Private Key Login WITH Password!

Advertisement

hecktarzuli
Joined:
Posts:
2

Private Key Login WITH Password!

For some reason WinSCP grays out the password box when I tell it what Private Key to use. The problem is my Private Key is password protected, so I still get a password prompt! It would really be nice to be able to use the password box AND the Private Key feature at the same time.
_________________
- Heck

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: Private Key Login WITH Password!

The password box is for password authentication, not for private key passphrase. It would be security problem to allow the same box for both purposes. Imagine your server is spoofed and you connect to fake server. It refuses your public key and WinSCP falls back to password authentication. So it sends password to your private key to the fake server, because it is entered into password box. This is obviously somethink you would not like.

Also I do not see a reason for storing passphrase-protected private key, while saving the password into WinSCP session. You can save the private key unprotected straight with the same result.

Read the documentation.

Reply with quote

hecktarzuli
Joined:
Posts:
2

Private / Public Key

FYI, Putty allows me to do this via command line which is why I was asking for it via WinSCP. There is little/no chance my server is spoofed since it's a server within my local network to which I have direct control over.

So you are saying the way to go is just use Private/Public Key with no password? Isn't the password an extra layer of security, or do you consider putting a password on a key overkill?
_________________
- Heck

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: Private / Public Key

hecktarzuli wrote:

FYI, Putty allows me to do this via command line which is why I was asking for it via WinSCP.
I guess that it was not intention of putty author to allow -pw parameter to apply to passphrases as well. It is rather side effect. It is quite obvious from the -pw option description.

Instead of passing password using -pw command, they recommend using public-key, by what I believe they mean either unencrypted private key or Pageant authentication.

Isn't the password an extra layer of security, or do you consider putting a password on a key overkill?
No I do not meant that it is overkill. It is extra layer of security to protect your private key when someone gets an access to your computer/harddisk. But only if you keep your passphare in your memory. If you keep it in WinSCP configuration on the same computer, that it has no effect.

Reply with quote

Advertisement

You can post new topics in this forum