Your best friend for file transfer.

SFTP with public key - how? (39 posts)
- Started 13 years ago by Franz
- Latest reply 3 years ago from Pete
-
Franz Member
-
Scott McGuire Administrator
Hi,
You want to create a file named "config" in the ".ssh" folder of your home folder (if this file already exists you should just append lines to it). The file should contain lines like the following:
host your-hostname
IdentityFile path-to-the-keyfilefor example:
host ftp.example.com
IdentityFile ~/.ssh/key-for-example.pemPlease let us know if this is not clear, or if you run into any problems.
Thanks,
Scott McGuire
Fetch Softworks -
Franz Member
Hi Scott,
Thank You, it works.
Franz
-
Scott McGuire Administrator
Hi Franz,
You're welcome, and we're glad to hear you got it working.
Best,
Scott McGuire
Fetch Softworks -
Jason Member
I'm encouraged that this can work, but don't get the instructions...
By "home" folder what do you mean? I'm not aware of a Fetch home folder but did place my PEM in my user folder. How would fetch be aware of a file here unless explicitly set in the settings or connection? But I cannot find where to set the PEM path in Fetch...
I followed the instructions here:
http://fetchsoftworks.com/fetch/help/Contents/Tutorial/UsingSSHAgent.html
and after submitting the dummy password, Fetch errors: "Connection could not be established" I am able to SSH from the command line with my PEM...Thanks.
-
Scott McGuire Administrator
Hi,
By "home" folder we meant what I think you are calling your "user" folder. That is, the folder you get to when you go to the Finder's Go menu and choose "Home."
However, you cannot see the .ssh folder in your home folder with the Finder. You need to use the command line. You would do something like:
* Open Terminal
* Type "cd ~/.ssh" (without quotes) to change to the .ssh folder.
* Either create a file named "config" in that directory, or if one already exists, open it.
* Add two lines to the config file as described above. If your PEM file is in your home folder, you would type something like:host your-hostname-goes-here
IdentityFile ~/name-of-your-pem-file.pemThis tells SSH how to find your PEM file automatically, and then Fetch, which uses Mac OS X's SSH to open the SFTP connections, will be able to find and use it too.
I hope this helps clarify things.
Thanks,
Scott McGuire
Fetch Softworks -
ispiderman Member
thumbs up, way up for the instruction posted on this page. It works!!! I searched and searched all over the web, but could not find any way to set Fetch or any other mac sftp client to accept .pem file my client sent me to log into their server. THANK YOU!!! How come Fetch UI or other client does not allow for this is rather frustrating. But THANK-YOU again.
-
Scott McGuire Administrator
Hi ispiderman,
You're welcome and we're glad you found this information helpful.
We don't have a UI way to do this because honestly, until a couple of months ago, no one had asked us how to accomplish this with Fetch; and it still remains pretty uncommon. But we will keep an eye on the requests and feedback and if it seems like using .pem files become much more common, we will consider adding UI for it. But one thing we will do is update the help to include these instructions on how to set it up.
Best,
Scott McGuire
Fetch Softworks -
Richard Member
Hello I know this is quite an old thread but I'm looking for a mac FTP client that would allow me to connect to multiple SFTP accounts on one server using public key authentification.
For this I need to be able to specify the public_key on a per account basis and not on a per server basis.
I don't understand why Cyberduck is the only client that allows to specify a public key per account ..., surely it's just a matter of adding a -i public.key to the initial command line, is there not a way to do this with fetch ? If there is then I will buy fetch straight away !
-
Scott McGuire Administrator
Hi Richard,
My understanding is the way you're doing this in Cyberduck is to select the public key file you want to use for each account in the connection dialog or bookmark, is that correct?
Thanks,
Scott McGuire
Fetch Softworks -
Richard Member
Yes that is how I do it. But I would also be happy with a field to manually set the public_key path to the file on my mac or maybe just set the file name in the .ssh folder ...
Thankyou.
-
Ben Artin Administrator
While there is no way to specify a per-connection SSH identity file inside Fetch, you can use a feature of SSH to accomplish this without any help from Fetch.
Let's say you want to connect to account "acct1" on host "myhost" using identity file "id1", and to account "acct2" on the same host using identity file "id2".
If you add the following to your
~/.ssh/config
file:Host acct1-myhost
HostName myhost
User acct1
IdentityFile id1Host acct2-myhost
HostName myhost
User acct2
IdentityFile id2then you can type
ssh acct1-myhost
orssh acct2-myhost
to connect to each account using its corresponding identity file.Similarly, after you've added those lines to your
~/.ssh/config
, you can use "acct1-myhost" or "acct2-myhost" as hostname in Fetch's New Connection dialog and Fetch will use the appropriate identity file.Hope this helps,
Ben
-
Richard Member
Thankyou I will give it a try !
-
Benedict Member
Just to reinforce Ben Artin's point, Scott's example in the second post is slightly wrong. Scott tells you to create a config file in .ssh containing the following text:
host your-hostname
IdentityFile path-to-the-keyfileThis should of course read:
Host your-label
HostName your-hostname
IdentityFile path-to-the-keyfileThis 'shortcut' can simply be invoked by typing:
sftp your-label -
rossideas Member
thanks... didn't want to go to filezilla after 10 years with Fetch... you're the best.
-
afiq Member
hi,
about SFTP i want using public and private authentification. right now on the server i install openssh and all ok. the client can connect to the server without private and public key. can someone help me?
-
Jim Matthews Administrator
Hi Afiq,
I'm sorry, but I don't understand your question. Can Fetch connect to your server?
Thanks,
Jim Matthews
Fetch Softworks -
isaax2 Member
Further the file config must be with 600 permission, if not, you will a error with "Bad owner or permissions on .ssh/config"
chmod 600 .ssh/config
-
Jim Matthews Administrator
Thanks for that info!
Jim Matthews
Fetch Softworks -
Anne Member
please clarify as to Home folder. I do not have "Go" in my finder.
-
Jim Matthews Administrator
In the Finder there is a "Go" menu in the menu bar (at the top of the screen") between the "View" menu and the "Window" menu.
Thanks,
Jim Matthews
Fetch Softworks -
wheelq Member
How do I autoaccept public keys when connecting to the SFTP? I dont want to type in YES every time :)
-
wheelq Member
How do I auto accept public keys when connecting to the SFTP? I dont want to type in YES every time :)
-
Jim Matthews Administrator
HI,
Are you using Fetch?
Thanks,
Jim Matthews
Fetch Softworks -
veej Member
8 years later! Thank you.
-
Pete Member
Surprised there isn't a UI way to do this after all these years. I tried creating a file as instructed but didn't work. Still " get the message "SFTP Connection could not be opened because the connection to the SFTP server could not be established or was lost".
-
Jim Matthews Administrator
Hi Pete,
To troubleshoot I would recommend opening the Terminal application and typing:
ssh -v user@host
Where user is the SFTP username and host is the SFTP hostname. Let me know what output you see then.
Thanks,
Jim Matthews
Fetch Softworks -
Pete Member
Thanks. Here's the output:
OpenSSH_7.8p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to dev.kleenedge.com port 22.
ssh: connect to host dev.kleenedge.com port 22: Operation timed outII think I see the problem, the connection should be on port 1010 - is there somewhere I can specify the correct port in the config file?
-
Jim Matthews Administrator
Hi,
Could you try
ssh -v -p 1010 user@host
?
Thanks,
Jim Matthews
Fetch Softworks -
Pete Member
Output as follows (edited to remove sensitive info)
OpenSSH_7.8p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to dev.kleenedge.com port 1010.
debug1: Connection established.
debug1: identity file /Users/Dad/.ssh/id_rsa type -1
debug1: identity file /Users/Dad/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Dad/.ssh/id_dsa type -1
debug1: identity file /Users/Dad/.ssh/id_dsa-cert type -1
debug1: identity file /Users/Dad/.ssh/id_ecdsa type -1
debug1: identity file /Users/Dad/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/Dad/.ssh/id_ed25519 type -1
debug1: identity file /Users/Dad/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/Dad/.ssh/id_xmss type -1
debug1: identity file /Users/Dad/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to ....:1010 as '....'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: .....
debug1: Host '[....:1010' is known and matches the ED25519 host key.
debug1: Found key in /Users/Dad/.ssh/known_hosts:16
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: ....
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/Dad/.ssh/id_rsa
debug1: Trying private key: /Users/Dad/.ssh/id_dsa
debug1: Trying private key: /Users/Dad/.ssh/id_ecdsa
debug1: Trying private key: /Users/Dad/.ssh/id_ed25519
debug1: Trying private key: /Users/Dad/.ssh/id_xmss
debug1: No more authentication methods to try.
phaworth@....: Permission denied (publickey).
Hello,
how can I make a SFTP-connection with a public-key-authentification? (with SSH it is the option: -i xxxxkey).
I have tried the way as it was described in the online-manual,(»Using SSH public/private keys or ssh-agent with Fetch«) but it will not work with Fetch, but with SSH (option: -i xxxxkey) and another FTP-App (where I can choose my key).
How can I with Fetch select the private key which I need?
Franz
Posted 13 years ago #