SFTP seems to require the public key file - why?
Peter Stuge
peter at stuge.se
Mon Sep 28 19:58:46 AEST 2020
karl.peterson at gmail.com wrote:
> Why is the client's public key needed to connect to a server?
It isn't strictly needed if the connection does succeed in some cases..
> Why doesn't the client present the requested identity first if the
> public key is not present?
I guess that this is more by accident than anything else, but I agree
that it would be desirable to have the client behave the same in both
cases. It is both an unneccessary information leak and a potential
usability issue (as in your case).
For now you can use 'IdentitiesOnly yes' in .ssh/config to tell ssh
(thus also sftp) to only offer the explicitly configured identities.
> Additionally, why is the public key portion of the private key file
> encrypted by the passphrase?
The public key isn't stored in the private key file, it is
mathematically derived from the decrypted private key.
//Peter
More information about the openssh-unix-dev
mailing list