Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   SSH using Keys, no password and SFTP? (http://www.linux-archive.org/centos/523795-ssh-using-keys-no-password-sftp.html)

Jason 05-08-2011 05:27 PM

SSH using Keys, no password and SFTP?
 
HI All,

I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.

What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.

If that is the case, that is fine since the FTP users have no real privileges except to their own web folders.

That being said, is it possible to allow only Password authentication for a few users? and then require Key authorization for other users where password would not be accepted for them..perhaps, if they try to connect with password they get denied without being prompted for a password?

--
Jason

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Devin Reade 05-08-2011 05:41 PM

SSH using Keys, no password and SFTP?
 
Jason <slackmoehrle.lists@gmail.com> wrote:

> I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
>
> What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.


Don't confuse sftp with ftp. They're two different protcols, albiet with
similar purposes.

If your users can log in with ssh using key pairs, then they can sftp and
scp with them, too.

ftp, otoh, does not understand ssh key pairs so if you turn off password
auth there then regular users can't log in with that protocol at all.

IMO though, the only kind of cleartext ftp that should be offered is
anonymous ftp anyway. ssh/sftp/scp have been out there long enough
that even windows users can use them now as long as you provide them
(or poitn them to) a suitable client.

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Devin Reade 05-08-2011 05:45 PM

SSH using Keys, no password and SFTP?
 
Devin Reade <gdr@gno.org> wrote:

> Jason <slackmoehrle.lists@gmail.com> wrote:
>
>> What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.

'course, I may have jumped the gun on my comments. I'm also assuming a
sane sftp client. Certainly the (standard/portable) OpenSSH sftp
implementation doesn't need it. If your sftp client doesn't have any
way to identify the key store, then it might not be able to handle it.
(On UNIX/Mac, it may be implicit on where it finds the keys. I don't
know about arbitrary Windows clients)

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Jason 05-08-2011 05:48 PM

SSH using Keys, no password and SFTP?
 
Hi Devin,

My Fetch FTP software allows me to use SFTP, but it asks for a password. Maybe I need to leave it blank as a test and see if it uses my key against the server automatically. Maybe it does something behind the scenes I am not aware of.

--
Jason

On Sunday, May 8, 2011 at 10:41 AM, Devin Reade wrote:
> Jason <slackmoehrle.lists@gmail.com> wrote:
>
> > I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
> >
> > What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
>
>
> Don't confuse sftp with ftp. They're two different protcols, albiet with
> similar purposes.
>
> If your users can log in with ssh using key pairs, then they can sftp and
> scp with them, too.
>
> ftp, otoh, does not understand ssh key pairs so if you turn off password
> auth there then regular users can't log in with that protocol at all.
>
> IMO though, the only kind of cleartext ftp that should be offered is
> anonymous ftp anyway. ssh/sftp/scp have been out there long enough
> that even windows users can use them now as long as you provide them
> (or poitn them to) a suitable client.
>
> Devin
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 01:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.