Opened 7 weeks ago

#11935 new Bug report

FZ ignores connection specific keyfiles if Pageant is available

Reported by: Phil G Owned by:
Priority: low Component: FileZilla Client
Keywords: Pageant GPG-Agent keyfile Cc:
Component version: 3.42.1 Operating system type: Windows
Operating system version: 10 Pro

Description

For SSH public key connections Filezilla seems to always (and only) use Pageant when available in preference to either the generic keys specified in Setup/Connection/FTP/SFTP or a specific key set for the connection in Site Manager/Logon Type=keyfile. This seems counter-intuitive, especially using the agent in preference to a connection specific key, and is confusing when other applications (e.g. Putty) use any specified keyfile first and fall back to using the agent on failure/missing.

In my case I'm using GPG-agent as a stand in for Pageant. Unlike Pageant which pre-caches decrypted private keys and therefore will always be able to offer them, GPG-agent offers the SSH key IDs but only decrypts them as needed via a password popup, and then expires the passwords from memory after a short interval, if that password prompt is cancelled FZ gives up and doesn't even fallback to using the password file(s).

My usage case is that I would like to use GPG-agent for regular Putty connections and some occasional Filezilla connections (where no keyfile is specified), but for regular FZ connections (e.g. to development servers) to use a dedicated locked down key that is used and cached long term by the FZ session without ever troubling the agent. As it stands currently FZ will always use (and seemingly can only use) the more widely privileged keys known to the agent, keeping them cached unnecessarily if activity is frequent, and/or prompting repeatedly for the password if activity is less frequent than the agent's cache expiry timeout.

GPG-Agent running, password given

2019-06-03 23:36:16 3860 2 Trace: Host key fingerprint is:
2019-06-03 23:36:16 3860 2 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A=
2019-06-03 23:36:16 3860 2 Trace: Initialised AES-256 GCM client->server encryption
2019-06-03 23:36:16 3860 2 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:36:16 3860 2 Trace: Initialised AES-256 GCM server->client encryption
2019-06-03 23:36:16 3860 2 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:36:16 3860 2 Trace: Pageant is running. Requesting keys.
2019-06-03 23:36:16 3860 2 Trace: Pageant has 2 SSH-2 keys
2019-06-03 23:36:16 3860 2 Trace: Successfully loaded 1 key pair from file
2019-06-03 23:36:16 3860 2 Trace: Trying Pageant key #0
2019-06-03 23:36:22 3860 2 Trace: Sending Pageant's response
2019-06-03 23:36:22 3860 2 Trace: Access granted
2019-06-03 23:36:22 3860 2 Trace: Initiating key re-exchange (enabling delayed compression)
2019-06-03 23:36:22 3860 2 Trace: Opening session as main channel

GPG-Agent NOT running

2019-06-03 23:31:21 3860 1 Trace: Host key fingerprint is:
2019-06-03 23:31:21 3860 1 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A=
2019-06-03 23:31:21 3860 1 Trace: Initialised AES-256 GCM client->server encryption
2019-06-03 23:31:21 3860 1 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:31:21 3860 1 Trace: Initialised AES-256 GCM server->client encryption
2019-06-03 23:31:21 3860 1 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:31:21 3860 1 Trace: Successfully loaded 1 key pair from file
2019-06-03 23:31:21 3860 1 Trace: Offered public key from "X:\Crypto\Personal\philg_piglet_rsa_home_np.ppk"
2019-06-03 23:31:21 3860 1 Trace: Offer of public key accepted, trying to authenticate using it.
2019-06-03 23:31:21 3860 1 Trace: Access granted
2019-06-03 23:31:21 3860 1 Trace: Initiating key re-exchange (enabling delayed compression)
2019-06-03 23:31:21 3860 1 Trace: Opening session as main channel

GPG-Agent running, password cancelled

2019-06-03 23:30:32 3860 1 Trace: Host key fingerprint is:
2019-06-03 23:30:32 3860 1 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A=
2019-06-03 23:30:32 3860 1 Trace: Initialised AES-256 GCM client->server encryption
2019-06-03 23:30:32 3860 1 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:30:32 3860 1 Trace: Initialised AES-256 GCM server->client encryption
2019-06-03 23:30:32 3860 1 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher)
2019-06-03 23:30:32 3860 1 Trace: Pageant is running. Requesting keys.
2019-06-03 23:30:32 3860 1 Trace: Pageant has 2 SSH-2 keys
2019-06-03 23:30:32 3860 1 Trace: Successfully loaded 1 key pair from file
2019-06-03 23:30:32 3860 1 Trace: Trying Pageant key #0
2019-06-03 23:30:34 3860 1 Trace: Pageant failed to answer challenge
2019-06-03 23:30:34 3860 1 Error: Pageant failed to answer challenge
2019-06-03 23:30:34 3860 1 Trace: CSftpControlSocket::OnTerminate without error
2019-06-03 23:30:34 3860 1 Trace: CControlSocket::DoClose(66)
2019-06-03 23:30:34 3860 1 Trace: CControlSocket::ResetOperation(66)
2019-06-03 23:30:34 3860 1 Trace: CSftpDeleteOpData::Reset(66) in state 3
2019-06-03 23:30:34 3860 1 Error: Could not connect to server
2019-06-03 23:30:34 3860 1 Trace: CFileZillaEnginePrivate::ResetOperation(66)
2019-06-03 23:30:34 3860 1 Status: Waiting to retry...

Change History (0)

Note: See TracTickets for help on using tickets.