New SFTP plugin available now

[ghisler(Author)]

Because of the stopped development of the old SFTP plugin I have written a new one now, which is using the libssh2 dll for SFTP commands. This dll directly offers SFTP functions for uploading, downloading, renaming etc, so the plugin itself can remain very small and relatively simple. The plugin re-uses some code from my WebDAV plugin. It offers a similar dialog to configure and make the connection.

Update: 3.05
You can download version 3.05 at the following address:
SFTP Plugin 3.05 (Windows Vista, 7 or newer)
Sources
Windows XP version (old 2.90 version)

Note: Only the XP version now needs the latest OpenSSL DLLs! The one for Vista and newer works without any extra dlls!

Supported functions:
- new in 3.05: File properties (Alt+Enter) were not working when the stat command returned a non-English reply
- new in 3.04: Support new key exchange methods curve25519-sha256 and curve25519-sha256@libssh.org
- new in 3.03: 64-bit: Crash when trying to connect with host key encrypted with old method, key starts with -----BEGIN RSA PRIVATE KEY-----
- new in 3.02: Fixed crash when using rsa-sha2-512 in some cases
- new in 3.01: Fixed crash when connecting with host key curve ED25519
- new in 3.00: Show used encryption methods in the Total Commander FTP log
- new in 3.00: Support alternative RSA host key methods (for client certificate): rsa-sha2-512,rsa-sha2-256, use instead of ssh-rsa if the server supports it
- new in 3.00: Support new key exchange methods diffie_helman_group14_sha256, diffie_helman_group16_sha512 and diffie_helman_group16_sha512
- new in 2.90: Keep old target file (which would be overwritten) when download fails at the start
- new in 2.80: Prefer curve ED25519 host key if available, may lead to warning that the fingerprint of the server has changed
- new in 2.80: Scramble server password in memory
- new in 2.80: Support servers which require dual login via client certificate AND keyboard interactive or password
- new in 2.70: Fixed: Downloading files could sometimes result in an INVALID_MAC error when an incomplete packet was received
- new in 2.60: Support for hmac-sha2-256-etm and hmac-sha2-512-etm for authenticity verification
- new in 2.50: Support for ED25519 elliptic curve certificates
- new in 2.40: Don't show error if login via keyboard interactive failed, but worked via password.
- new in 2.30: Plugin no longer worked on Windows 10 1903 (Spring 2019).
- new in 2.20: Transfer files >2GB also via SCP, added by forum user "CoolWater"
- new in 2.10: Keep alive option by forum user "CoolWater"
- new in 2.00: No extra dlls needed on Windows Vista, 7 or newer
- new in 1.30: 64-bit: Load dlls from subdir '64' under dll dir or program dir, same as where TC x64 expects the 64-bit SSL dlls
- new in 1.20: 64-bit: Load dlls from subdir 'x64' under dll dir or program dir
- new in 1.10: Allow to store proxy password in password manager
- new in 1.10: Support for multiple firewalls/proxies
- new in 0.98: Alt+Enter uses "ls -la" if "stat" fails
- new in 0.98: Empty password now possible
- new in 0.98: SCP downloads handles spaces in names
- new in 0.97: Support for asynchronous SCP downloads
- new in 0.97: Support for Putty Agent (Pageant) authentication
- new in 0.95: Support for transfers in background (separate thread) for TC 7.55
- new in 0.94: Unicode support with TC 7.5
- new in 0.94: Support different server encodings
- connect with username/password
- connect with an SSH2 client certificate
- connect over a HTTP proxy supporting the CONNECT command
- connect over a SOCKS4, SOCKS4A or SOCKS5 proxy
- upload, download, rename, delete, create directory
- copy files within a server (Shift+F5 or F5 with different dirs)
- resume upload and download
- change Unix attributes (chmod)
- synchronize dirs with correct timestamps(!)
- properties of file (STAT command) via Alt+Enter
- command line support for any shell commands
- auto-installer added, will warn about libssh2.dll
- let user choose SCP as copy method
- convert text files to/from Unix format during transfers

Authentication using pageant (client cert in Putty format):
You can now store the key in Putty's pageant.exe tool. Pageant can be launched when needed by putting a link in the plugin directory named pageant.lnk pointing to c:\PathToPutty\pageant.exe cert_file_name with the name of the client certificate file as a parameter.

Authentication using a client certificate in OpenSSH format:
1. Start puttygen.exe (part of putty installation)
2. Load your Putty key into it
3. Do NOT click on "Save public key", it creates an
incompatible key! Instead, select the text in the
section "Public key for pasting into OpenSSH...
and press Ctrl+C (=Copy to clipboard)
4. Create a new file with extension .pub (Shift+F4 in
Total Commander) and press Ctrl+V (=Paste)
5. Choose "Export SSH key" from the "Conversions" menu
to save the *.pem file.

[CoolWater]

Nice work Christian

one little bug I found.. When not choosing a proxy (no radio button is selected by default) you will get the message "Function not supported yet!" when trying to connect.

Thanks for your work!

Regards,
CoolWater

[pdavit]

Is there a reason Christian why you don't hard code this?

License implications or size maybe?

[CoolWater]

Is there a reason Christian why you don't hard code this?

License implications or size maybe?

It's could be implemented in future But only when the plugin is stable enough to directly implement it Image a security hole is found... This always would require a TC update... which is too much work.

Taken from german forum.

Regards,
CoolWater

[Clo]

2ghisler(Author)

Good evening,

• Thank you for that new version !
- Please, could you indicate a valid test-server ?

• Do you plan some language-files later ? Currently, there are only German and English in the resources,
I didn't find any LNG in the package…

 VG
Claude
Clo

[Netsphinx]

I´m using TC for years now (10 or more?), but this is the most amazing feature i allways missed

Thank you !

Erwin

[Mikefield]

Hello Christian, thanks for your work too.
But it's not possible to initiate a connection. When I start a connection I get an error message "Function not supportet yet!".
Not sure why. The tcftp.log shows only 2 lines:
CONNECT \Test ProdSys 1A
Loading SSH Library

I'm at home in vacation, and have a VPN-Connection to our company, but this should not be the reason for that.
The old sftp plugin is working.

Also I have some suggestions:
1st: Please add a radio button, "ask for password" (Configuration)
2nd: Please add a line with the homedir / target directory (Configuration)
3rd: The sftpplug.ini file is stored in the main directory of TC, I prefer the plugin directory
4th: I miss the pluginst.inf.

mf

[tbeu]

0.1 beta: When pressing F2 the Quick connection directory vanishes and reoccurs after pressing F2 again.

[CoolWater]

But it's not possible to initiate a connection. When I start a connection I get an error message "Function not supportet yet!".
Not sure why. The tcftp.log shows only 2 lines:
CONNECT \Test ProdSys 1A
Loading SSH Library

one little bug I found.. When not choosing a proxy (no radio button is selected by default) you will get the message "Function not supported yet!" when trying to connect.

[theosdikaios]

Nice work. Thanks.

You may get an access violation if you use a mix of old and new versions of the dlls libeay32.dll, libssl32.dll and libssh2.dll, e.g. when using sftp and the built-in ftps in parallel.

Do their any intentions exist to unite FTPS and SFTP in only one plugin? I don't like to see 2 different locations for the same DLLs with the potential risk to have 2 different versions.

[gbo]

Thanks for this plugin!

Just a small remark it is written in the instruction :
This plugin needs the dlls libeay32.dll and libssh2.dll in
the same directory as the plugin.

so I understood I have to put the two files in
[TotalcmdPATH]\plugins\wfx\Sftp_plugin\installstuff\

but it was wrong, in fact these files have to be put in
[TotalcmdPATH]\plugins\wfx\

Hope this will avoid some users to make the same error.

BTW the plugin works in Ubuntu 8.04 with wine.

[sqa_wizard]

I don't like to see 2 different locations for the same DLLs with the potential risk to have 2 different versions.

You may use one of the following methods meanwhile:

1. Just install both plugins in the same directory
2. create NTFS hardlinks between identical files

[Mikefield]

When I want to connect with username and password, I get an error:
"Authentication by password failed!"
This is on a Linux Red Had Server.

mf

[icfu]

Bug: Ctrl+R toggles display of "Quick connection" as long as no connection has been created yet.

Icfu

[ghisler(Author)]

one little bug I found.. When not choosing a proxy (no radio button is selected by default) you will get the message "Function not supported yet!" when trying to connect.

Sorry about the bug, I removed the option "use proxy from Internet Explorer" which was the default in the WebDAV plugin, because I cannot get the proxy password in this case. I'm using Windows sockets calls to connect, not the Internet Explorer functions used by the WebDAV plugin, which cannot work with SFTP.

Is there a reason Christian why you don't hard code this?

Yes, I can publish the plugin now, and not in 3 months after a looong beta test...

Please, could you indicate a valid test-server ?

I'm sorry but there is nothing like anonymous ftp with sftp. Why? SFTP needs a shell account (like telnet), and there is no such thing like anonymous telnet.

1st: Please add a radio button, "ask for password" (Configuration)

If you leave the password field blank, you will get the config dialog when connecting, and the cursor is already in the password field! Then you can just enter the password and it will not be saved.

2nd: Please add a line with the homedir / target directory (Configuration)

Just set the homedir this way:
server.com:port/homedir

3rd: The sftpplug.ini file is stored in the main directory of TC, I prefer the plugin directory

The ini is stored in the directory which you set for wincmd.ini.

4th: I miss the pluginst.inf.

This wouldn't work because of the missing ssh and ssl dlls, the plugin would install, but not work. It's therefore better when the user reads the readme file first.

Ctrl+R toggles display of "Quick connection" as long as no connection has been created yet.

Ah, thanks for the hint, now I know why I couldn't reproduce this problem when it was initially reported...

When I want to connect with username and password, I get an error:
"Authentication by password failed!"
This is on a Linux Red Had Server.

This means that the user name or password is invalid. Make sure you get the upper/lowercase right. I have two servers, one with username/password (ghisler.ch) and one with client certificate (ghisler.com), and both methods definitely work. To my knowledge, both use Centos (Redhat "clone")...

Can you connect e.g. with Putty?