Testing Tiny SFTP With Rsa Can't Connect with FileZilla

+1 vote
asked Jun 6, 2016 by richards (160 points)
retagged Aug 11, 2016 by Tomas Knopp

I am trying to test SFTP connections using an SSH key, but I can't connect to Tiny SFTP with my code or with FileZilla. Anyone have a quick guide for connections since I have no idea what I am doing wrong.

Applies to: Rebex SFTP

3 Answers

+1 vote
answered Sep 16, 2016 by Martin Vobr (12,900 points)
 
Best answer

Private/public key authentication support is included in TinySftpServer version 1.0.2. Please download it from http://labs.rebex.net/tiny-sftp-server.

You will need to put your user's public keys into the directory specified by the 'userPublicKeyDir' value in the config file.

 <add key="userPublicKeyDir" value="userKeys"/> 
0 votes
answered Jun 6, 2016 by Lukas Pokorny (94,350 points)

All keys in the current version of Rebex Tiny SFTP Server are server keys. These are used to authenticate the server to the client - to ensure that the client is connecting to the server it actually intends to connect to.

However, it looks like you are trying to use these keys to perform a client key authentication - authenticate the client to the server using a client key instead of the password. This is not yet supported by Tiny SFTP Server, but it's a very common requirement and we plan to add support for it soon.

If client key authentication is what you are trying to achieve, please let us know - we already have a beta version.

commented Jun 6, 2016 by richards (160 points)
Thanks for the explanation. Client Authentication is exactly what I am looking for and I would love to try the beta version.

Thanks!
0 votes
answered Jun 6, 2016 by Tomas Knopp (58,890 points)
edited Sep 19, 2016 by Tomas Knopp

Update: Private/public key authentication was added to TinySftpServer version 1.0.2. You can get it from http://labs.rebex.net/tiny-sftp-server. To enable it just fill the userPublicKeyDir config value.


Here is a link to the beta of Tiny SFTP server that supports public
key user authentication.


It allows you setting the public key for the user via the optional config section (within the RebexTinySftpServer.exe.config file):



So just save the public key somewhere to your disk where the Tiny server app can read it and then point to the right direction in the config file. Should be easy, hope you’ll make it. So to sum it up - server has the public key and the SFTP client uses his corresponding private key to authenticate to the server. We plan to release a new version of Rebex Tiny Sftp server that will enable to configure this easily. To receive notification when it is released, just subscribe to our Rebex labs newsletter.


If the public key is not specified, then just pure user + password authentication will be enabled in Rebex Tiny sftp server (this is also the default).


If you do specify the public key, then the server will allow the SFTP client to authenticate by his private key.
However, it will also accept the password (so it is up to the client to decide).


Please give it a try and let us know whether it works to your expectations.


If you do not have a private/public key pair generated yet, let us know we have an app for that too.

commented Jun 6, 2016 by richards (160 points)
When I set the userPublicKeyFile to my public key, I get the following error:

* System.InvalidOperationException: Data too long.
   at Rebex.Net.KDB.V()
   at Rebex.Net.KDB.Z()
   at Rebex.Net.SshPublicKey.O(Byte[] A, AsymmetricKeyAlgorithm& B)
   at Rebex.Net.SshPublicKey.L(Byte[] A)
   at Rebex.Net.SshPublicKey..ctor(String path)
   at Rebex.TinySftpServer.MainForm.SetupServer()

I am using the following public key:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAv8wzsu9099II58knRYbw3qz8fsF9HaKSBK+0n4KiXAzEbasROLZVT/JymQqEWijIkeeFQKJ3bnHsSr65NlwvjVNXnjmTbyEykMcQOXmhHupk15xAELp5AW8e0AEOVqge1VIiHRJId3Un2LyZxZ9zIfE3+v7nEScbxLdFG1gBR80= testRSA

Is this a problem with Tiny SFTP or am I messing something up?
commented Jun 7, 2016 by Lukas Pokorny (94,350 points)
edited Jun 29 by Lukas Matyska
UPDATE: from version 1.0.5 authorized_keys format is supported.

The beta version doesn't currently accept keys in OpenSSH authorized_keys format. You can easily convert the key into a supported format by removing the "ssh-rsa" header and "testRSA" footer, decoding the base64-encoded string and saving the resulting byte array into a file:
            File.WriteAllBytes("mykey.pub",
                Convert.FromBase64String(
                    "AAAAB3NzaC1yc2EAAAABIwAAAIEAv8wzsu9099II" +
                    "58knRYbw3qz8fsF9HaKSBK+0n4KiXAzEbasROLZV" +
                    "T/JymQqEWijIkeeFQKJ3bnHsSr65NlwvjVNXnjmT" +
                    "byEykMcQOXmhHupk15xAELp5AW8e0AEOVqge1VIi" +
                    "HRJId3Un2LyZxZ9zIfE3+v7nEScbxLdFG1gBR80="));
...