Opened 5 years ago
#11935 new Bug report
FZ ignores connection specific keyfiles if Pageant is available
Reported by: | Phil G | Owned by: | |
---|---|---|---|
Priority: | low | Component: | FileZilla Client |
Keywords: | Pageant GPG-Agent keyfile | Cc: | |
Component version: | 3.42.1 | Operating system type: | Windows |
Operating system version: | 10 Pro |
Description
For SSH public key connections Filezilla seems to always (and only) use Pageant when available in preference to either the generic keys specified in Setup/Connection/FTP/SFTP or a specific key set for the connection in Site Manager/Logon Type=keyfile. This seems counter-intuitive, especially using the agent in preference to a connection specific key, and is confusing when other applications (e.g. Putty) use any specified keyfile first and fall back to using the agent on failure/missing.
In my case I'm using GPG-agent as a stand in for Pageant. Unlike Pageant which pre-caches decrypted private keys and therefore will always be able to offer them, GPG-agent offers the SSH key IDs but only decrypts them as needed via a password popup, and then expires the passwords from memory after a short interval, if that password prompt is cancelled FZ gives up and doesn't even fallback to using the password file(s).
My usage case is that I would like to use GPG-agent for regular Putty connections and some occasional Filezilla connections (where no keyfile is specified), but for regular FZ connections (e.g. to development servers) to use a dedicated locked down key that is used and cached long term by the FZ session without ever troubling the agent. As it stands currently FZ will always use (and seemingly can only use) the more widely privileged keys known to the agent, keeping them cached unnecessarily if activity is frequent, and/or prompting repeatedly for the password if activity is less frequent than the agent's cache expiry timeout.
GPG-Agent running, password given
2019-06-03 23:36:16 3860 2 Trace: Host key fingerprint is: 2019-06-03 23:36:16 3860 2 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A= 2019-06-03 23:36:16 3860 2 Trace: Initialised AES-256 GCM client->server encryption 2019-06-03 23:36:16 3860 2 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:36:16 3860 2 Trace: Initialised AES-256 GCM server->client encryption 2019-06-03 23:36:16 3860 2 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:36:16 3860 2 Trace: Pageant is running. Requesting keys. 2019-06-03 23:36:16 3860 2 Trace: Pageant has 2 SSH-2 keys 2019-06-03 23:36:16 3860 2 Trace: Successfully loaded 1 key pair from file 2019-06-03 23:36:16 3860 2 Trace: Trying Pageant key #0 2019-06-03 23:36:22 3860 2 Trace: Sending Pageant's response 2019-06-03 23:36:22 3860 2 Trace: Access granted 2019-06-03 23:36:22 3860 2 Trace: Initiating key re-exchange (enabling delayed compression) 2019-06-03 23:36:22 3860 2 Trace: Opening session as main channel
GPG-Agent NOT running
2019-06-03 23:31:21 3860 1 Trace: Host key fingerprint is: 2019-06-03 23:31:21 3860 1 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A= 2019-06-03 23:31:21 3860 1 Trace: Initialised AES-256 GCM client->server encryption 2019-06-03 23:31:21 3860 1 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:31:21 3860 1 Trace: Initialised AES-256 GCM server->client encryption 2019-06-03 23:31:21 3860 1 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:31:21 3860 1 Trace: Successfully loaded 1 key pair from file 2019-06-03 23:31:21 3860 1 Trace: Offered public key from "X:\Crypto\Personal\philg_piglet_rsa_home_np.ppk" 2019-06-03 23:31:21 3860 1 Trace: Offer of public key accepted, trying to authenticate using it. 2019-06-03 23:31:21 3860 1 Trace: Access granted 2019-06-03 23:31:21 3860 1 Trace: Initiating key re-exchange (enabling delayed compression) 2019-06-03 23:31:21 3860 1 Trace: Opening session as main channel
GPG-Agent running, password cancelled
2019-06-03 23:30:32 3860 1 Trace: Host key fingerprint is: 2019-06-03 23:30:32 3860 1 Trace: ssh-ed25519 256 de:c0:96:73:50:2f:82:0d:fe:36:4d:56:dd:c6:5b:66 ivHymwfP9DmUleDDSqNuqcgVZPMZAOHkRA3LXuIAD7A= 2019-06-03 23:30:32 3860 1 Trace: Initialised AES-256 GCM client->server encryption 2019-06-03 23:30:32 3860 1 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:30:32 3860 1 Trace: Initialised AES-256 GCM server->client encryption 2019-06-03 23:30:32 3860 1 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher) 2019-06-03 23:30:32 3860 1 Trace: Pageant is running. Requesting keys. 2019-06-03 23:30:32 3860 1 Trace: Pageant has 2 SSH-2 keys 2019-06-03 23:30:32 3860 1 Trace: Successfully loaded 1 key pair from file 2019-06-03 23:30:32 3860 1 Trace: Trying Pageant key #0 2019-06-03 23:30:34 3860 1 Trace: Pageant failed to answer challenge 2019-06-03 23:30:34 3860 1 Error: Pageant failed to answer challenge 2019-06-03 23:30:34 3860 1 Trace: CSftpControlSocket::OnTerminate without error 2019-06-03 23:30:34 3860 1 Trace: CControlSocket::DoClose(66) 2019-06-03 23:30:34 3860 1 Trace: CControlSocket::ResetOperation(66) 2019-06-03 23:30:34 3860 1 Trace: CSftpDeleteOpData::Reset(66) in state 3 2019-06-03 23:30:34 3860 1 Error: Could not connect to server 2019-06-03 23:30:34 3860 1 Trace: CFileZillaEnginePrivate::ResetOperation(66) 2019-06-03 23:30:34 3860 1 Status: Waiting to retry...