Add certificate login via SFTP - RESOLVED!

Report bugs and unexpected behavior here.
Post Reply
jorgemvo
Posts: 7
Joined: Tue Apr 09, 2019 10:06 pm

Add certificate login via SFTP - RESOLVED!

Post by jorgemvo » Sat May 23, 2020 8:54 am

SFTP source is a great addition to Neutron. I've manager to making it work with a SFTP server in OpenWRT. But its would be safer to use certificates rather than passwords. Is this a possibility in Neutron?

SOLUTION:

After some tries and a very precious and fast response from the developer (thank you once again), I've managed to make keys and put them to work in about 10 minutes. I'll try to help those with Windows 10 (such as myself), and in my particular case, a OpenWRT router running Dropbear.

First, and after making sure Dropbear is working properly at accepting SSH connections with a user account created in it (don't EVER use root to login with SSH from the internet!!!), that I tried first using login+password, then it's time to create keys for the connection.

Don't use Putty to create keys! If you search for SSH and Windows, there will be a lot of sites telling to use Putty. Just DON'T!! Putty keys are not compatible with OpenSSH.

Install OpenSSH server in windows 10. For that, go to Settings > Apps > Apps and Features > Manage Optional Features. Click Add a Feature, then search for OpenSSH Server.

After installed, its ready to work. Use Windows Powershell or Command Prompt to create the keys. For a minimum security key, you can just type "ssh-keygen". It'll create a RSA 2048 bit key. It'll ask for a name for the keys. Use whatever you want. They'll be created in C:\Windows\users\"user account name". I chose to create a more secure public+private key combination by typing "ssh-keygen -t rsa -b 4096".

The file with no extension is the private key. The one with .pub extension, is the public key.

After this, you'll have to add the public key inside the users home folder (I'm refering to OpenWRT), which is located in /home/"user_name"/.ssh, in a file called "authorized_keys". This file has to have the permissions 0600 and the owner being the user name, and the folder .ssh has to have the same owner and 0700 permissions. After that, restart the router, or only the Dropbear service.

When the server is up and running, you have to use some kind of file explorer in Android to open the private key file, copy ALL of the contents (just select all - copy) and paste them on the Neutron corresponding field. Do the same with the public key file (.pub), pasting in the correct field in Neutron. And that's it! Simple and much safer than using user+password.

Hope this will help a lot of users.
Last edited by jorgemvo on Wed May 27, 2020 11:03 pm, edited 2 times in total.

jorgemvo
Posts: 7
Joined: Tue Apr 09, 2019 10:06 pm

Can't login to SFTP with private key

Post by jorgemvo » Mon May 25, 2020 10:35 pm

I've already setup my server (Dropbear in OpenWRT) to be able to login with RSA keys. I manage to login from my windows PC with Putty and WINSCP using the keys I've made. But not with Neutron... What part am I supposed to copy from the private and public keys? Everything including from public:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-*****"
AAAA******
---- END SSH2 PUBLIC KEY ----

and from private:

-----BEGIN OPENSSH PRIVATE KEY-----
b3Bl***********
*********
CAkKCw==
-----END OPENSSH PRIVATE KEY-----


Or only the main part of the key? I tried multiple combinations, but so far it won't login.

EDIT: From what I can see on my server logs, it's only trying to login via password, not SSH keys. Even though I have password login disabled on my server.

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 5:01 am

Generally if you want somebody to allow you to access their server you give them your public key ( that's why it's called public so that you can give it away ). You keep your private key to yourself. So I would think you'll have to give your public key to the server and the private key to Neutron ( never did this myself - does it ask ? for what ? file or key value ? ). What to give Neutron if it asks not for a file but for the key value ? I'd try the key itself without the comments.

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 5:08 am

From what I see on the user interface Neutron doesn't ask for keys but password :

sftp.PNG
sftp.PNG (19.1 KiB) Viewed 66 times
Found this on some forum, but that's perhaps specific for that client

sftp is used either with entering password etc. manually or passwordless via key exchange.
[...]
Set up public keys which have been generated without entering a passphrase using ssh-keygen and try again.
So you could try without userid and password if you've successfully set up keys, if Neutron behaves as a shell would do then it shouldn't need userid and password if a key pair has been set up.

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 5:53 am

I just browsed a bit with regard to ssh. I would seem that every client has its own rules regarding location and name of ssh key files. So if Neutron doesn't ask for a key or its location I don't see where it would get one from. So perhaps Neutron doesn't work with keys and only relies on userid and password.

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 5:56 am

asked the developer :
does Neutron support the use of SSH keys ? It only asks for userid and password. If it does support keys, how to give them to Neutron, where to store and how to name the key files ?

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 9:21 am

ok, tried with the new version ... and there it is :D

Screenshot_20200526-111906_Neutron_copy_360x388.jpg
Screenshot_20200526-111906_Neutron_copy_360x388.jpg (32.47 KiB) Viewed 50 times
I suggest you try to enter the contents of the private key into the private key area, using the key pair whose public key is used by the server.

jorgemvo
Posts: 7
Joined: Tue Apr 09, 2019 10:06 pm

Re: Can't login to SFTP with private key

Post by jorgemvo » Tue May 26, 2020 2:27 pm

I've done all of this several times. Pasted several different formats of the keys (Putty, OpenSSH, ssh.com), and none of those work. The issue is not with my server, because I connect just fine with keys using Putty, WinSCP and even an Android APP (Solid Explorer).
When I check my Server logs (Dropbear on a OpenWRT router), it says if I log in via user+password or user+key. Using all the other programs, it logs as user+keys. But with Neutron, even if I don't use a password, only with user+key, my server will log as an user+password atempt, as if neutron didn't even try to user the keys...

Other thing is that with all of the other software, I only need to provide my private key to login. I don't understand why with Neutron it asks for both the private and the public key...

blaubär
Posts: 1023
Joined: Tue Apr 02, 2019 6:48 am

Re: Can't login to SFTP with private key

Post by blaubär » Tue May 26, 2020 3:38 pm

The developer wrote
just copy-paste contents of key-files to that areas and it should work.
Yes, the public key is used to allow you access on the server side, you won't need that on client side.
I suggest you contact neutronmp@gmail.com . Perhaps you can prepare a key-pair for that purpose and send it together with screenshots, so that the developer can test with your keys.

jorgemvo
Posts: 7
Joined: Tue Apr 09, 2019 10:06 pm

Re: Can't login to SFTP with private key

Post by jorgemvo » Tue May 26, 2020 6:08 pm

blaubär wrote:
Tue May 26, 2020 3:38 pm
The developer wrote
just copy-paste contents of key-files to that areas and it should work.
Yes, the public key is used to allow you access on the server side, you won't need that on client side.
I suggest you contact neutronmp@gmail.com . Perhaps you can prepare a key-pair for that purpose and send it together with screenshots, so that the developer can test with your keys.
Thanks for your suggestion, I've just sent him an e-mail. Hope there will be a solution, because on top the SFTP connection being much faster for me than FTP (FTP takes about 6 hours to scan through my library vs 3/4 hours with SFTP), it's also much safer.

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 0 guests