Opened 3 months ago

Last modified 3 months ago

#13049 new Bug report

SFTP SSH authentication stopped working with ssh-agent on macOS

Reported by: kataba Owned by:
Priority: normal Component: FileZilla Client
Keywords: ssh-agent, macos, mac, ssh, sftp Cc: kataba
Component version: Operating system type: OS X
Operating system version: macOS Sonoma 14.2.1

Description (last modified by kataba)

I recently set up SSH access to my web servers on my Mac by following GitHub's documentation for Generating a new SSH key and adding it to the ssh-agent. After that, I installed FileZilla and the connections to my servers worked correctly. However, today I restarted my Mac, and tried to connect via SSH using the terminal, it asked me for the passphrase of my private key. I entered it and could connect. However, I still couldn't connect to my servers via SFTP on FileZilla. I tried running eval "$(ssh-agent -s)" and ssh-add --apple-use-keychain ~/.ssh/id_ed25519, but this did not help. I am either getting in FileZilla:

FATAL ERROR: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Error: Could not connect to server
or

Status: Using username "root".
Status: Access denied
Error: Authentication failed.
Error: Critical error: Could not connect to server
depending on which server I try to connect to.

If I make use of FileZilla's key import, converting the key file to a supported format (.ppk extension), and manually entering the passhprase in the prompt, the connections succeeds.

Why did FileZilla stop making use of the ssh-keygen (which is used fine through the terminal when using the SSH and SFTP protocols)?

Debug log excerpt:

Trace: Pageant is running. Requesting keys.
Trace: Pageant has 0 SSH-2 keys
I have always had "Normal" Logon type and echo $SSH_AUTH_SOCK prints /var/folders/sm/xxxxx/Tssh-xxxx/agent.1133, as described here. I've tried using both Normal and Interactive mode, and both don't work anymore, but they used to work before the system restart. I also tried restarting my system again and this didn't help.

Removing FileZila preferences, removing the app and reinstalling it did not help.

Edit 1:

I've found that the actual reason for FileZilla failing to use the keys loaded in ssh-agent is that FileZilla starts its own ssh-agent process with its own socket instead of using the default one where the keys are loaded. The default socket location is in a temporary directory /var/folders/sm/4bt9kz951dg4s5kq1jwy57tc0000gn/Tssh-nWola5Puaw6o/agent.2855, and when I try to use SFTP via FileZilla, it creates its own at /private/tmp/com.apple.launchd.YiC62e7kHT/Listeners.

Edit 2:

Here is my ~/.ssh/config file content:

Host *

AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519


Host website.com

HostName xx.xxx.xx.xxx
Port 1500
User user

I use ohmyzsh with a couple common plugins. I found out I had the ssh-agent plugin enabled.

With the ssh-plugin plugin disabled, when I boot/restart my system, an ssh-agent doesn't get started on boot (I think it's like that by default; the ssh-agent plugin didn't change this, it was only responsible for automatically starting an ssh-agent when I open my terminal). Then I open my terminal. Then when I run the ssh command to ssh into a server, automatically an ssh-agent gets started and my private key gets imported without asking for a passphrase.

By default, there is an environment variable $SSH_AUTH_SOCK set to a temp folder location and $SSH_AGENT_PID is empty. The ssh-plugin was starting a new ssh-agent instance and overwriting the $SSH_AUTH_SOCK variable to its own socket, and this way shadowing the existing ssh-agent instance (which FileZilla uses) that used the default socket location (if there is one running), and this led to two different ssh-agent instances running at the same time and listening on different sockets.

Change History (5)

comment:1 by kataba, 3 months ago

Description: modified (diff)

Add additional debug info

comment:2 by kataba, 3 months ago

Description: modified (diff)

Additional information

comment:3 by kataba, 3 months ago

Description: modified (diff)

comment:4 by kataba, 3 months ago

Description: modified (diff)

comment:5 by kataba, 3 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.