Zeus IDE

Use this forum to ask for help, submit a bug report or make a suggestion.
http://www.zeusedit.com/zBB3/

Public Key auth. for SFTP logins?

http://www.zeusedit.com/zBB3/viewtopic.php?t=314

Page 1 of 1

Public Key auth. for SFTP logins?

Posted: Wed Feb 15, 2006 11:49 pm
by lazareus
Can I configure Zeus to use my public key for authenticating sftp?
My SSH servers are all configured to refuse passwords. :-(

Posted: Tue Feb 21, 2006 11:02 pm
by jussij
Can I configure Zeus to use my public key for authenticating sftp?

I don't think Zeus can currently do this :(

Is it possible to do configure the Putty client to connect using your public key :?:

If the answer is yes, what configuration steps do you take to make this happen :?:

Cheers Jussi

Posted: Fri Feb 24, 2006 3:18 am
by lazareus
I have Putty, and it is configured to use my key.
You may know that you can create and save a "profile" w/ putty, and I have profiles saved for all servers. So, when running Putty (or Plink) you just reference the saved profile on the command line, like:

Code: Select all

putty @profilename
I assume when you say Putty, you really mean Plink. It would be more useful for "backgrounded" transfers. In SciTE for example, I have a "tool" set up that runs:

Code: Select all

plink @profilename ls $1
where $1 is replaced at runtime w/ the directory on the server I want a listing of.
and another:

Code: Select all

plink @profilename cat $1/$2
which gets me the contents of a file named in $2.
HTH!
I'm liking Zeus pretty well by the way. :-) More docs would be nice. You've got some features I don't quite grasp. :0
I'll get back to you on that. :-)

Posted: Wed Mar 08, 2006 3:01 am
by jussij
Using Putty can't you configure a default public key :?:

It looks like Putty stores this key detail in the registry at this location:
HKEY_CURRENT_USER\Sessions\Default Settings\PublicKeyFile
If this registry entry is is present, from looking at the OpenSSH code it looks like Zeus should load and use this key when it tries to connect ;)

Jussi

Posted: Sat Mar 18, 2006 2:47 am
by Guest
But I have configured putty?
any of the suite of programs included with Putty will hook right up.
and if you'll pardon my asking, what does openSSH have to do with it?
I also use the Cygwin openSSH server and clients on this same machine,
and I can't find anything that software has stored in my registry.
Those components are also configured to use public key auth, and work just fine. In other words, I have seen to the proper contents of my .ssh folder in my home directory. :-)
The "Sessions" key you pointed me to does not exist on my machine. I would create it manually to test if you could tell me which format key to use. ssh-keygen (from openSSH) and puttygen create keys in different formats, and the public key requires manual editing before adding it to the authorized_keys file on the server.
It would be great if Zeus would do the same as other SSH/SFTP clients, and look to ~/.ssh for all configuration.
Thanks for your follow-up, my apologies for my delayed response. :oops:

Posted: Sun Mar 19, 2006 10:26 pm
by jussij
if you'll pardon my asking, what does openSSH have to do with it?

Zeus uses the OpenSSH set of DLL's to do the SSH authentication.
The "Sessions" key you pointed me to does not exist on my machine.

Could you download this new xNet.dll. To install and test this new dll do the following:
  1. Backup current xnet.dll
  2. Install the new dll
  3. Attempt to connect to the server
  4. Cancel failed ftp logon
  5. Now there should be a new registry \\HKEY_CURRENT_USER\Software\xidicone\SSH_FTP section
  6. One of the registry values will be a public key file
  7. Enter the full file name of the public key file
  8. Attempt to connect to the server again
the public key requires manual editing before adding it to the authorized_keys file on the server.

For just this reason this dll has not yet been fully tested :(

But based on how the OpenSSH code reads this change will hopefully mean that the public key file is used when attempting the logon :?

If the change does not work let me know and I then will then set up a SSH server to fully test this new code.
It would be great if Zeus would do the same as other SSH/SFTP clients, and look to ~/.ssh for all configuration.

I will see if the OpenSSH version that Zeus uses looks for this configuration file.

Cheers Jussi

Posted: Wed Mar 22, 2006 2:10 am
by Guest
Wow, thanks for trying!

I installed the dll, ran Zeus, tried a connection and got:

Code: Select all

Fatal Connection Error

Couldn't agree a client-to-server cipher (available:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr)
clicking ok on that got me to the expected 'failed connection' message, at which point the registry keys mentioned in your instructions did exist.
manually entering the path to an openSSH public key file, (enclosed in quotes, there's spaces in the path) and trying again showed the same behaviour.
the server there is OpenSSH_4.3p1, OpenSSL 0.9.7d.
it's configured to accept only SSH2 connections, but on this machine I have not excluded the "weak ciphers". (what they call it in the man pages)
I tried another server, with the same version of OpenSSH, but OpenSSL 9.8a - same results. On this server "weak ciphers" are refused, but I'm sure I remember from the OpenSSH manual, that most of the ciphers on that list are available.
I just realized, this may not matter but I'll mention it. I have a number of open-source apps installed, stuff ported from unix, that all want to be on the path, and all install their own ssl dlls. I have to shuffle my path around sometimes to make some of them work. if xnet.dll is all there is to it, then I suspect Zeus will not suffer from that?
Again, thanks for trying. :D

Posted: Wed Mar 22, 2006 2:14 am
by Guest
just a thought - I could put a server in debug mode, redirect the output to a file and post it here, or put it on the web for you.
after trying a connection of course. :-)
Let me know if that would help.

Posted: Wed Mar 22, 2006 2:41 am
by jussij
The OpenSSH that Zeus uses are these dll files found in the Zeus install directory:

Code: Select all

xnet.dll 
ssleay32.dll
Since the xnet.dll is a Zeus only dll that talks to the OpenSSH dll's,it should not matter what other software is installed on your machine.

Feel free to post the server trace messages to this thread.

In the mean time I will have to setup a SSH server and do some extra debugging at this end :(

Cheers Jussi

Posted: Wed Mar 22, 2006 3:46 am
by Guest
Wow, you're fast.
I just came back to add that I updated to the 3.95t release, and tried connecting w/ and w/out the xnet.dll you posted, and both scenarios gave same results as prev. version.
I also went looking in the Zeus folder and saw that you did indeed ship ssl dlls so I cleared my path ( to .;c:\windows;c:\windows\system32 ) and ran Zeus from a command prompt, in the zeus folder. as you predicted, it made no difference.
so I did the trace, I'm surprised at how little output it generated, but it looks like the client offers no ciphers:

Code: Select all

Server listening on 0.0.0.0 port 22.
no matching cipher found: client  server aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
I ran the trace starting Zeus from "clean path" command prompt, with the xnet.dll you posted. good luck, and thanks again for looking at it.

Posted: Wed Apr 11, 2007 10:55 pm
by jussij
This bug is now fixed :)

To fix this issue you will need to do the following:
  1. Download this file: http://www.zeusedit.com/z300/xnet.zip
  2. Use it to replace the xnet.dll found in the Zeus install directory
  3. Delete this registry key if it exists: HKEY_LOCAL_MACHINE\SOFTWARE\Xidicone\SSH_FTP
  4. Restart Zeus
Cheers Jussi
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited