SFTP seems to require the public key file - why?
Jakub Jelen
jjelen at redhat.com
Tue Sep 29 22:47:35 AEST 2020
On 9/28/20 11:58 AM, Peter Stuge wrote:
> karl.peterson at gmail.com wrote:
>> Why is the client's public key needed to connect to a server?
>
> It isn't strictly needed if the connection does succeed in some cases..
>
>
>> Why doesn't the client present the requested identity first if the
>> public key is not present?
>
> I guess that this is more by accident than anything else, but I agree
> that it would be desirable to have the client behave the same in both
> cases. It is both an unneccessary information leak and a potential
> usability issue (as in your case).
>
> For now you can use 'IdentitiesOnly yes' in .ssh/config to tell ssh
> (thus also sftp) to only offer the explicitly configured identities.
>
>
>> Additionally, why is the public key portion of the private key file
>> encrypted by the passphrase?
>
> The public key isn't stored in the private key file, it is
> mathematically derived from the decrypted private key.
This is no longer true with the new OpenSSH key file format. But this
functionality using these public keys is very fresh.
Regards,
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list