Sign in

possible bug: keyless ssh key

  • This topic has 4 replies, 2 voices, and was last updated 2 years, 5 months ago by .
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #5934
    Avatar photoJayO

    I’m trying to upload via sftp, on a Debian desktop to a linux server. Publii (v.0.38.2 (build 14204)) can connect if I give it a password-protected ssh key.

    Making the very same key passwordless however, results in “An error occured during connecting to the server. Please check your server settings or try again” and in the log: No SFTP connection available” The password field in the settings is empty.

    I can login fine using “sftp -i publiikey username@hostname”.

    The deployment-errors.log is below but doesn’t tell me much. The other logs are empty.

    (node:59287) UnhandledPromiseRejectionWarning: Error: end: No SFTP connection available
    at fmtError (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/utils.js:53:18)
    at haveConnection (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/utils.js:190:20)
    at /opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/index.js:1077:11
    at new Promise (<anonymous>)
    at SftpClient.end (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/index.js:1069:12)
    at /opt/Publii/resources/app.asar/back-end/modules/deploy/sftp.js:93:29
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    (node:59287) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 5)
    (node:59287) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

     

    #5936
    Avatar photoJayO

    (the title should have been “passwordless ssh key”)

    #5957
    Avatar photoTomasz Dziuda

    Hi,

    I suppose that ssh key without password is a not great idea due security reasons, but anyway I will try to diagnose this issue and fix it in Publii v.0.38.3 or v.0.39.

    Thank you for your feedback πŸ™‚

    --
    Do you appreciate the support you've received today? If so, consider donating to the Publii team by clicking here; we'll be sure to use your donation to make Publii even better!

    #5960
    Avatar photoJayO
    Tomasz Dziuda wrote:

    I suppose that ssh key without password is a not great idea due security reasons

    It’s not less secure than storing that key’s password, or any password in the Publii config πŸ˜‰
    But there is the concept of an SSH-Agent (ssh-agent on linux systems, peagent in the putty suite) which loads the encrypted ssh key into memory, where it is available for use without password – all 100% transparent.

    I’m not sure which ssh library is used for what, https://github.com/theophilusx/ssh2-sftp-client refers to <span class=”pl-c1″>agent</span>: <span class=”pl-s1″>process</span><span class=”pl-kos”>.</span><span class=”pl-c1″>env</span><span class=”pl-kos”>.</span><span class=”pl-c1″>SSH_AGENT</span><span class=”pl-kos”>,</span> <span class=”pl-c”>// string – Path to ssh-agent’s UNIX socket</span>

    Let me know if I can help, I have quite a bit of experience of ssh and sftp.

    #5991
    Avatar photoTomasz Dziuda

    It’s not less secure than storing that key’s password, or any password in the Publii config πŸ˜‰

    But do you know that Publii does not store your key’s password and any other passwords in their config? It is stored using system password storage system using node-keytar πŸ™‚

    Anyway – as I wrote – I will try to diagnose this issue in my free time πŸ™‚

    --
    Do you appreciate the support you've received today? If so, consider donating to the Publii team by clicking here; we'll be sure to use your donation to make Publii even better!

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.