sftpd setup

[tony33]

How would one setup a key authentication sftp setup?

I have sshd installed and setup and it works with a username and password login.

I tried following online tutorials but they fail. one shown to use ssh-keygen -t ed25519

and I used the public key on server and the private on the client side.

I would like to know how would one do this correctly?

I tried the above and it failed. I use windows machines to connect to freebsd.

So, I used filezilla to connect from a windows machine but when I tried it said
that filezilla doesn't support the format and then demanded to convert it to .ppk
file. I did. I would like to know how get it to work with filezilla.

 

[freejlr]

Hi.

Create the keys on the client:

ssh-keygen -t rsa

Copy the public key to the server:

ssh-copy-id -i /path/to/keyfile.pub user@remotehost

That will create a file called authorized_keys in the directory .ssh, Where you can store the public keys authorized to start the session with said user

If your client is Windows, you can't use ssh-copy-id, you can use a type with a pipe to copy:

type /path/to/keyfile.pub | ssh user@remotehost "cat >> .ssh/authorized_keys"


You should be able to authenticate, both with ssh and with sftp if you have sshd enabled on your server:

sshd_config

Subsystem sftp /usr/libexec/sftp-server

 

[tony33]

Hi.

Create the keys on the client:

ssh-keygen -t rsa

Copy the public key to the server:

ssh-copy-id -i /path/to/keyfile.pub user@remotehost

That will create a file called authorized_keys in the directory .ssh, Where you can store the public keys authorized to start the session with said user

If your client is Windows, you can't use ssh-copy-id, you can use a type with a pipe to copy:

type /path/to/keyfile.pub | ssh user@remotehost "cat >> .ssh/authorized_keys"


You should be able to authenticate, both with ssh and with sftp if you have sshd enabled on your server:

sshd_config

ok but what should be on the server? Should it be the .pub the public key?

I am using windows. I generated the keys in the server. Why would it matter to generate them on the client computer?
My client machines are windows. Is there a way to manually copy it over?
I copied it to /home/username/.ssh/ I don't have a folder called autorized_keys.

Is there a way to change the config to look for specific files in the .ssh folder?

 

[freejlr]

ok but what should be on the server? Should it be the .pub the public key?

Yes, on your server only the public key that you generated on the client.

I am using windows. I generated the keys in the server. Why would it matter to generate them on the client computer?

Why are you creating the keys on the server? If you create the keys on the server, you will have to share the keys with the client, public and private. That could be a problem, since it is recommended for security that the private keys of the clients do not leave their machines.

You can create a key pair and share it with multiple clients, no problem, but possibly triggering security issues.

My client machines are windows. Is there a way to manually copy it over?
I copied it to /home/username/.ssh/ I don't have a folder called autorized_keys.

In the command that you shared with type, you can share them like that, authorized_keys is not a directory, it's a file if it doesn't exist you can create it.

~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
for logging in as this user. The format of this file is de-
scribed above. The content of the file is not highly sensitive,
but the recommended permissions are read/write for the user, and
not accessible by others.

If this file, the ~/.ssh directory, or the user's home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not al-
low it to be used unless the StrictModes option has been set to
"no".

Is there a way to change the config to look for specific files in the .ssh folder?

What does it mean?

 

[W.hâ/t]

type /path/to/keyfile.pub | ssh user@remotehost "cat >> .ssh/authorized_keys"

Did you mean cat?

 

[hruodr]

If your client is Windows, you can't use ssh-copy-id, you can use a type with a pipe to copy:

type /path/to/keyfile.pub | ssh user@remotehost "cat >> .ssh/authorized_keys"

Is there no scp in Windows?

 

[freejlr]

Did you mean cat?

No, that command is to be executed in windows clients, just as tony33 needs.

Is there no scp in Windows?

Yes, but it is my proposal invalid?

 

[hruodr]

Yes, but it is my proposal invalid?

No, not invalid, and better if there is a .ssh/authorized_keys not to be overwritten.

 

[freejlr]

No, not invalid, and better if there is a .ssh/authorized_keys not to be overwritten.

I can come to understand that the use of scp is more appropriate, direct, clean etc...

But I don't understand why my method is not valid, you said that it overwrites the file authorized_keys,I am using the redirection operator >> not > if authorized_keys exists, it will not be overwritten otherwise new data will be added.

I don't understand where I overwrite the file, I tried the command before posting it.

 

[W.hâ/t]

No, that command is to be executed in windows clients, just as [FONT=monospace]tony33[/FONT] needs.

Indeed, I got confused.

 

[hruodr]

I don't understand where I overwrite the file, I tried the command before posting it.

I said your method is better in the case that there was the file there. Can you please read more carefully?

 

[freejlr]

I said your method is better in the case that there was the file there. Can you please read more carefully?

Sorry, I misread your message.

 

[tony33]

Thanks guys got it fixed. Everything work fine right now. I kept the private key on my computers and used the cert in the server. It works.