the Settings dialog
 +
# Open File->Site Manager...
 +
# Select the site with which you want to use the key
 +
# Choose Protocol "SFTP" and select Logon Type "Normal". Don't worry about a password if you key file doesn't have a password
 +
# Click Connect and you'll see your files

Revision as of 18:06, 5 September 2019

SFTP using SSH2: Key based authentication

There are three mechanisms for use of the FileZilla client with SSH2 keys.

  1. In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as "Key File" and specify the location of the private key file (in putty's .ppk or openssh's .pem format) The user is prompted for the key file's password if necessary, which may optionally be cached by Filezilla until it is next shut down.
  2. In the Edit - Settings menu of the FileZilla client, you can [Add key file...] under Connection - SFTP, and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's public key is not supported.
  3. (Windows only) Using the excellent PuTTY tools. To allow the use of RSA / DSA key files with Filezilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.

generate ssh key

Filezilla can use existing ssh key, but cannot generate ssh key itself. you can generate ssh key with putty or openssh. (now openssh is built-in in windows.)

  • putty: use GUI program PuTTYgen to generate ssh key.
  • openssh: open cmd.exe or powershell, type command ssh-keygen -t rsa -b 2048 -f my-ssh-key will generate private key my-ssh-key and public key my-ssh-key.pub .

after generate new key, you need to add the public key to the file ~/.ssh/authorized_keys , or concact the system admin, then you can login with private key.

Using ssh key with putty's ssh agent

If your key file is already in PuTTY's PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.

Now run Pageant. In your system tray, you'll see the Pageant icon appear. Right-click the icon and select "Add Key" and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you're done.

Now simply launch FileZilla and connect to your server using SFTP using SSH2 with a username and an empty password. Don't forget to close pageant when you're done.

This also works with the portable versions of FileZilla and PuTTY tools.

Alternative Method

FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set. (Note, the "Normal" logon type should be set for the server in order to use the SSH agent socket.)

On a Mac

If for some reason you are not using ssh-agent and on a Mac, don't worry about ssh key conversion. Just import your key via Settings and then use Normal mode in your site connection definition. The imported key will get used.

The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password. They are adapted from a thread on superuser.com and summarized here so you don't have to search through a lot of dead ends:

  1. In FileZilla->Settings.. select Connection->SFTP
  2. Press the Add key file... button
  3. Press Command-Shift-G to bring up a path selection window and type "~/.ssh"
  4. Select the "id_rsa" key file and click Open (this imports the key)
  5. Click OK to close the Settings dialog
  6. Open File->Site Manager...
  7. Select the site with which you want to use the key
  8. Choose Protocol "SFTP" and select Logon Type "Normal". Don't worry about a password if you key file doesn't have a password
  9. Click Connect and you'll see your files