Setup SFTP to use public-key authentication
In the client you need to generate its public key and add it to server's authorized key list.
The following are the commands you can use.
On client machine
ssh-keygen -t dsa -f id_dsa
mv id_dsa* ~/.ssh/
scp ~/.ssh/id_dsa.pub USER_NAME@SERVER:~/.ssh/HOST_NAME.key
On the server
cat ~/.ssh/HOST_NAME.key >> ~/.ssh/authorized_keys2
How to Setup SFTP with Publickey and Password on Ubuntu
The problem you are experiencing is due to file and owner permissions of the user's home folder.
chown root:root /home/username
chmod 755 /home/username
How to use SFTP connection with key file using C# and .NET
Probably every SFTP/SSH library supports public key authentication.
For example:
SSH.NET (NuGet package):
var privateKey = new PrivateKeyFile(@"C:\some\path\key.pem");
var client = new SftpClient("example.com", "username", new[] { privateKey });
client.Connect();If the private key is encrypted:
var privateKey = new PrivateKeyFile(@"C:\some\path\key.pem", "passphrase");
WinSCP .NET assembly (NuGet package):
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = "example.com",
UserName = "username",
SshHostKeyFingerprint = "ssh-rsa 2048 ...=",
SshPrivateKeyPath = @"C:\some\path\key.ppk",
};
using (Session session = new Session())
{
session.Open(sessionOptions);
// Your code
}WinSCP needs the key converted to PPK format (You can use WinSCP GUI for that, or PuTTYgen). Also note that WinSCP verifies the SSH host key (
SshHostKeyFingerprint
). SSH.NET fails to do that by default, what is a security flaw.If the private key is encrypted, add
PrivateKeyPassphrase
orSecurePrivateKeyPassphrase
.WinSCP GUI can generate a code template for you.
(I'm the author of the library)
Java program to get a file on SFTP server using public key authentication and proxy server
The most commonly used Java SSH library is JSch, which supports both public key authentication and HTTP proxy:
- How to transfer a file using a proxy with JSch library
- Can we use JSch for SSH key-based communication?
Combined, the code would be like:
JSch jsch = new JSch();
jsch.addIdentity("/path/to/private/key");
Session session = jsch.getSession("user", "host");
ProxyHTTP proxy = new ProxyHTTP("proxy", proxyport)
proxy.setUserPasswd("proxyusername", "proxypassword");
session.setProxy(proxy);
session.connect();
For downloading a file, see:
How to retrieve a file from a server via SFTP?
You will have to verify server host key as well.
Public/Private key authentication for Ruby Net::SFTP
Net::SFTP.start
passes its options
hash directly to Net::SSH.start
, so we should look to its documentation. It lists three options that look relevant:
:keys
=> an array of file names of private keys to use for publickey and hostbased authentication:key_data
=> an array of strings, with each element of the array being a raw private key in PEM format.:keys_only
=> set totrue
to use only private keys fromkeys
andkey_data
parameters, even if ssh-agent offers more identities. This option is intended for situations where ssh-agent offers many different identites.
The answer to a related question suggests that you may need to use all three:
Net::SFTP.start(ftp_host, user,
key_data: [],
keys: "tmp/some-certs/privatekey.pem",
keys_only: true)
If you want to use the raw key data from the SOME_PRIVATE_KEY
environment variable instead, it ought to look like this:
Net::SFTP.start(ftp_host, user,
key_data: [ ENV["SOME_PRIVATE_KEY"] ],
keys: [],
keys_only: true)
Related Topics
Dos2Unix: Binary Symbol Found, Skipping Binary File
How to Find Which Type of System Call Is Used by a Program
Thread Quantum: How to Compute It
Openldap + Dynlist + Posixgroup
On Building Docker Image Level=Error Msg="Can't Close Tar Writer: Io: Read/Write on Closed Pipe"
How to Test My Bash Script on Older Versions of Bash
Gui Svn Client for Debian Linux
How to Create a File Listener in Linux
Vimdiff: How to Put All Changes Inside a Particular Function from One File to Another
Tar Command Changing The Owner:Group While Extracting
How to Grep for Strings with Special Characters Like []
Joining Line Breaks in Fasta File with Condition in Sed/Awk/Perl One-Liner