Opened 12 years ago
Last modified 4 years ago
#8232 reopened Bug report
Manage SSH keys - Site Manager — at Version 9
| Reported by: | Catalin Pavel | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Client |
| Keywords: | sftp, too-many-authentication-failures | Cc: | cnpavel@…, yukihirog@…, filezilla@… |
| Component version: | Operating system type: | ||
| Operating system version: | All OSes |
Description (last modified by )
Hello,
It would be great if we could specify a key to a configured sftp site in Site Manager so that each configured connection knows what key to use.
The situation is that I need to connect to more than 10 SFTP sites with different usernames and separate keys. I added all the necessary keys to FileZilla and they are all tried to each connection until one works. Usually when the key that works is among the last ones I get my user locked due to "too many authentication failures".
Thank you and looking forward for this functionality!
Regards,
Catalin
Change History (9)
comment:1 by , 12 years ago
| Cc: | added |
|---|
comment:2 by , 11 years ago
comment:3 by , 11 years ago
| Keywords: | too many authentication failures added; key site removed |
|---|---|
| Summary: | Manage ssh keys - site manager → Manage SSH keys - Site Manager |
comment:4 by , 10 years ago
| Cc: | added |
|---|---|
| Type: | Feature request → Bug report |
FileZilla 3.9.0.2 on Windows 7:
If there are more than 6 keys specified in Settings/SFTP, remote SSH login fails with an error message due to too many failed authentication attempts.
Error message:
too many authentication failures [username].
comment:6 by , 10 years ago
Hi -
I would second the original request of being able to select a specific key in a connection profile.
With 10 keys for servers, increasing the connection attempts above 10 on each seems to not be a security best practice...
And recently, with RHEL/CentOS 6.5, a change seems to have made ssh only accept 1 key per connection attempt (at least only 1 key fingerprint appears in the logs, before it sends back the "no more auth methods available, disconnecting", even with MaxAuthTries set > 10).
Have to use pagent and load the single key for the server to connect to... (maybe some default in RHEL ssh changed, ??) Kind-of a pain to connect to different/multiple servers regularly...
Either way - seems it would make sense to only send the 1 key associated with a connection for authentication and not iterate them all, regardless of the ease of use and avoiding the "No other authentication mechanisms available" errors...
comment:7 by , 10 years ago
| Operating system type: | Windows → Other |
|---|---|
| Operating system version: | → All OSes |
I would also like to second suggestion #2 of the original reporter. The issue of multiple key files and authentication failures due to excessive tries is becoming more frequent as users move to manage virtual servers in the cloud. A single extra field in the Site Manage would easily solve this problem.
comment:8 by , 10 years ago
| Cc: | added |
|---|
comment:9 by , 9 years ago
| Description: | modified (diff) |
|---|---|
| Keywords: | too-many-authentication-failures added; too many authentication failures removed |
Taken from #8747:
FileZilla 3.7.0.1 on Windows 7 seems to start loading keys from Pageant before it loads keys specified in Settings/SFTP. If there are more than 4 keys in Pageant, remote SSH login fails with an error message due to too many failed authentication attempts.
A suitable resolution for this problem may be the follow two changes/procedures:
(1)
Procedure
(2)
The ability to specify keys in Site Manager per entry (session) is necessary to enable working with many sessions and keys. This prevents loading too many Settings/SFTP specified keys when there are more than 5 coexisting sessions each with a different key.
The procedure mentioned below (1) still applies.
Behavior tested with remote SSHd versions:
SSH-2.0-OpenSSH_5.9p1 Debian-3
SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3