Topic "scripted Private key without blank password"

Author Message
Mike@inn

Guest


Hi,
I am trying to automate an ftp transfer and I can't find a way to pass the private key password into the command line. I've check the site and FAQ and all I can find is use a blank passphrase or use an authentication program.
The problem with an authentication program is that if the power goes out and the computer reboots some one would have to go out there and re-type in the passphrase locally.
The problem with a blank passphrase is that my sFTP server doesn't accept a blank passphrase and, according to puttygen, there is no encryption on the private key if there is no password so it is sent in the clear.
I trust the physical security of the machine but I don't trust the internet to send a clear-text private key. Is there any way to pass through the private key passphrase automatically?
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
Mike@inn wrote:
The problem with a blank passphrase is that my sFTP server doesn't accept a blank passphrase

That's nonsense. The server does not care (even does not know) how you keep the key stored on your machine.

Quote:
and, according to puttygen, there is no encryption on the private key if there is no password so it is sent in the clear.

That's also not true. I do not even think anything like that is mentioned in the puttygen doc. Again the way you keep key stored on your machine does not have any impact on the way the key is transferred. Also only public part of the key is transferred (which is not stored encrypted anyway, even if you use passphrase). Privite part never leaves your local computer. So there's no risk.
_________________
Martin Prikryl
Guest




It turns out the must have password was a setting on my server. As for the encryption thats said in the private key itself.
From one with a password:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20080609

from one without a password:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20080611
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
Quote:
It turns out the must have password was a setting on my server.

Account password is not the same as key passphrase.

Quote:
As for the encryption thats said in the private key itself.

I'm not here to explain you how public key authentication works, but only shortly:
The ppk file consists of two parts, public key file and private key file. Public key is stored unencrypted, whether you use passphrase or not. Private key is encrypted only if you use passphrase. When authenticating, only the public key is sent via internet. Being PUBLIC, it does not matter if ANYONE gets an access to it.

If you do not believe, well that's your problem.

But you can try simple test. Make new encrypted key, that you do not tell the server about. Try to authenticate using it. You will get message "server refused our key", without ever being asked for passphrase... How this is possible? Because what I wrote above is true. WinSCP can read the public part of the key, which is used for the authentication, without passphrase, even though the key is encrypted. Because the public part is not! And the server can verify your public key, even before WinSCP tries to decode the private part (for what it would need passphrase if the key is encrypted). So it does not even know, if you have the private key encrypted. It can hardly require the key to be encrypted, if it cannot tell whether it is.
Guest




Calm down, its not that I don't believe you its that I didn't understand. I thought the private key was sent.
Thanks for your help.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License