SFTP seems to require the public key file - why?

Peter Stuge peter at stuge.se
Mon Sep 28 19:58:46 AEST 2020

karl.peterson at gmail.com wrote:
> Why is the client's public key needed to connect to a server?

It isn't strictly needed if the connection does succeed in some cases..

> Why doesn't the client present the requested identity first if the
> public key is not present?

I guess that this is more by accident than anything else, but I agree
that it would be desirable to have the client behave the same in both
cases. It is both an unneccessary information leak and a potential
usability issue (as in your case).

For now you can use 'IdentitiesOnly yes' in .ssh/config to tell ssh
(thus also sftp) to only offer the explicitly configured identities.

> Additionally, why is the public key portion of the private key file
> encrypted by the passphrase?

The public key isn't stored in the private key file, it is
mathematically derived from the decrypted private key.


More information about the openssh-unix-dev mailing list