Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Guest

Calm down, its not that I don't believe you its that I didn't understand. I thought the private key was sent.
Thanks for your help.
martin

Re: scripted Private key without blank password

It turns out the must have password was a setting on my server.

Account password is not the same as key passphrase.

As for the encryption thats said in the private key itself.

I'm not here to explain you how public key authentication works, but only shortly:
The ppk file consists of two parts, public key file and private key file. Public key is stored unencrypted, whether you use passphrase or not. Private key is encrypted only if you use passphrase. When authenticating, only the public key is sent via internet. Being PUBLIC, it does not matter if ANYONE gets an access to it.

If you do not believe, well that's your problem.

But you can try simple test. Make new encrypted key, that you do not tell the server about. Try to authenticate using it. You will get message "server refused our key", without ever being asked for passphrase... How this is possible? Because what I wrote above is true. WinSCP can read the public part of the key, which is used for the authentication, without passphrase, even though the key is encrypted. Because the public part is not! And the server can verify your public key, even before WinSCP tries to decode the private part (for what it would need passphrase if the key is encrypted). So it does not even know, if you have the private key encrypted. It can hardly require the key to be encrypted, if it cannot tell whether it is.
Guest

Re: scripted Private key without blank password

It turns out the must have password was a setting on my server. As for the encryption thats said in the private key itself.
From one with a password:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20080609

from one without a password:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20080611
martin

Re: scripted Private key without blank password

Mike@inn wrote:

The problem with a blank passphrase is that my sFTP server doesn't accept a blank passphrase

That's nonsense. The server does not care (even does not know) how you keep the key stored on your machine.

and, according to puttygen, there is no encryption on the private key if there is no password so it is sent in the clear.

That's also not true. I do not even think anything like that is mentioned in the puttygen doc. Again the way you keep key stored on your machine does not have any impact on the way the key is transferred. Also only public part of the key is transferred (which is not stored encrypted anyway, even if you use passphrase). Privite part never leaves your local computer. So there's no risk.
Mike@inn

scripted Private key without blank password

Hi,
I am trying to automate an ftp transfer and I can't find a way to pass the private key password into the command line. I've check the site and FAQ and all I can find is use a blank passphrase or use an authentication program.
The problem with an authentication program is that if the power goes out and the computer reboots some one would have to go out there and re-type in the passphrase locally.
The problem with a blank passphrase is that my sFTP server doesn't accept a blank passphrase and, according to puttygen, there is no encryption on the private key if there is no password so it is sent in the clear.
I trust the physical security of the machine but I don't trust the internet to send a clear-text private key. Is there any way to pass through the private key passphrase automatically?