Ask a Question

How to do passwordless file transfer without using password in ssh private key object ?

0 votes
by (180 points)

Hi Team

I want to perform password less SFTP from Web farm server to Application server. I have 3 questions in this regard ->

Question 1. How to perform passwordless SFTP in Rebex method without using password ? Looks like password is compulsory parameter ?
Currently i am transferring the using SFTP protocol using below syntax ->
Sftp RebexFtp = new Sftp();
RebexFtp.Connect("Server_Name");
RebexFtp.Login("UserName", "Password");

But as per organization policy, since i must do password less SFTP, i can not use password here. Hence i checked Rebex method that
has sshprivate key as parameter. But in order to create sshprivatekey object, password is must, which I don't want to provide.
SshPrivateKey sshPrivateKey = new SshPrivateKey("MyPrivateKey.ppk", "password");
RebexFtp.Login("UserName", sshPrivateKey);
ftp.PutFile("sourcepath", "Destination_path");

My question is how to do SFTP transfer of file without using password and just using private key ? Is it possible in Rebex ?

Question 2. In Webfarm server environment, can I use same public key / private key combination for all web farm servers?
In regular scenario, we generally have one source server and one destination server to establish trust for password less connectivity.
But in my case, I have 4 web different farm servers as source and 1 application server as destination.
In this case, can I use same public private key combination from all 4 source servers to the one destination server ?
Is it good idea ?

Question 3. Path for creating ssh private key object on web server
Since my code will execute on web farm server, while creating object for ssh private key, what path do i need to give, physical or relative ?
SshPrivateKey sshPrivateKey = new SshPrivateKey("MyPrivate_Key.ppk", "password");

Please let me know. Since this is urgent.

Applies to: Rebex SFTP

1 Answer

0 votes
by (15.2k points)

Hello,

1) If you already have private public key which was password encrypted, you have to use the password. There is no other way. However, if you can generate new one and want to use it later, you can use this short code

SshPrivateKey pk = SshPrivateKey.Generate();
pk.Save(@"C:\temp\private_key.ppk", null, SshPrivateKeyFormat.Putty);

When saving a key just provide null value into password parameter. Then use this generated key as you did before, but use null as well in the SshPrivateKey constructor.

2) You have to have the same key pair accessible on all your web farm servers. It is the same idea as connecting to your mailbox from your PC and your phone. You just authenticate on the application server as a user from different client devices/servers. If you do not need to differentiate source machine on your application server, it seems ok for me.

3) As I said in previous question answer, you have to have your key pairs accessible from all your web farms servers. Whether you copy your key pairs to all your servers or provide some shared files that your servers can load your keys, it doesn't matter. The path has to be physical path as you would browse it in a file manager application or a console. If you can open your key file using plain .NET functionality (like File.Open(key_path)), you should be fine with loading that key into SshPrivateKey/SshPublicKey objects.

by (180 points)
Hi Pavel

Thanks for your quick response.

I use PuttyGen to generate public key and private keys. So If I use private key generated from PuttyGen in sshprivatekey constructor and provide password as NULL, it should work, right ?
by (15.2k points)
Hi,

If you generated your keys without a password, you are right, it should work.
by (180 points)
I am not sure what do you mean by "Password". In PuttyGen, while saving public private key we have option of providing  "Key passphrase", which is not mandatory and we generally don't provide.
Are you referring to Key passphrase ?
by (15.2k points)
Yes, I am referring to Key passphrase as a password. What you will fill in Key passphrase you have to provide into password parameter in our SshPrivateKey/SshPublicKey API. So if you leave it blank, then you actually have to use `null` in our API.
by (180 points)
Thanks a lot !!!!
I will try and keep you posted.
...