I am just trying to get my head around key pairs
Is it possible for a client to create a keypair and then send it to the server and then the server will hold the keys and so when the client logs in they will use that signed pair ?
Key pairs
Key Pair Generation
I am trying to set up key pairs/ssh keys and enforce "Key Authentication Only" on my windows web server running core ftp server. I understand the concepts re sharing a public key with users that want to connect, and installing/applying the private key to the domain in Core FTP server.
In User Details/Security tab I can create a pub & priv key files. Anyone know what extension to save the files as. Now presumably I need to apply this private key to the Domain and share the public key?
When I go into Domain Properties I seem to have 2 options re applying a cert. Ideally I want to apply this recently created cert. When I click the Certificate button on the Domain Properties window I get a list of Certificate folders so I thought I must have to use MMC to import the private key. I tried loading a certificate thru MMc->Certificates->Service Account->Select Core FTP server as the service, but it is not recognising the private cert I created when I change the extension to any of the acceptable extension types.
If someone can tell me the best/easiest way to create a key pair/ssh keys (only have windows experience) and then apply to the Domain I would be very grateful. If I get someone else to create them on another machine I will still have the problem of how I apply/install the private onto the server.
All input welcome, please assist!! Thanks!
In User Details/Security tab I can create a pub & priv key files. Anyone know what extension to save the files as. Now presumably I need to apply this private key to the Domain and share the public key?
When I go into Domain Properties I seem to have 2 options re applying a cert. Ideally I want to apply this recently created cert. When I click the Certificate button on the Domain Properties window I get a list of Certificate folders so I thought I must have to use MMC to import the private key. I tried loading a certificate thru MMc->Certificates->Service Account->Select Core FTP server as the service, but it is not recognising the private cert I created when I change the extension to any of the acceptable extension types.
If someone can tell me the best/easiest way to create a key pair/ssh keys (only have windows experience) and then apply to the Domain I would be very grateful. If I get someone else to create them on another machine I will still have the problem of how I apply/install the private onto the server.
All input welcome, please assist!! Thanks!
one more q, i promise
Thanks for the reply CP. When I create the priv & pub keys I do as you say, they are created with no extension type, I put the pub in the home directory of the user and I copy the priv locally.
I am using the Core FTP LE to test, I go to the advanced tab to save the priv key for my connection. It forces me to choose ckf or ppk - do I rename the priv key as created on the server to one of the required extensions - ppk or ckf? Perhaps I cant test the keys with LE?
I am using the Core FTP LE to test, I go to the advanced tab to save the priv key for my connection. It forces me to choose ckf or ppk - do I rename the priv key as created on the server to one of the required extensions - ppk or ckf? Perhaps I cant test the keys with LE?
applying key authentication
Can someone tell me how to implement "Key Authentication Only" please using CoreFTP server and client.
I have used the "Generate Key Pair" on the server for the account I wanted to give access to. This creates files called "pub" and "priv" by default (no file extension by default). Should I save them with file extensions?
I have put the "pub" file (no file extension) in their home directory for sftp on the server, and have copied the "priv" (no file extension) locally where I am running core ftp le version 2.0. I click advanced button, then ssh tab where I can then apply a key file. This must be a .ckf or ppk - should I save the "priv" as one of these? If not how do I apply the key to the connection.
Previous post replies have not answered this question and I really woould like to sort this out. I cant see how I can implement "Key Authentication Only" because I need to rename the "priv" file as either a .ckf or a .ppk, but when I do this I am not able to connect with the user account that could previously connect.
Thanks for you help.
I have used the "Generate Key Pair" on the server for the account I wanted to give access to. This creates files called "pub" and "priv" by default (no file extension by default). Should I save them with file extensions?
I have put the "pub" file (no file extension) in their home directory for sftp on the server, and have copied the "priv" (no file extension) locally where I am running core ftp le version 2.0. I click advanced button, then ssh tab where I can then apply a key file. This must be a .ckf or ppk - should I save the "priv" as one of these? If not how do I apply the key to the connection.
Previous post replies have not answered this question and I really woould like to sort this out. I cant see how I can implement "Key Authentication Only" because I need to rename the "priv" file as either a .ckf or a .ppk, but when I do this I am not able to connect with the user account that could previously connect.
Thanks for you help.
Thanks for the reply CP. I appreciate your help. When I tick "Allow Key Authentication" I can still connect (I can connect when this is not ticked but my client is still configured with a priv key, but that's another thing!)
When I tick "Key Authentication Only" I cannot connect, I get the error "Can't establish connection --> IPAddress @ datetime (122-1)". I have the pub file in the home directory for the user, I have done everything as directed but it just wont connect when forcing to use Key Authentication.
This problem exists whether I try to connect using a key that has a password or does not have a password. Any ideas?
When I tick "Key Authentication Only" I cannot connect, I get the error "Can't establish connection --> IPAddress @ datetime (122-1)". I have the pub file in the home directory for the user, I have done everything as directed but it just wont connect when forcing to use Key Authentication.
This problem exists whether I try to connect using a key that has a password or does not have a password. Any ideas?
additional info
The following is the output from the client when I fail to connect per my previous post:
Mem -- 1,038,412 KB, Virt -- 2,097,024 KB
Started on Tuesday October 03, 2006 at 10:10:AM
Looking up host "MyIPAddress"
Connecting to MyIPAddress port 22
Server version: SSH-2.0-CoreFTP-0.1.1
version: SSH-2.0-SSH-Local: Feb 22 2006 10:10:43
Using SSH protocol version 2
processing key exchange
Host key fingerprint is:
****************************
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Reading private key file "C:\priv_pass"
Unable to use this key file (OpenSSH SSH2 private key)
No supported authentications offered. Disconnecting
Unable to initialize SFTP: ***** (sftp not enabled?)
Can't establish connection --> MyIPAddress @ Tue Oct 03 10:10:21 2006 (122-1)
Mem -- 1,038,412 KB, Virt -- 2,097,024 KB
Started on Tuesday October 03, 2006 at 10:10:AM
Looking up host "MyIPAddress"
Connecting to MyIPAddress port 22
Server version: SSH-2.0-CoreFTP-0.1.1
version: SSH-2.0-SSH-Local: Feb 22 2006 10:10:43
Using SSH protocol version 2
processing key exchange
Host key fingerprint is:
****************************
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Reading private key file "C:\priv_pass"
Unable to use this key file (OpenSSH SSH2 private key)
No supported authentications offered. Disconnecting
Unable to initialize SFTP: ***** (sftp not enabled?)
Can't establish connection --> MyIPAddress @ Tue Oct 03 10:10:21 2006 (122-1)
Again, thanks CP for your continued support. I have followed the advice re navigating to the pub file on the server. Although I am using Core FTP LE 2.0 Build 1469 I am still not able to connect.
On the client, when I untick "Use Putty..","Use Legacy..","Simulate ASCII.." it will only continue to connect when I remove the key file location. When I apply a key file and untick everything it wont connect, just hangs. When I apply a key file to the client the only way I can get it to connect is by ticking "Use Putty compatible SFTP". I still seem to be unable to use the key file, though can connect when on the server I have "Allow Key Authentication" ticked but dont tick "Key Authenitcation Only". The following are the relevant lines when I connect using a key but have not forced key authentication:
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Reading private key file "C:\priv"
Unable to use this key file (OpenSSH SSH2 private key)
On the client, when I untick "Use Putty..","Use Legacy..","Simulate ASCII.." it will only continue to connect when I remove the key file location. When I apply a key file and untick everything it wont connect, just hangs. When I apply a key file to the client the only way I can get it to connect is by ticking "Use Putty compatible SFTP". I still seem to be unable to use the key file, though can connect when on the server I have "Allow Key Authentication" ticked but dont tick "Key Authenitcation Only". The following are the relevant lines when I connect using a key but have not forced key authentication:
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Reading private key file "C:\priv"
Unable to use this key file (OpenSSH SSH2 private key)