Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
ssh_keys.png 20.1 kB 2 05-Dec-2023 05:32 Ben Spink
jpg
ssh_keys1.jpg 143.3 kB 1 05-Dec-2023 05:32 Ada Csaba
jpg
ssh_keys2.jpg 178.0 kB 1 05-Dec-2023 05:32 Ada Csaba

This page (revision-17) was last changed on 05-Dec-2023 05:32 by Ada Csaba

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
The list of paths to trusted SSH key files controls the public / private key authentication that SFTP allows for. This setting does not want you to enter in a 'trusted keys file', or a folder path, but rather the path to the actual key file itself. So '/files/keys/' is bad, while '/files/keys/ben.pub' would be OK. Separate multiple items with new lines. Most SSH key formats are supported.
The list of paths to trusted SSH key files controls the public / private key authentication that SFTP allows for. If set, we will assume the user will attempt [SSH public key based authentication|https://www.ssh.com/academy/ssh/public-key-authentication], if no password is supplied at login time. In real-life use case the client end generates the key pair, supplies server side \\
the public key that the server admin will apply on their user account. Server side has no knowledge of the matching private key, that would be the end client's own secret.\\
At line 3 changed one line
[attachments|ssh_keys.png]
[{Image src='ssh_keys1.jpg' width='1920' height='..' align='left' style='..' class='..' }]\\
\\
!!Allowed values for the input field:\\
__.__ a single or multiple file paths pointing to individual public key files, like /c:/sshkeys/test.pub. This option is to be used when setting up individual user accounts with SSH public keys\\
\\
__.__ a directory path pointing to a directory that contains the user public keys, the key files inside must have their filename stem part matching the user name, we then load these automatically. This option is to be used when assigning the setting by inheritance on the __default__ user, local group template\\
accounts or LDAP plugin Role template or any integration plugin's global template. For example, a domain user named __johndoe@intranet.local__ will associate with a key file named __johndoe.pub__ (part of user name and key file name stem matches from left to right starting with the \\
leftmost character)\\
\\
__.__ the content of the public key file itself\\
\\
__.__ multiple public keys pasted in, one on each new line terminated with __;;;__ like\\
{{{ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbYYodleVXqAIWLQpw1S4cPKxyiuNtmCJkyJBEAd0K+nRy/FOIVosCJTamoq9wy6T1zZ8/tgDLjTSdOr8d4+CwdDYXviT6oN6cxqJmti3bZBzWfFXm6H3jJlY4TVr+BgIKf8els1pSvvqs77CgT2LOp894IFqctQ5Knz0PLBqCIOIUbeZYrvEtWsXI5af+8rrwquQ1HE7dB2DgLEvRL2B9rKkEaO9zQtN/Uj8LObXbIHjHN13qpThi676ZmleE2UHNGrkkmM7eHxolDKMaBWOza+6NsiqdB6WrA66p1XDDjDRVgKxC/lkuGdWmTSUkMmmQFW2mPIIsBXXHW/miKbN7;;;
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCnVK37Nrzpo6zzjrwb++yTAQaRtFVEsmF8O+5ePXX+YeWzkVJrzPGitjm7U8KJL1SibqJPJy3VhuwR1sTWotKdwvIY14lyQF+2qNeYb0NwsH4vD0p7JGC/OlLydG0/uRYYWmJQpqoNAzT3Cvbd3xvMzJyBCSAg8iHXniV/f3otDiJFvnQ5XVt6hk9txMbuZrPt84Kp1Dp8lUSTlUF5EYmDhBqww6vBRxH+1EROFfulLYv976Pn39db0+UfaxNJ6v1S6M/OzWzHNf+G+luGdEJrEGsHZK8XCVF8xEYjG2apn07hf3gsc3vcrV/SeoG4jlR6SyVUsXeZSmRgYgtdVnV;;;
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAX/UkAkGxzxGX/ljI+Iwv9P3saLr6kIp0MWqHUIFYfYtA31pPGn9uBTE39cTZq9XJh4wCmpzlLjG5so6pmYlgchhLwHltCrmpgeTc8gg3ABFd9hp6t4nQTkug99plL+gLXqNOX3puojd/EfWDlOZTzX2ytqhTG3+e4vBA1qsLs6IJt3u2hzSbhKJjBuBnioh/QVW+etE2gEMDpLobFgWHdrIJy1scSG/HU+SvmheiOfeQNPkBGOeZREWXv3xRbPzQaduZwmfZTdNKU2rWz2r5dgl20olqOTvJQSHBAKyOZaB5hRnlbjRY4K+g/qWDC230NAUtTGyr6pQZgP/2SlsD;;;}}}
\\
!!Supported key file type and format:\\
__The key file container__ must be plain text with __PEM__ encoded SSH public key in __SSHv2__, __openssh.com__ or __putty__ format. The older SSHv1 format is not supported.\\
\\
__Supported SSH key algorithms__ in CrushFTP v10 are __SSH2-RSA__, __DSA__ (obsolete), __ECDSA__ and __ED25519__. The older SSH1 RSA algorithm is not supported.\\
\\
__Key size:__ For RSA keys, the minimum size is 1024 bits and the default is 2048 bits . Generally, 2048 bits is considered sufficient, though these can be as large as 8192 bits (slow). DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys either 256, 384 or 521 bits. Ed25519 keys have a fixed length.
\\
----
!Require public key and password for authentication:
This option will enforce two factor private key + password authentication for SFTP.
\\
----
!!Generating the key pair:
__OS X or Linux__\\
\\
Generate a key pair by issuing this command in a Terminal window:
At line 5 changed one line
There is also a more generic way to use this field. If the key file has the exact name of the user logging in, you can instead reference the directory '/files/keys/'. In this case there would need to be a file named 'ben' in that directory.
{{{ssh-keygen -b 2048 -t rsa -N "" -f /somefolderpath/johndoe.key
}}}
Take the resulting public key and point CrushFTP to it as described above.
__Windows__
Windows PowerShell now includes an [openSSH stack|https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse], can use the same __ssh-keygen__ tool as above.\\
\\
If you are unsure of how to generate a public / private key pair for your SFTP client, you may want to take a look at [puttygen|https://the.earth.li/~sgtatham/putty/0.77/w64/puttygen.exe] for Windows to generate the keys.\\
\\
[{Image src='ssh_keys2.jpg' width='80%' height='..' align='left' style='..' class='..' }]\\
\\
CrushFTP can use the public key file you generate.\\
Version Date Modified Size Author Changes ... Change note
17 05-Dec-2023 05:32 4.59 kB Ada Csaba to previous
16 05-Dec-2023 05:32 4.591 kB Ada Csaba to previous | to last
15 05-Dec-2023 05:32 4.592 kB Ada Csaba to previous | to last
14 05-Dec-2023 05:32 3.335 kB Ada Csaba to previous | to last
13 05-Dec-2023 05:32 3.186 kB Ada Csaba to previous | to last
12 05-Dec-2023 05:32 2.877 kB Ada Csaba to previous | to last
11 05-Dec-2023 05:32 2.498 kB Ada Csaba to previous | to last
10 05-Dec-2023 05:32 2.305 kB Ada Csaba to previous | to last
9 05-Dec-2023 05:32 1.634 kB Ada Csaba to previous | to last
8 05-Dec-2023 05:32 1.229 kB Ada Csaba to previous | to last
7 05-Dec-2023 05:32 1.161 kB Ben Spink to previous | to last
6 05-Dec-2023 05:32 1.191 kB Ben Spink to previous | to last
5 05-Dec-2023 05:32 1.189 kB Ben Spink to previous | to last
4 05-Dec-2023 05:32 1.193 kB Ben Spink to previous | to last
3 05-Dec-2023 05:32 0.673 kB Ben Spink to previous | to last
2 05-Dec-2023 05:32 0.676 kB Ben Spink to previous | to last
1 05-Dec-2023 05:32 0.674 kB Ben Spink to last
« This page (revision-17) was last changed on 05-Dec-2023 05:32 by Ada Csaba
G’day (anonymous guest)
CrushFTP11 | What's New
JSPWiki