Your best friend for file transfer.

Fetch application logoFetch

SFTP with public key - how? (39 posts)

  • Started 14 years ago by Franz
  • Latest reply 4 years ago from Pete
  • Franz Member

    Hello,

    how can I make a SFTP-connection with a public-key-authentification? (with SSH it is the option: -i xxxxkey).

    I have tried the way as it was described in the online-manual,(»Using SSH public/private keys or ssh-agent with Fetch«) but it will not work with Fetch, but with SSH (option: -i xxxxkey) and another FTP-App (where I can choose my key).

    How can I with Fetch select the private key which I need?

    Franz

    Posted 14 years ago #

  • Scott McGuire Administrator

    Hi,

    You want to create a file named "config" in the ".ssh" folder of your home folder (if this file already exists you should just append lines to it). The file should contain lines like the following:

    host your-hostname
    IdentityFile path-to-the-keyfile

    for example:

    host ftp.example.com
    IdentityFile ~/.ssh/key-for-example.pem

    Please let us know if this is not clear, or if you run into any problems.

    Thanks,

    Scott McGuire
    Fetch Softworks

    Posted 14 years ago #

  • Franz Member

    Hi Scott,

    Thank You, it works.

    Franz

    Posted 14 years ago #

  • Scott McGuire Administrator

    Hi Franz,

    You're welcome, and we're glad to hear you got it working.

    Best,

    Scott McGuire
    Fetch Softworks

    Posted 14 years ago #

  • Jason Member

    I'm encouraged that this can work, but don't get the instructions...

    By "home" folder what do you mean? I'm not aware of a Fetch home folder but did place my PEM in my user folder. How would fetch be aware of a file here unless explicitly set in the settings or connection? But I cannot find where to set the PEM path in Fetch...

    I followed the instructions here:
    http://fetchsoftworks.com/fetch/help/Contents/Tutorial/UsingSSHAgent.html
    and after submitting the dummy password, Fetch errors: "Connection could not be established" I am able to SSH from the command line with my PEM...

    Thanks.

    Posted 14 years ago #

  • Scott McGuire Administrator

    Hi,

    By "home" folder we meant what I think you are calling your "user" folder. That is, the folder you get to when you go to the Finder's Go menu and choose "Home."

    However, you cannot see the .ssh folder in your home folder with the Finder. You need to use the command line. You would do something like:

    * Open Terminal
    * Type "cd ~/.ssh" (without quotes) to change to the .ssh folder.
    * Either create a file named "config" in that directory, or if one already exists, open it.
    * Add two lines to the config file as described above. If your PEM file is in your home folder, you would type something like:

    host your-hostname-goes-here
    IdentityFile ~/name-of-your-pem-file.pem

    This tells SSH how to find your PEM file automatically, and then Fetch, which uses Mac OS X's SSH to open the SFTP connections, will be able to find and use it too.

    I hope this helps clarify things.

    Thanks,

    Scott McGuire
    Fetch Softworks

    Posted 14 years ago #

  • ispiderman Member

    thumbs up, way up for the instruction posted on this page. It works!!! I searched and searched all over the web, but could not find any way to set Fetch or any other mac sftp client to accept .pem file my client sent me to log into their server. THANK YOU!!! How come Fetch UI or other client does not allow for this is rather frustrating. But THANK-YOU again.

    Posted 14 years ago #

  • Scott McGuire Administrator

    Hi ispiderman,

    You're welcome and we're glad you found this information helpful.

    We don't have a UI way to do this because honestly, until a couple of months ago, no one had asked us how to accomplish this with Fetch; and it still remains pretty uncommon. But we will keep an eye on the requests and feedback and if it seems like using .pem files become much more common, we will consider adding UI for it. But one thing we will do is update the help to include these instructions on how to set it up.

    Best,

    Scott McGuire
    Fetch Softworks

    Posted 14 years ago #

  • Richard Member

    Hello I know this is quite an old thread but I'm looking for a mac FTP client that would allow me to connect to multiple SFTP accounts on one server using public key authentification.

    For this I need to be able to specify the public_key on a per account basis and not on a per server basis.

    I don't understand why Cyberduck is the only client that allows to specify a public key per account ..., surely it's just a matter of adding a -i public.key to the initial command line, is there not a way to do this with fetch ? If there is then I will buy fetch straight away !

    Posted 14 years ago #

  • Scott McGuire Administrator

    Hi Richard,

    My understanding is the way you're doing this in Cyberduck is to select the public key file you want to use for each account in the connection dialog or bookmark, is that correct?

    Thanks,

    Scott McGuire
    Fetch Softworks

    Edited 14 years ago #

  • Richard Member

    Yes that is how I do it. But I would also be happy with a field to manually set the public_key path to the file on my mac or maybe just set the file name in the .ssh folder ...

    Thankyou.

    Edited 14 years ago #

  • Ben Artin Administrator

    While there is no way to specify a per-connection SSH identity file inside Fetch, you can use a feature of SSH to accomplish this without any help from Fetch.

    Let's say you want to connect to account "acct1" on host "myhost" using identity file "id1", and to account "acct2" on the same host using identity file "id2".

    If you add the following to your ~/.ssh/config file:

    Host acct1-myhost
    HostName myhost
    User acct1
    IdentityFile id1

    Host acct2-myhost
    HostName myhost
    User acct2
    IdentityFile id2

    then you can type ssh acct1-myhost or ssh acct2-myhost to connect to each account using its corresponding identity file.

    Similarly, after you've added those lines to your ~/.ssh/config, you can use "acct1-myhost" or "acct2-myhost" as hostname in Fetch's New Connection dialog and Fetch will use the appropriate identity file.

    Hope this helps,

    Ben

    Posted 14 years ago #

  • Richard Member

    Thankyou I will give it a try !

    Posted 14 years ago #

  • Benedict Member

    Just to reinforce Ben Artin's point, Scott's example in the second post is slightly wrong. Scott tells you to create a config file in .ssh containing the following text:

    host your-hostname
    IdentityFile path-to-the-keyfile

    This should of course read:

    Host your-label
    HostName your-hostname
    IdentityFile path-to-the-keyfile

    This 'shortcut' can simply be invoked by typing:
    sftp your-label

    Posted 11 years ago #

  • rossideas Member

    thanks... didn't want to go to filezilla after 10 years with Fetch... you're the best.

    Posted 11 years ago #

  • afiq Member

    hi,

    about SFTP i want using public and private authentification. right now on the server i install openssh and all ok. the client can connect to the server without private and public key. can someone help me?

    Posted 10 years ago #

  • Jim Matthews Administrator

    Hi Afiq,

    I'm sorry, but I don't understand your question. Can Fetch connect to your server?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 10 years ago #

  • isaax2 Member

    Further the file config must be with 600 permission, if not, you will a error with "Bad owner or permissions on .ssh/config"

    chmod 600 .ssh/config

    Posted 10 years ago #

  • Jim Matthews Administrator

    Thanks for that info!

    Jim Matthews
    Fetch Softworks

    Posted 10 years ago #

  • Anne Member

    please clarify as to Home folder. I do not have "Go" in my finder.

    Posted 10 years ago #

  • Jim Matthews Administrator

    In the Finder there is a "Go" menu in the menu bar (at the top of the screen") between the "View" menu and the "Window" menu.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 10 years ago #

  • wheelq Member

    How do I autoaccept public keys when connecting to the SFTP? I dont want to type in YES every time :)

    Posted 9 years ago #

  • wheelq Member

    How do I auto accept public keys when connecting to the SFTP? I dont want to type in YES every time :)

    Posted 9 years ago #

  • Jim Matthews Administrator

    HI,

    Are you using Fetch?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 9 years ago #

  • veej Member

    8 years later! Thank you.

    Posted 5 years ago #

  • Pete Member

    Surprised there isn't a UI way to do this after all these years. I tried creating a file as instructed but didn't work. Still " get the message "SFTP Connection could not be opened because the connection to the SFTP server could not be established or was lost".

    Posted 4 years ago #

  • Jim Matthews Administrator

    Hi Pete,

    To troubleshoot I would recommend opening the Terminal application and typing:

    ssh -v user@host

    Where user is the SFTP username and host is the SFTP hostname. Let me know what output you see then.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 4 years ago #

  • Pete Member

    Thanks. Here's the output:

    OpenSSH_7.8p1, LibreSSL 2.6.2
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 48: Applying options for *
    debug1: Connecting to dev.kleenedge.com port 22.
    ssh: connect to host dev.kleenedge.com port 22: Operation timed out

    II think I see the problem, the connection should be on port 1010 - is there somewhere I can specify the correct port in the config file?

    Posted 4 years ago #

  • Jim Matthews Administrator

    Hi,

    Could you try

    ssh -v -p 1010 user@host

    ?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 4 years ago #

  • Pete Member

    Output as follows (edited to remove sensitive info)

    OpenSSH_7.8p1, LibreSSL 2.6.2
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 48: Applying options for *
    debug1: Connecting to dev.kleenedge.com port 1010.
    debug1: Connection established.
    debug1: identity file /Users/Dad/.ssh/id_rsa type -1
    debug1: identity file /Users/Dad/.ssh/id_rsa-cert type -1
    debug1: identity file /Users/Dad/.ssh/id_dsa type -1
    debug1: identity file /Users/Dad/.ssh/id_dsa-cert type -1
    debug1: identity file /Users/Dad/.ssh/id_ecdsa type -1
    debug1: identity file /Users/Dad/.ssh/id_ecdsa-cert type -1
    debug1: identity file /Users/Dad/.ssh/id_ed25519 type -1
    debug1: identity file /Users/Dad/.ssh/id_ed25519-cert type -1
    debug1: identity file /Users/Dad/.ssh/id_xmss type -1
    debug1: identity file /Users/Dad/.ssh/id_xmss-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_7.8
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
    debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
    debug1: Authenticating to ....:1010 as '....'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: .....
    debug1: Host '[....:1010' is known and matches the ED25519 host key.
    debug1: Found key in /Users/Dad/.ssh/known_hosts:16
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: ....
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/Dad/.ssh/id_rsa
    debug1: Trying private key: /Users/Dad/.ssh/id_dsa
    debug1: Trying private key: /Users/Dad/.ssh/id_ecdsa
    debug1: Trying private key: /Users/Dad/.ssh/id_ed25519
    debug1: Trying private key: /Users/Dad/.ssh/id_xmss
    debug1: No more authentication methods to try.
    phaworth@....: Permission denied (publickey).

    Posted 4 years ago #