Difference between revisions of "Howto"

From FileZilla Wiki
Jump to navigationJump to search
(ROTfzvGjACrE)
 
(83 intermediate revisions by 62 users not shown)
Line 1: Line 1:
The pragmatic asenwr to intrusive tracking by FaceBook and Google would be to develop browser plug-ins that dynamically block selected servers. The dynamic blocking would be based on allowing a server access only if necessary *for the user* to perform an action.I have FaceBook blocked in my hosts file. For me, they are just another tracking server in an extensive list.This binary approach isn't a practical step for everybody Even if they don't use FaceBook, a few hundred million end users are not going to playing with their hosts file.Blocking all of Google in the same way would have a large element of cutting off nose to spite face. For Google, blocking has to be dynamic and selective.If FaceBook is only ubiquitous, then Google+ needs a stronger term to describe it.Neither FB or G are going to stop doing what they can do.The only reason to allow a page to access a FB or G server would be to allow it to do something that *we* want it to do.The trackers on this page do nothing for me.FB and G, for example, have no business recording my visit to this blog. If the cost of giving Michael recorded traffic for ranking is to expose myself as data to corporates, then the cost is unacceptable.Twitter can pick up this visit  but *only* because I wished to comment here. That was *my* decision.If I were a FB user and wished to comment using the FB account here, I should have an option to allow the FB links from the page and reload the page. The permission would be for the page only and either temporary or permanent. The default would be that my visit here was never detectable to them.Even on a FB or G property, I'd like to have options that blocked any of their servers that were not necessary  for the page to function for whatever *I* wanted to work. This is particularly important when using a Google property.A simple easy-to-use browser plug-in would be the only practical way of getting significant numbers of people to emasculate the muppets while still getting their Interwebz fix.
+
== SFTP using SSH-2: Key based authentication ==
 +
 
 +
Our [https://filezillapro.com/docs/v3/ Knowledge Base] includes a step-by-step guide and video tutorial on [https://filezillapro.com/docs/v3/basic-usage-instructions/ssh-private-keys-for-sftp/ how to set up SFTP].
 +
 
 +
There are three mechanisms for use of the FileZilla client with SSH-2 keys.
 +
# In the profile settings in the ''Site Manager'' of the FileZilla client. If the SFTP ''Protocol'' is specified, it is possible to specify the ''Logon Type'' as "Key File" and specify the location of the private key file (in PuTTY's .ppk or OpenSSH's .pem format). The user is prompted for the key file's password if necessary, which may optionally be cached by FileZilla until it is next shut down.
 +
# In the ''Edit'' → ''Settings'' menu of the FileZilla client, you can [Add key file...] under ''Connection'' → ''SFTP'', and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's '''public''' key is not supported.
 +
# (Windows only) Using the excellent [https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] tools. To allow the use of RSA / DSA key files with FileZilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.
 +
 
 +
=== Generate the SSH key ===
 +
FileZilla can use an existing SSH key, but it cannot generate the SSH key itself.
 +
You can generate an SSH key with PuTTY or OpenSSH. (Now OpenSSH is built-in in Windows.)
 +
 
 +
* PuTTY: use the GUI program PuTTYgen to generate an SSH key.
 +
* OpenSSH: open cmd.exe or PowerShell, and type command <code>ssh-keygen -t rsa -b 2048 -f my-ssh-key</code>. It will generate a private key, <code>my-ssh-key</code>, and a public key, <code>my-ssh-key.pub</code>.
 +
 
 +
After generating a new key, you need to add the public key to the file <code>~/.ssh/authorized_keys</code>,
 +
or contact the system administrator, and then you can log in with the private key.
 +
 
 +
=== Using the SSH key with PuTTY's SSH agent ===
 +
If your key file is already in PuTTY's PPK format you can skip this paragraph. However, if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
 +
 
 +
Now run Pageant. In your system tray, you'll see the Pageant icon appear. Right-click the icon and select "Add Key" and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you're done.
 +
 
 +
Now simply launch FileZilla and connect to your server using SFTP using SSH-2 with a username and an empty password. Don't forget to close pageant when you're done.
 +
 
 +
This also works with the portable versions of FileZilla and PuTTY tools.
 +
 
 +
==== Alternative Method ====
 +
 
 +
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set. (Note, the "Normal" logon type should be set for the server in order to use the SSH agent socket.)
 +
 
 +
==== On a Mac ====
 +
 
 +
If for some reason you are not using ssh-agent and on a Mac, don't worry about SSH key conversion. Just import your key via Settings and then use Normal mode in your site connection definition. The imported key will get used.
 +
 
 +
The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password. They are adapted from [http://superuser.com/questions/280808/filezilla-on-mac-sftp-with-passwordless-authentication a thread on superuser.com] and are summarized here so you don't have to search through a lot of dead ends:
 +
 
 +
# In FileZilla → ''Settings...'', select ''Connection'' &rarr; SFTP
 +
# Press the ''Add key file...'' button
 +
# Press Command-Shift-G to bring up a path selection window and type "~/.ssh"
 +
# Select the "id_rsa" key file and click ''Open'' (this imports the key)
 +
# Click OK to close the ''Settings'' dialog
 +
# Open menu ''File'' &rarr; ''Site Manager...''
 +
# Select the site with which you want to use the key
 +
# Choose ''Protocol'' "SFTP" and select ''Logon Type'' "Normal". Don't worry about a password if your key file doesn't have a password
 +
# Click ''Connect'' and you'll see your files

Latest revision as of 11:28, 5 March 2024

SFTP using SSH-2: Key based authentication

Our Knowledge Base includes a step-by-step guide and video tutorial on how to set up SFTP.

There are three mechanisms for use of the FileZilla client with SSH-2 keys.

  1. In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as "Key File" and specify the location of the private key file (in PuTTY's .ppk or OpenSSH's .pem format). The user is prompted for the key file's password if necessary, which may optionally be cached by FileZilla until it is next shut down.
  2. In the EditSettings menu of the FileZilla client, you can [Add key file...] under ConnectionSFTP, and FileZilla can then use the public key authentication in the site manager with the 'Interactive' Logontype on connection. Note: Importing a site's public key is not supported.
  3. (Windows only) Using the excellent PuTTY tools. To allow the use of RSA / DSA key files with FileZilla, you'll need to download two more tools from PuTTY: Pageant and (assuming your key file isn't already in PPK format) PuTTYgen.

Generate the SSH key

FileZilla can use an existing SSH key, but it cannot generate the SSH key itself. You can generate an SSH key with PuTTY or OpenSSH. (Now OpenSSH is built-in in Windows.)

  • PuTTY: use the GUI program PuTTYgen to generate an SSH key.
  • OpenSSH: open cmd.exe or PowerShell, and type command ssh-keygen -t rsa -b 2048 -f my-ssh-key. It will generate a private key, my-ssh-key, and a public key, my-ssh-key.pub.

After generating a new key, you need to add the public key to the file ~/.ssh/authorized_keys, or contact the system administrator, and then you can log in with the private key.

Using the SSH key with PuTTY's SSH agent

If your key file is already in PuTTY's PPK format you can skip this paragraph. However, if your key is in OpenSSH format, you first need to convert it to PuTTY's PPK format. To do this, launch PuTTYgen and from the "Conversions" menu, select the "Import key" option. Select your key and follow the prompts to enter your pass phrase. Save your private key.

Now run Pageant. In your system tray, you'll see the Pageant icon appear. Right-click the icon and select "Add Key" and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you're done.

Now simply launch FileZilla and connect to your server using SFTP using SSH-2 with a username and an empty password. Don't forget to close pageant when you're done.

This also works with the portable versions of FileZilla and PuTTY tools.

Alternative Method

FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set. (Note, the "Normal" logon type should be set for the server in order to use the SSH agent socket.)

On a Mac

If for some reason you are not using ssh-agent and on a Mac, don't worry about SSH key conversion. Just import your key via Settings and then use Normal mode in your site connection definition. The imported key will get used.

The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password. They are adapted from a thread on superuser.com and are summarized here so you don't have to search through a lot of dead ends:

  1. In FileZilla → Settings..., select Connection → SFTP
  2. Press the Add key file... button
  3. Press Command-Shift-G to bring up a path selection window and type "~/.ssh"
  4. Select the "id_rsa" key file and click Open (this imports the key)
  5. Click OK to close the Settings dialog
  6. Open menu FileSite Manager...
  7. Select the site with which you want to use the key
  8. Choose Protocol "SFTP" and select Logon Type "Normal". Don't worry about a password if your key file doesn't have a password
  9. Click Connect and you'll see your files
Retrieved from "https://wiki.filezilla-project.org/wiki/index.php?title=Howto&oldid=53286"