SFTP login with rsa-key

Help & Support
1

Hi,

you really did a wonderful job with Directory OPUS 8. I just miss one feature that is very important for me.

I need to connect with sftp to some servers that only accept login with a key file. Password login is prohibited because of security issues.

Do you plan such a feature in Directory OPUS?

2

This is possible already although it's not as elegant as it could be.

Use Pageant, which is part of the free PuTTY software, to load the key file into memory, then connect to the SFTP or SCP site using Opus. You'll still be prompted for a password (this is the inelegant part) but if you leave the field blank and just hit return you'll connect and authenticate using the private SSH key that's in memory.

Update: If you save the site entry in Opus with any non-empty password (e.g. just a space or some other character), then you can avoid being prompted for the password.

3

ok, this is a possibility. But - I'm really sorry - I have a few servers, that behave that way. And loading the key into memory manually... won't this bring problems if I try to connect to two of such servers simultaniously?

But I'll try out the way you suggested.

4

You can load as many keys into memory as you need so that shouldn't be a problem.

Having to load them in advance via a separate program, rather than on-demand within Opus, isn't ideal though. If you send GPSoft a feature request I'll back up the report and, if needed, help get them a test site and key so they have something to work with.

(Coincidentally, I just had to look at this stuff for my work and have become somewhat familiar with it (enough to get my files copied from A to B). I was going to file a similar request eventually but haven't had time to write it up yet.)

5

A blast from the past, but did either of you submit a feature request in the end for assigning an SSH key file-path to an FTP site in the FTP address book ?

6

I can't remember that far back. :slight_smile:

Put in a request via the beta-tester bug reporter if you want; it can't hurt.

7

Feature request submitted as RB#00344

8

Thanks a lot!

We have currently the problem that our access in our bank company changes and we have to connect to ONE server (access gateway) to get access to other servers.

For this access we need the openSSH.pub format, DSA (ssh2), Key length 1024 + passphrase. No other way.

I've just tried pageant to select the private key file (openSSH format) but it as not possible to read it.

Here is an example of the file:

-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,24967260F0BC1766
Subject: xxx
Comment: User

lxaaasxKQSvbEaRDY8marNy+fPkwMDGvvmqGUtccybPOXXiHWHjcMysFdjFBN1Ui
hbJEtGpEcByxeWea4gNtstEIiNvm9YmcQCshtB7b9XH9eg/ZKp/81hyQjR8cyJiU
FqVAtBafX/B7NFxh3G5b9x0XNrmn8SE7FDv1AfPgS49nAdNEL5l1epLeyUvDXVYg
mY/ydUlCuhWRjwYRNRT2NI9KxualN5OJ3aVIkJWCtWxyOY5MJHrg2C32poafVYq6
KzrwdkLOrPbxFBqA8vzI5jJDzBJu3QB8ITkbhp44I8vlH9eNM9RiUb11CTKUMKFF
l8fAhKooUcTjnNLHzqf9TgJS3ygMMc/VQOQro2d2/PElTBOWIdD61wKiemp6X3fJ
/AKEvIMOZhJV7IY6zibV0IBq00xvMhgWm7EoS+1Ey3mpcGHnAKVmJ9ogFxWSjE1U
8Yl09lhAYEKJoSF1sz/83KBCGOY9wMOCvnEMaFqb+6toi5IIjMBkcpPI0jjkhFtZ
zA3dBfOgH2YKdbUhSzN7966kcC2AgyyX+YpP+AJmvmmD5S7xQBMWrkjHDf1PYgqx
9NCqxg8kxwaeEsXma9J7K62X5oNX3ljc
-----END DSA PRIVATE KEY-----

It is also not possible to use a 2nd key.

It would be also great to support a save+remember of the passphrase to click on connect without getting a prompt for the passphrase which results in opening another file to get it because it is a string with 30 characters ...

I hope this will be implemented into one of the next release because I don't know how long the current situation (SFTP with password) will work - and I don't want miss DO !

Thanks!

9

Are you able to log into the server the way you want using PuTTY itself?

10

No. When I try to select a private key file in Putty 0.62 the default file extension is *.ppk.

After selecting "all files" and the private key file I get the error message:

Unable to use key file "..." (OpenSSH SSH-2 private key)

11

Since our SFTP code is based on PuTTY it's unlikely anything that doesn't work in PuTTY will work in Opus. I seem to remember there being ways to convert private keys between the different formats, but it's a while since I personally set one up so I may be thinking of something unrelated.

12

I've tried puttygen.exe and was able to load an existing private key file. I got the message "Succesfully imported key (OpenSSH SSH-2 private key) To use this key with Putty, you need to use the "Save private key" command to save it in Putty's own format".

But when I look into the *.ppk file the original private key file is not saved in this file (but includes the public key).

It also includes something like:

Private-Lines: 1
sugHnHwLY+byMaRBLABLAYDl53KWpU4U+5muXNs6Wj4=
Private-MAC: 5ec5678b997d8fe754ba6bfa9fffea0f8e3f00a8

Now I've tried to connect via Putty to our SSH by using this private key file and it works during the first try!

I've made the same in Directory Opus (10.0.5.2) incl. a space as password (see comments above) and it works.

13

Ok, I have a solution now, but it is not really nice.

At first - we have a lot of SSH public/private key pairs with passphrase - which has 30 positions (digits + letters created by random!).

With e.g. MindTerm (SSH client like Putty) I can save the passphrase of the private key file in a config file. Nice to have this option! A double click on the icon to start MindTerm by using the config file as parameter and the SSH starts (public-key incl. passphrase). :slight_smile:

I can prepare Pageant to start with multiple SSH keyfiles (as I've just read at the.earth.li/~sgtatham/putty/0.6 ... ml#pageant - chapter 9.3.1) but I have to copy + paste or manually type the random generated passphrases. :frowning: - which is nothing for a daily work for a developer which wants to connect to the development servers.

Also for at home to connect to my private server I would not like this - but I want to use the long random string as passphrase of course.

Maybe we will see a better solution in DO 12?

=> Selectable private key files of all possible formats floating around and storing the passphrase.

14

PS: I mean DO 11. :wink:

15

Is there any reason to even have a passphrase on the key if it's stored on disk with the key?

16

I didn't know but back in the days they told us how to do. :wink:

In the meantime I've asked the admins and it is not required. I was able to convert the encrypted private key files with puttygen / MindTerm and stored them without passphrase - and all works.

Thanks
Robert

17

Rise, thread, from your grave!

Apologies for the resurrection, but we just switched configs on our server and I finally need to use ssh keys. Am I correct to assume that DO still doesn't support ssh keys by itself and I must use Pageant?

Thanks!!

18

Opus supports ssh keys via Pageant, yes.

19

Thanks for confirming!

20

We may add support for ssh keys without having to use Pageant in the future (but can't promise it at this stage). If we do, it'll be an option in the FTP Address Book for SSH sites, so should be easy to find.