SFTP: how do I connect with a key pair only?

Don't need to create

I'm going to dive into this issue (find/make an ftp with pass keys and test this scenario), but first I'll let you know the intended behavior:

The ftp should have your public key already, so we do not need it. The pair comes from you having the private key browsed and selected. Edit: A way to paraphrase that is, you keep your private key private, and give out the public key to anyone who needs it/you to connect to them.

Then type in your passphrase and close the dialog/save. You do not want to click create, because that will overwrite your files with a new key. That is probably why it is not working.

When the ftp connects, you shouldn't need to enter a password. Does this work for you?

We can address the other issues (server specific settings, etc) after we get this transfer working

I'm in but...

Update: main user of the server where I need to upload is almost as unfamiliar with the process as I am - at least in giving others access to where he normally is the only one with access (this is an emergency solution...). So it turns out I did need a user name after all.

Once I entered that in Tunnelier (leaving it set to "Initial method" public key - slot 1) I could connect - files are uploading now. Once that's finished I'll still need Cirrus to do some work on the server though.

That's the first thing that's confusing: with the way the "Create" and passphrase are arranged (right next to each other and in the same panel) it looks as if you have to press the button to complete the 'SSH Public Key authentication' process.

Withe username added now, it did prompt me for password when connecting - but since I cannot specify an "Initial method" as with Tunnelier, I doubt it's using the SSH keys at all?
Edit: I think it should not be prompting for a password at all - private key+passphrase + username should be sufficient, and that's how it works in other programs.

Basically it's working now - but I'm worried that it's not using the key pair at all, let alone "initially".

Remaining problems:

• Confusing dialog (visually) mixing up "importing" and "creating" key pairs
• No way to actually "import" keys (as Tunnelier is doing) so different key pairs can be selected for different connections / servers: it seems as if Cirrus just uses a (single) pointer to the location of the keys
• No way to specify "initial method" of authentication (and as far as I know authentication with *only* key pair should also be possible but I cannot test that now)

It might not be a bad idea to have a look at how Tunnelier handles this.

Aren't you glad we're having a bit of an emergency?

(I'll be out most of the day - while Tunnelier continues uploading - will check back when I return.)

I'm in a similar conundrum. Over 3 years ago I set up a public/private key pair for accessing a particular FTP site. I load the private key into putty\pageant, then, using another FTP client (Total Commander with SFTP plugin), just open the site on port 22, giving a user name but no password or pass phrase AFAICT.

When I try to open this site in Cirrus, it wants a password.

What am I missing or perhaps forgetting? (I have not thought about this since setting it up 3+ years ago, so perhaps there's another configuration step that I did with the other FTP client which I'm neglecting in Cirrus?)

Thanks.

Jonathan,

Thanks for posting about the public/private key problem. I'll try to get this setup on one of our test servers and let you know what I figure out.

Thanks, Chris.

Jonathan,

It looks like Cirrus is prompting for a password when it doesn't need one because it is already authorized by the private key.

Here are the steps I used to connect to an SFTP server running OpenSSH 3.9p1 on Redhat Enterprise Linux 4:

In Tools|FTP Profiles, go to the Authentication tab.
For private key file, browse to the private key file.
Enter the passphrase for the private key file. (I generated this on my test server using the "ssh-keygen" command)
Connect to the SFTP server using a path of the form "sftp://username@server/".
You will get a password prompt, but you can leave it blank. Checking the "save password" box with the blank password will prevent you from being prompted again.

The above steps worked for me on the RHEL4 test system. Please let me know if they work for you.

I'll also add the password prompting when using private key authentication to our bug list to be fixed.

Thanks, Chris. That's quite straightforward and worked fine.

FWIW, my confusion came from not realizing that there was a separate FTP Profile dialog (I was wondering what "Authentication Tab" Marjolein was referring to! When I originally looked at the Profile dropdown, my hasty impression was that this was only a list of URLs.

I realize that the help system is still very much in progress, so this is probably a redundant suggestion, but I suggest that the FTP tab of the Browse dialog have a help page which explicitly says to use the Profile dropdown (or its successor) to configure an SSH keyfile and for other advanced FTP configuration options.

Any chance to get ssh-agent support á la PuTTY Agent? ...as it currently seems to be not working.

I know, pageant support is just a "nice to have" as configuring a private key works for 99% of cases.

I've added supporting pageant to our wishlist.

I have managed to connect to servers via private key authentication, but you have to ensure that you don't check the Anonymous login box. Enter your username and leave the password blank. Check the save password box.
When you now login the system authenticates with your username and public / private key. (You don't need to enter your password)

This is similar to tunnelier, you need a username but no password.
I am connecting to an OppenSSh 3.8 server