FTPeek_ConnectSFTP with private key pem file in FTPeek v. 1.67

[David Wikström]

Hi,

In command line, and using FileZilla, I can connect to SFTP by using username, server IP and a private key (.pem).

In FTPeek v. 1.67, it seems that the public key is also required - I'm not sure about the password. How come?

Is there a particular reason for this? Is there a proper procedure for connection using a private key file? Is there a list of the supported private key file types/formats?

 

/David

[ryan360Works]

Hi David,

I am not sure of the inner workings of FileZilla but I do know that a public key is required in order to establish an SSH connection. My best guess is FileZilla takes care of the key exchange process  "behind the scenes" to simplify the user experience. You can get the public key for the server using the FTPeek_GetPublicKey function  The password is also a required parameter.

[David Wikström]

In other words, you can confirm that with FTPeek requires a password, while command line and FileZilla don't?

I know how to get the public key.

 

[Mr. Scott]

I have the same need for public key authentication (without password). 

According to "how to use SFTP (with Client Validation - Public Key Authentication)" on:

https://enterprisedt.com/products/edtftpjssl/doc/manual/html/howtousesftpintroduction.html

"In  public key authentication SSH clients and servers authenticate each other via public/private key pairs. Each must have access to their own private key, and they must have access to each other's public key. The client's public key must be registered with the SSH server, typically by copying it into the server's authorized_keys file. 

The client's private key is loaded via SSHFTPClient's setAuthentication method before calling connect, supplying the full path of the private key file, the SSH username and the passphrase of the private key file.

and on this page:

https://enterprisedt.com/products/edtftpjssl/doc/manual/html/howtousesftpwithclientvalidationpublickeyauthentication.html 

Public Key Authentication involves using a private/public key pair to authenticate the client. The key pair must be in a file in OpenSSH or SECSH format and the name is passed as follows:

   ftpClient.setAuthentication("myprivatekey", "jack", "my_keyfile_password");

The user-name is the name of the user on the SFTP server, but the passphrase is the password for the key-file (if there is a password).

Using Transmit from Panic Software, I choose the "SFTP" protocol, input the "server address", enter my "User Name", then choose my private SSH key instead of a password, and then put in a remote relative directory path to get files and the local path to receive them.

Now, according to an April 7, 2014 reply from Joe Pampalon of 360Works:

"FTPeek does not currently support this SFTP connection method, but 360Works can custom develop the plugin to suit your needs. Please send an email to [email protected] if you are interested to receive a quote for the work."

This is a very common aspect of connecting to SFTP servers. Is this still a "develop to suit" feature, or is it possible to accomplish with FTPeek? If supported, how do we do it, and which versions of FTPeek support SFTP authentication via keys without a password?

Thanks in advance,

- - Scott

Edited April 6, 2018 by Mr. Scott

[ryan360Works]

After reviewing the code, it looks like setAuthentication actually has several implementations in the SCPClient class in the enterprisedt library, one of which does not require a user password and uses a key file password. The plugin does not leverage this implementation but rather 3 others that do require a password. FTPeek does not currently have the functionality to establish an SSH connection without a user password so this would still be a customization. I will definitely create a ticket in our feature requests to see if this can be implemented in a future version but as FTPeek is not currently in active development, it could be some time before it is considered for implementation. 

[David Wikström]

So in other, blunter, words: FTPeek is a deprecated plugin and should be avoided?

[ryan360Works]

No, FTPeek is most definitely not a deprecated plugin. We are not currently developing new features for it at this moment but we will definitely be developing new features in the future.

[David Wikström]

OK, thanks for that clarification!

[David Wikström]

For anyone else trying to do this: The BaseElements plugin's cURL functions work great for connecting via SFTP with just a private key, no password. Presumably, all other plugins that do cURL, and hopefully, native cURL options in FileMaker 16 should also work, but in this case, my client is on FileMaker 15 with BE already installed, so I haven't looked further at this point. 

[jbsherry]

I'm running FTPeek 2.08 which is newer than the version mentioned above. However, these posts are pretty recent. So is it safe to assume that the most recent version of FTPeek also does NOT support login with just a  privatekey file and no password?

 

I've got a solution doing lots of file transfer to a website backend, and I'd like to avoid reworking for another plugin. I've used BaseElements, but I have not tried to to file transfer with it.

[ryan360Works]

Hi jbsherry,

This has not been implemented into the latest FTPeek. I did add it as a feature request when this post was created but it has not be implemented. Since it seems there is more interest in this, I will to the developer to see if this can be added sooner rather than later but I will not have an ETA. If/when this is implemented I will bump this thread.

[jbsherry]

Great. I know you guys are proponents of AWS servers, and the standard AWS Ubuntu server build is set up for users with private keys and no passwords, I believe.

[ryan360Works]

Hi jbsherry,

    I have used VSFTPD in a EC2 linux environment and is what I use for some of our unit testing but I had to set it all up. Is this the SFTP server you are referring to or is there an AMI or Ubuntu EC2 instance that already has an SFTP server set up for only private key authentication? Can you point me in the direction to one of these? I would love to use it to test.

[ryan360Works]

Hi guys,

I was reviewing this code and was hoping you guys could try something for me. Pass in the parameter PublicKeyAuth=1 and then for the password parameter pass in the private key pass phrase. If there is no private key pass phrase just pass in an empty string (""). So your function call would be something like

Quote

FTPeek_ConnectSFTP(host ; hostPubKey ; userName ; privateKeyPassPhrase ; PublicKeyAuth =1 ; PrivateKeyPath = path/to/file)

Try that and let me know if you are able to authenticate that way.

[Fabian]

Here's one more who wish for this feature. I would try the suggested one above, but I thought it was not working so we agreed another solution with the one supplier that used this. Anyone tested this and could confirm it works?