Using SSH/SFTP configuration

Hello,

Configuring the profile in the Profiles dialog, specific profile, Login tab has the option to browse and use a private key. You will want to verify that the password is blank and Save Password is disabled, and that there is not also a Global Private key defined in the <default> session.

If you try using another SFTP client, like Filezilla, does the same key defined for it work?

If you could email us a pair of log files (BC4's attempt and Filezilla) we may be able to better pinpoint what might not be working. If you email us at [email protected], please also include a link back to this forum thread for our reference.

Hi Aaron,

Firstly this is what I already tried and it didn't work. I will give it a try with Transmit and see what happens.

Secondly, you didn't address my point about using the alias already configured in the .ssh/config file, is it not possible to use them?

Kind regards,

Andrew.

.ssh/config aliases

Hi, is there some way of either getting BC4 to use the ~/.ssh/config file, or at least these Host alias sections of it?

I've been using the .ssh/config file to define aliases for ssh and sftp, for AWS EC2 hosts, which have long-winded unmemorable names which are different each time I request a new one. I have a script to generate the config file format, which uses the AWS boto3 API to get the list of machines with their public DNS names, so I don't have to do a load of cut & paste.

There's an example below, which defines an alias "am0" to point to the ec2-bla-bla DNS Hostname. (ssh picks up the default key from .ssh/id_rsa)

Host am0
HostName ec2-52-209-233-27.eu-west-1.compute.amazonaws.com
User ubuntu
Port 22

(I guess an alternative would be to write/modify the BCProfiles.xml file at the same time as the .ssh/config, but it would me save a bit of work if you can already read .ssh/config. And can I update the BCProfiles.xml while BC4 is running - will it pick up any mods, or ignore them and overwrite the file?)

Many thanks!

Sorry, no, BC4 doesn't support reading any of the ~/.ssh/config file. Updating BCProfiles.xml is the supported way, and yes, it will detect and reload if the file has been modified externally. I've added for reading the aliases from that file to our wishlist and we'll consider it for a future release. I don't expect it in the near future though.

Hi Team Scooter,

I recently updated to High Sierra 10.13.x (yes a slow adoptee) and have since found the SFTP and SSH behaviour with BC4 very hit and miss. Was very stable and reliable in 10.11.x

I will have access to the server using SFTP and a private key; then close down at end of day and shutdown as normal. The next day I will try and reload my previous BC session (which was working) and get no connection. Instead a password challenge and no SSH key picked up. So at reboot or close I effectively break the trusted connection.

I am aware apple changed the default SSH behaviour; where it used to save to keychain but now you need to make a .SSH/config file and specify to save to keychain. I did this as per tech note here: https://developer.apple.com/library/...49/_index.html

When this drop-connection first started I thought it was a file permissions issue with the private key; known-hosts, config, .ssh folder... but went closely through this yesterday and verified all was as expected. FYI the private key; known hosts; config file are in ~/.ssh

I again re-established connection by resetting known_hosts and running the key add commands:

ssh-add -K ~/.ssh/MYKEY_DSA

But, upon reboot it has happened again??

I am really confused as to why BC isn't picking up the key. I saw above you stated the ~/.ssh/config file isn't read. Is this still the case????

Even so I would have thought the "use keychain" entry in the .ssh/config would have done just that... add the SSH entry to the keychain for long-term use by BC and other tools.

But I just looked and I can't see any SSH entry in the keychain (which was there when I had 10.11) so I am guessing this is why BC is failing..

Ideas on how to retain the trust connection with BC; as I my feelings are getting hurt with this on-again off-again relationship ;-)

BTW forklift app is working so I know the key etc in ~/.ssh must be working

Hello,

Correct, BC4 does not use ~/.ssh/config. When loading a profile, BC4 checks for the key file in the defined path under the <default> profile, and under the path specific to the loaded profile's settings (Profiles dialog, Login tab, SSH Private Key File) , as well as the system global locations:
~/.ssh/id_rsa
~/.ssh/id_dsa files

Passphrases are not remembered, by design in BC4, to respect the passphrase as a standard. We weren't parsing the config or storing them in the keychain intentionally, but would use the ssh-agent. The web reference you found is very useful, and at the bottom it references another change where you need to enable
"AddKeysToAgent yes" to your ~/.ssh/config file

Parsing the ~/.ssh/config or working with the keychain are good wishlist items, and I'll add these notes.