Ticket #3238 (closed enhancement: worksforme)

Opened 10 years ago

Last modified 8 years ago

Add RSA key based authentication for SFTP

Reported by: kslychan Owned by:
Priority: trivial Milestone:
Component: mc-vfs Version:
Keywords: ssh sftp rsa key Cc: richlv@…, dnh@…, mooffie@…
Blocked By: Blocking:
Branch state: no branch Votes for changeset:

Description

mc asks me for user's password on a SSH server whenever I connect to it via SFTP, even though the client's public RSA key is authorized for that user account on the server and I can connect to it via openssh-client without giving password.

Test case:

  1. on machine "foo", install mc, openssh-client
  2. on machine "foo", use ssh-keygen to generate a pair of RSA keys
  3. on machine "bar", install openssh-server
  4. on machine "bar", add the contents of machine A's ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file
  5. verify that you can connect from foo to bar without being asked for password: ssh bar (or: ssh differentusername@bar)
  6. if 5., then run mc, connect via SFTP, enter hostname
  7. you're asked for password

Consider using key-based SSH authentication.

Change History

comment:1 Changed 10 years ago by andrew_b

  • Component changed from mc-core to mc-vfs

comment:2 Changed 10 years ago by hut

vote for that feature as well. Tried different options in ~/.ssh/config for passwordless sftp loging, but nothing worked out.
Host sftp.host

User sftp_user
HostbasedAuthentication? yes
IdentitiesOnly? yes
KbdInteractiveAuthentication? no
PasswordAuthentication? no
ChallengeResponseAuthentication? no
PasswordAuthentication? no
RSAAuthentication yes
PubkeyAuthentication? yes
IdentityFile? /home/user/sftp_key.key

sftp sftp.host connects flawlessly, while mc asks for password. But, mc can parse ~/.ssh/config maybe not completely (it suggests passworf for user specified in the config file)

comment:3 Changed 9 years ago by jsamyth

With FISH failing/broken, and actually being removed by some distros (opensuse), SFTP is more important than ever.
We don't want to leave our servers open to script kiddies to try password after password and would rather allow public key authentication FIRST, which is far more secure.

comment:4 Changed 9 years ago by richlv

  • Cc richlv@… added

comment:5 Changed 9 years ago by dnh

  • Cc dnh@… added

comment:6 Changed 9 years ago by steevithak

I need this feature too because I frequently deal with Amazon EC2 servers and key-based ssh/sftp is the only easy way to connect. I'd like to be able to use MC to do that.

comment:7 Changed 9 years ago by mooffie

  • Cc mooffie@… added

comment:8 Changed 8 years ago by and

this bug maybe resolved by #3581
Can someone re-check this case?

comment:9 Changed 8 years ago by kslychan

mc 4.8.15 - works OK. Let's close. Thanks! :)

comment:10 Changed 8 years ago by zaytsev

  • Status changed from new to closed
  • Version master deleted
  • Resolution set to worksforme
  • Milestone Future Releases deleted
Note: See TracTickets for help on using tickets.