New SFTP plugin available now

[MarkFilipak]

... could you post a link to download the help file?

I'd like to keep my server strictly private, so I hesitate to post a link to it. Anyone interested in helping with the help file - it is 95%(?) complete - can send me a private message and I'll send the link.

Here is the TOC:

WHAT IS THE SFTP PLUGIN AND WHAT DOES IT DO?

INSTALLATION.
-------------
1 - Downloading the SFTP Helpers.
2 - Installing the SFTP Helpers.
3 - Downloading the SFTP Plugin.
4 - Installing the SFTP Plugin.
5 - Confirming the SFTP Plugin Installation.
6 - Confirming the Network Installation.
7 - Confirming Successful sftpplug.ini Creation.

USAGE.
------
1 - Connecting To an SFTP Server For the First Time.
2 - Confirming Successful Network Configuration.
3 - Confirming Successful sftpplug.ini Update (optional).
4 - Renaming an SFTP Directive.
5 - Adding/Changing Password and Other Connection Properties.
6 - Adding More Target Servers To the Secure FTP Directives.

HELP.
-----
"Connect to SFTP Server" Dialog.
Error: "Could not resolve host, getaddrinfo failed!"
Error: "Please remove the write protection!"
Multiple _F7=new connection.txt Directives Are Shown.
_F7=new connection.txt ...0 bytes, Properties Cannot Be Displayed Or Deleted!
Editing sftpplug.ini.

GLOSSARY.
---------
FTP (File Transfer Protocol).
FTP/SSH Method.
FTPS (FTP-over-SSL).
SCP (Secure Copy Protocol).
SFTP (Secure FTP or, more appropriately, SSH FTP).
SSH (Secure SHell) Protocol.
SSH tunneling.

The section titled "WHAT IS THE SFTP PLUGIN AND WHAT DOES IT DO?" is blank. I'd like help writing it as I don't know a thing about authentication and would like help there.

Ciao -- Mark

[Boofo]

2MarkFilipak,

Do you have a section that explains how to set up the keys and what to upload where for the plugin?

[MarkFilipak]

Do you have a section that explains how to set up the keys ...?

Nope. I don't completely understand certs and keys and I don't want to provide bogus information. Those were the topics I hoped someone would help me with. The current help does provide comprehensive help regarding what to download and what to do with it.

... and what to upload where for the plugin?

Sorry, I don't know what you mean by "upload". Ciao -- Mark

[Boofo]

Nope. I don't completely understand certs and keys and I don't want to provide bogus information. Those were the topics I hoped someone would help me with. The current help does provide comprehensive help regarding what to download and what to do with it.

Yes, it does provide help as far as on the plugin's end. But it doesn't let you know what files need to go on the server and where.

Sorry, I don't know what you mean by "upload". Ciao -- Mark

What key files need to be uploaded to the server.

[MarkFilipak]

Yes, it does provide help as far as on the plugin's end...

It does? Do you mean in readme.txt? Not so good. And there's no help regarding how to interpret and use the weird user interface, error messages, how sftpplug.ini works, etc.

... But it doesn't let you know what files need to go on the server and where.

Well, I suppose that depends upon what server you're running. I could probably help with Apache, but with IIS or an AD Controller, I'm clueless. Ciao -- Mark.

[Boofo]

You could add the Apache info to the help file.

[MarkFilipak]

You could add the Apache info to the help file.

Two problems with that: 1, It is subject to change, and 2, I believe it's pretty well documented in the Apache documentation for the particular version and port of Apache that you are running. Ciao -- Mark.

[Boofo]

2MarkFilipak

It was just a suggestion. Nothing more. And remember, there are those of us that aren't that attuned to know exactly how things should be set.

[MarkFilipak]

2MarkFilipakIt was just a suggestion...

Hmmm... Sorry, you're right. I didn't mean to automatically blow you off. I could post something re: the version of Apache I'm running with a disclaimer, and perhaps a reference to the section number in the Apache HTML. As I remember it, I used a fairly standard perl distribution to generate the server cert - I'll try to find it, reinstall, and refresh my memory. Regarding the keys, I may have something I wrote many, many years ago when I first discovered PGP. As I remember, the subject of key exchange was rather confusing. It will be a while though... Ciao -- Mark.

[Boofo]

Thank you, sir. I'm sure any help in those areas will be appreciated.

[MarkFilipak]

Thank you, sir. I'm sure any help in those areas will be appreciated.

I'm not sure this will help anyone, but...

The perl script to make a self-signed server certificate is documented here: http://www.openssl.org/docs/apps/CA.pl.html.

An on-line copy of the SSH daemon's MAN page is: http://casper.ict.hen.nl/cgi-bin/man2html?+sshd+8.

An on-line copy of the of the SSH daemon's configuration MAN page is: http://casper.ict.hen.nl/cgi-bin/man2html?+sshd_config+5.

In my server (Red Hat Enterprise 4) here's where the SSH stuff is:

\etc\ssh\moduli
\etc\ssh\ssh_config // ssh client configuration
\etc\ssh\ssh_host_dsa_key // DSA private key
\etc\ssh\ssh_host_dsa_key.pub // DSA public key
\etc\ssh\ssh_host_key // user keys?
\etc\ssh\ssh_host_key.pub // user keys?
\etc\ssh\ssh_host_rsa_key // RSA private key
\etc\ssh\ssh_host_rsa_key.pub // RSA public key
\etc\ssh\sshd_config // ssh daemon configuration

sshd_config has override directives for the key storage locations. Ciao -- Mark

[Boofo]

This is what I have for keys on the server:

\home\<username>\.ssh\authorized_keys
\home\<username>\.ssh\public_key.pub

The "authorized_keys" file has the public key code in it. Does the private key need to be uploaded there also?

[MarkFilipak]

\home\<username>\.ssh\authorized_keys
\home\<username>\.ssh\public_key.pub

Ah! You're talking about user-land. I don't allow remote login.

... Does the private key need to be uploaded there also?

Never. A user's private key stays with the user. Just as the server's private key should be guarded.

Edit: Seems to me you already know where the user's public key goes for authentication. The only remaining question for you is: What should be the format of the user's public key? That should be documented in your server's documentation. I would guess... well, I don't have a guess. I know the format is specified in the MAN pages in my previous post, but I don't know the file extensions. Perhaps reading the MAN pages will help. Ciao -- Mark.

[Boofo]

The remote login is for me using this plugin. I replaced my name on the server with <username> in the above example.

Ok, that is my question, how do I get the server private key? I don't have access to all of the Open SSH stuff on the server. I have a private key and the public key for this plugin.

[MarkFilipak]

The remote login is for me using this plugin.

Take a look at the sshd MAN page, specifically:
AUTHORIZED_KEYS FILE FORMAT
There's an example. From the example, for a plain Jane entry (i.e., line):

ssh-rsa AAAAB3Nza...LiPk== user@example.net

That is: one line per authorized user, each line of which is a space delimited entry:
"ssh-rsa"+" "+<public key>+" "+<comment>+<eol>

Ok, that is my question, how do I get the server private key?

Why would you want that?

Edit: Fixed bad wording, re: formats.