HI All,
I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
If that is the case, that is fine since the FTP users have no real privileges except to their own web folders.
That being said, is it possible to allow only Password authentication for a few users? and then require Key authorization for other users where password would not be accepted for them..perhaps, if they try to connect with password they get denied without being prompted for a password?
Jason slackmoehrle.lists@gmail.com wrote:
I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
Don't confuse sftp with ftp. They're two different protcols, albiet with similar purposes.
If your users can log in with ssh using key pairs, then they can sftp and scp with them, too.
ftp, otoh, does not understand ssh key pairs so if you turn off password auth there then regular users can't log in with that protocol at all.
IMO though, the only kind of cleartext ftp that should be offered is anonymous ftp anyway. ssh/sftp/scp have been out there long enough that even windows users can use them now as long as you provide them (or poitn them to) a suitable client.
Devin
Devin Reade gdr@gno.org wrote:
Jason slackmoehrle.lists@gmail.com wrote:
What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
'course, I may have jumped the gun on my comments. I'm also assuming a sane sftp client. Certainly the (standard/portable) OpenSSH sftp implementation doesn't need it. If your sftp client doesn't have any way to identify the key store, then it might not be able to handle it. (On UNIX/Mac, it may be implicit on where it finds the keys. I don't know about arbitrary Windows clients)
Devin
Devin Reade wrote:
Devin Reade gdr@gno.org wrote:
Jason slackmoehrle.lists@gmail.com wrote:
What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
'course, I may have jumped the gun on my comments. I'm also assuming a sane sftp client. Certainly the (standard/portable) OpenSSH sftp implementation doesn't need it. If your sftp client doesn't have any way to identify the key store, then it might not be able to handle it. (On UNIX/Mac, it may be implicit on where it finds the keys. I don't know about arbitrary Windows clients)
Devin
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Winscp supports key pair, but you must convert them to Putty format.
Ljubomir
So is it possible to require some users to use Password only and some to use Key only authentication?
-Jason
Jason wrote:
So is it possible to require some users to use Password only and some to use Key only authentication?
-Jason
I am not sure.
First auth ssh will try is key pair. if that does not work, it will ask for username and password. So if you leave password auth runnig and you use key pair, it will work. Take a look at ssh man page for the specifics.
Ljubomir
On Sun, May 8, 2011 at 12:29 PM, Ljubomir Ljubojevic office@plnet.rswrote:
Jason wrote:
So is it possible to require some users to use Password only and some to
use Key only authentication?
-Jason
I am not sure.
First auth ssh will try is key pair. if that does not work, it will ask for username and password. So if you leave password auth runnig and you use key pair, it will work. Take a look at ssh man page for the specifics.
Ljubomir
Clients like filezilla can use SFTP keys held by ssh-agent. Filezilla on windows can use the ssh-agent provided by putty. Try just putting no password, the client may just work (with ssh-agent running)
Brandon
Hi Devin,
My Fetch FTP software allows me to use SFTP, but it asks for a password. Maybe I need to leave it blank as a test and see if it uses my key against the server automatically. Maybe it does something behind the scenes I am not aware of.
-
Brandon Ooi -
Devin Reade -
Jason -
Ljubomir Ljubojevic