FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-08-2011, 05:27 PM
Jason
 
Default SSH using Keys, no password and SFTP?

HI All,

I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.

What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.

If that is the case, that is fine since the FTP users have no real privileges except to their own web folders.

That being said, is it possible to allow only Password authentication for a few users? and then require Key authorization for other users where password would not be accepted for them..perhaps, if they try to connect with password they get denied without being prompted for a password?

--
Jason

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-08-2011, 05:41 PM
Devin Reade
 
Default SSH using Keys, no password and SFTP?

Jason <slackmoehrle.lists@gmail.com> wrote:

> I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
>
> What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.


Don't confuse sftp with ftp. They're two different protcols, albiet with
similar purposes.

If your users can log in with ssh using key pairs, then they can sftp and
scp with them, too.

ftp, otoh, does not understand ssh key pairs so if you turn off password
auth there then regular users can't log in with that protocol at all.

IMO though, the only kind of cleartext ftp that should be offered is
anonymous ftp anyway. ssh/sftp/scp have been out there long enough
that even windows users can use them now as long as you provide them
(or poitn them to) a suitable client.

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-08-2011, 05:45 PM
Devin Reade
 
Default SSH using Keys, no password and SFTP?

Devin Reade <gdr@gno.org> wrote:

> Jason <slackmoehrle.lists@gmail.com> wrote:
>
>> What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.

'course, I may have jumped the gun on my comments. I'm also assuming a
sane sftp client. Certainly the (standard/portable) OpenSSH sftp
implementation doesn't need it. If your sftp client doesn't have any
way to identify the key store, then it might not be able to handle it.
(On UNIX/Mac, it may be implicit on where it finds the keys. I don't
know about arbitrary Windows clients)

Devin

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-08-2011, 05:48 PM
Jason
 
Default SSH using Keys, no password and SFTP?

Hi Devin,

My Fetch FTP software allows me to use SFTP, but it asks for a password. Maybe I need to leave it blank as a test and see if it uses my key against the server automatically. Maybe it does something behind the scenes I am not aware of.

--
Jason

On Sunday, May 8, 2011 at 10:41 AM, Devin Reade wrote:
> Jason <slackmoehrle.lists@gmail.com> wrote:
>
> > I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely.
> >
> > What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password.
>
>
> Don't confuse sftp with ftp. They're two different protcols, albiet with
> similar purposes.
>
> If your users can log in with ssh using key pairs, then they can sftp and
> scp with them, too.
>
> ftp, otoh, does not understand ssh key pairs so if you turn off password
> auth there then regular users can't log in with that protocol at all.
>
> IMO though, the only kind of cleartext ftp that should be offered is
> anonymous ftp anyway. ssh/sftp/scp have been out there long enough
> that even windows users can use them now as long as you provide them
> (or poitn them to) a suitable client.
>
> Devin
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org