centos 72 -- apache2 with virtual hosts -- sftp key-ed access
part6: filezilla and sftp
filezillais a wonderful tool to update your website. It would be great if our customers rock and roll could use it for this purpose. In filezilla's menu - Edit - Settings, there is an SFTP import-your-private-keys window. Unfortunately it refuses to convert the keys from user rock.
So we're going to try to move our private key to a machine with putty-tools to convert it to filezilla's preferred format, and next move it to our ubuntu-student-client-machine and import it into filezilla.
This was one of those wonderfull ideas that didn't work ... the generation and transfer in both directions worked, but filezilla did not accept anyway.
Read on to laugh at all the work we did for nothing (but don't waste your time)
... better skip to section 2 immediately.
where are we
I'm using a virtual machine in NAT on my laptop:
user@M17 ~ $ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:a0:a0:04
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
- install puttytools
$ sudo apt-get install putty-tools [sudo] password for user: x-x-x-x The following NEW packages will be installed: putty-tools Get:1 http://archive.ubuntu.com/ubuntu/ trusty-updates/universe putty-tools amd64 0.63-4ubuntu0.1 [298 kB] Fetched 298 kB in 0s (422 kB/s) Unpacking putty-tools (0.63-4ubuntu0.1) ... Setting up putty-tools (0.63-4ubuntu0.1) ...
- testing connection to ubuntu-student-client
user@M17 ~ $ ssh -p 65250 email@example.com The authenticity of host '[rohtang.gnubizz.net]:65250 ([126.96.36.199]:65250)' can't be established. ECDSA key fingerprint is 4a:25:c0:cc:1f:19:41:95:81:39:ec:3d:49:73:ce:1c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[rohtang.gnubizz.net]:65250,[188.8.131.52]:65250' (ECDSA) to the list of known hosts. firstname.lastname@example.org's password: Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-85-generic x86_64) Memory usage: 44% IP address for eth0: 10.10.0.250 Swap usage: 0% Last login: Sun May 8 15:41:28 2016 from 2a01:4f8:202:6116:1000::2
- copy from ubuntu-student-client to local machine
user@M17 ~ $ scp -P 65250 email@example.com:~/.ssh/id_rsa . firstname.lastname@example.org's password: id_rsa 100% 1679 1.6KB/s 00:00
user@M17 ~ $ ls Desktop Downloads Music Public Videos Documents id_rsa Pictures Templates
- generating putty compatible key
user@M17 ~ $ sudo puttygen id_rsa -o id_rsa.ppk user@M17 ~ $ ls Desktop Downloads id_rsa.ppk Pictures Templates Documents id_rsa Music Public Videos
- copy from local to ubuntu-student-client
user@M17 ~ $ scp -P 65250 id_rsa.ppk email@example.com:~/ firstname.lastname@example.org's password: id_rsa.ppk: Permission denied
There is a problem with permissions, let's have a look:
user@M17 ~ $ ls -l total 40 drwxr-xr-x 2 user user 4096 okt 25 2014 Desktop -rw------- 1 user user 1679 mei 8 19:22 id_rsa -rw------- 1 root root 1438 mei 8 19:23 id_rsa.ppk drwxr-xr-x 2 user user 4096 okt 25 2014 Music drwxr-xr-x 2 user user 4096 okt 25 2014 Videos
Perhaps we should not have used sudo with
puttygen-- now we have to change the owner ...
user@M17 ~ $ sudo chown user:user id_rsa.ppk
And we try again to send the key ....
user@M17 ~ $ scp -P 65250 id_rsa.ppk email@example.com:~/.ssh firstname.lastname@example.org's password: id_rsa.ppk 100% 1438 1.4KB/s 00:00 user@M17 ~ $
OK: key is in the right place
Next we imported the key, but whenever we restarted filezilla it had gone
- it didn't work ... next everything works
While we where doing stuff with filezilla, error messages appeared in our ubuntu-student-client machine. Finally we looked at it:
Attempting to set the permissions of /home/rock/.local/share/recently-used.xbel', but failed: No such file or directory
$ ls -a
gave only this:
. .. .bash_history .bash_logout .bashrc .cache .config .dbus .filezilla id_rsa id_rsa.ppk .profile .ssh .Xauthority
We fixed it:
mkdir -p .local/share
and then we tried filezilla again ... and it did everything we expected it to do ...
- filezilla and sftp
This time we could import the ubuntu-key and converted it to
.ppkformat while inside
filezillaand save it as
The connection settings where really easy:
Clicking connect gave us a 'trust-key'-window:
We clicked OK and we were in ...
And a transfer from index.html worked in both directions ....
sftpworks out of the box. We never had to touch
/etc/ssh/sshd_config, not for sftp, neither for keys or anything else. Nobody asked us to change ports (it wouldn't have worked anyway in view of the port-routing on rohtang), neither did we ask you to close ssh access for sftp users, so we didn't do that either.