home       inleiding       sysadmin       services       links       bash       werk       nothing      

centos 72 -- apache2 with virtual hosts -- sftp key-ed access

part6: filezilla and sftp

  1. filezilla
    filezilla is a wonderful tool to update your website. It would be great if our customers rock and roll could use it for this purpose. In filezilla's menu - Edit - Settings, there is an SFTP import-your-private-keys window. Unfortunately it refuses to convert the keys from user rock.
    So we're going to try to move our private key to a machine with putty-tools to convert it to filezilla's preferred format, and next move it to our ubuntu-student-client-machine and import it into filezilla.
    This was one of those wonderfull ideas that didn't work ... the generation and transfer in both directions worked, but filezilla did not accept anyway.
    Read on to laugh at all the work we did for nothing (but don't waste your time)
    ... better skip to section 2 immediately.

    • where are we
      I'm using a virtual machine in NAT on my laptop:
      user@M17 ~ $ ifconfig
      eth0 Link encap:Ethernet HWaddr 08:00:27:a0:a0:04
      inet addr: Bcast: Mask:

    • install puttytools
      $ sudo apt-get install putty-tools
      [sudo] password for user:  x-x-x-x
      The following NEW packages will be installed:  putty-tools
      Get:1 http://archive.ubuntu.com/ubuntu/ trusty-updates/universe putty-tools amd64 0.63-4ubuntu0.1 [298 kB]
      Fetched 298 kB in 0s (422 kB/s) 
      Unpacking putty-tools (0.63-4ubuntu0.1) ...
      Setting up putty-tools (0.63-4ubuntu0.1) ...


    • testing connection to ubuntu-student-client
      user@M17 ~ $ ssh -p 65250 rock@rohtang.gnubizz.net
      The authenticity of host '[rohtang.gnubizz.net]:65250 ([]:65250)' can't be established.
      ECDSA key fingerprint is 4a:25:c0:cc:1f:19:41:95:81:39:ec:3d:49:73:ce:1c.
      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added '[rohtang.gnubizz.net]:65250,[]:65250' (ECDSA) to the list of known hosts.
      rock@rohtang.gnubizz.net's password: 
      Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-85-generic x86_64)
      Memory usage: 44%               IP address for eth0:
      Swap usage:   0%
      Last login: Sun May  8 15:41:28 2016 from 2a01:4f8:202:6116:1000::2


    • copy from ubuntu-student-client to local machine
      user@M17 ~ $ scp -P 65250 rock@rohtang.gnubizz.net:~/.ssh/id_rsa .
      rock@rohtang.gnubizz.net's password: 
      id_rsa                                        100% 1679     1.6KB/s   00:00    
      user@M17 ~ $ ls
      Desktop    Downloads  Music     Public     Videos
      Documents  id_rsa     Pictures  Templates


    • generating putty compatible key
      user@M17 ~ $ sudo puttygen id_rsa -o id_rsa.ppk
      user@M17 ~ $ ls
      Desktop    Downloads  id_rsa.ppk  Pictures  Templates
      Documents  id_rsa     Music       Public    Videos


    • copy from local to ubuntu-student-client
      user@M17 ~ $ scp -P 65250 id_rsa.ppk rock@rohtang.gnubizz.net:~/
      rock@rohtang.gnubizz.net's password: 
      id_rsa.ppk: Permission denied

      There is a problem with permissions, let's have a look:

      user@M17 ~ $ ls -l
      total 40
      drwxr-xr-x 2 user user 4096 okt 25  2014 Desktop
      -rw------- 1 user user 1679 mei  8 19:22 id_rsa
      -rw------- 1 root root 1438 mei  8 19:23 id_rsa.ppk
      drwxr-xr-x 2 user user 4096 okt 25  2014 Music
      drwxr-xr-x 2 user user 4096 okt 25  2014 Videos

      Perhaps we should not have used sudo with puttygen -- now we have to change the owner ...
      user@M17 ~ $ sudo chown user:user id_rsa.ppk
      And we try again to send the key ....

      user@M17 ~ $ scp -P 65250 id_rsa.ppk rock@rohtang.gnubizz.net:~/.ssh
      rock@rohtang.gnubizz.net's password: 
      id_rsa.ppk                                    100% 1438     1.4KB/s   00:00    
      user@M17 ~ $

      OK: key is in the right place
      Next we imported the key, but whenever we restarted filezilla it had gone

  2. it didn't work ... next everything works
    While we where doing stuff with filezilla, error messages appeared in our ubuntu-student-client machine. Finally we looked at it:
    Attempting to set the permissions of /home/rock/.local/share/recently-used.xbel', but failed: No such file or directory
    $ ls -a
    gave only this:
    . .. .bash_history .bash_logout .bashrc .cache .config .dbus .filezilla id_rsa id_rsa.ppk .profile .ssh .Xauthority
    and no
    We fixed it:
    rock@ub14-04-student-client:~$ mkdir -p .local/share
    and then we tried filezilla again ... and it did everything we expected it to do ...
  3. filezilla and sftp
    This time we could import the ubuntu-key and converted it to .ppk format while inside filezilla and save it as fzid_rsa.ppk

    The connection settings where really easy:


    Clicking connect gave us a 'trust-key'-window:


    We clicked OK and we were in ...


    And a transfer from index.html worked in both directions ....



  4. sftp
    sftp works out of the box. We never had to touch /etc/ssh/sshd_config, not for sftp, neither for keys or anything else. Nobody asked us to change ports (it wouldn't have worked anyway in view of the port-routing on rohtang), neither did we ask you to close ssh access for sftp users, so we didn't do that either.