Download
We're evolving to serve you better! This current forum has transitioned to read-only mode. For new discussions, support, and engagement, we've moved to GitHub Discussions.

possible bug: keyless ssh key

  • #5934
    Avatar photo[anonymous]

    I’m trying to upload via sftp, on a Debian desktop to a linux server. Publii (v.0.38.2 (build 14204)) can connect if I give it a password-protected ssh key.

    Making the very same key passwordless however, results in “An error occured during connecting to the server. Please check your server settings or try again” and in the log: No SFTP connection available” The password field in the settings is empty.

    I can login fine using “sftp -i publiikey username@hostname”.

    The deployment-errors.log is below but doesn’t tell me much. The other logs are empty.

    (node:59287) UnhandledPromiseRejectionWarning: Error: end: No SFTP connection available
    at fmtError (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/utils.js:53:18)
    at haveConnection (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/utils.js:190:20)
    at /opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/index.js:1077:11
    at new Promise (<anonymous>)
    at SftpClient.end (/opt/Publii/resources/app.asar/node_modules/ssh2-sftp-client/src/index.js:1069:12)
    at /opt/Publii/resources/app.asar/back-end/modules/deploy/sftp.js:93:29
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    (node:59287) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 5)
    (node:59287) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    #5936
    Avatar photo[anonymous]

    (the title should have been “passwordless ssh key”)

    #5957
    Avatar photo[anonymous]

    Hi,

    I suppose that ssh key without password is a not great idea due security reasons, but anyway I will try to diagnose this issue and fix it in Publii v.0.38.3 or v.0.39.

    Thank you for your feedback πŸ™‚

    #5960
    Avatar photo[anonymous]
    Tomasz Dziuda wrote:

    I suppose that ssh key without password is a not great idea due security reasons

    It’s not less secure than storing that key’s password, or any password in the Publii config πŸ˜‰
    But there is the concept of an SSH-Agent (ssh-agent on linux systems, peagent in the putty suite) which loads the encrypted ssh key into memory, where it is available for use without password – all 100% transparent.

    I’m not sure which ssh library is used for what, https://github.com/theophilusx/ssh2-sftp-client refers to <span class=”pl-c1″>agent</span>: <span class=”pl-s1″>process</span><span class=”pl-kos”>.</span><span class=”pl-c1″>env</span><span class=”pl-kos”>.</span><span class=”pl-c1″>SSH_AGENT</span><span class=”pl-kos”>,</span> <span class=”pl-c”>// string – Path to ssh-agent’s UNIX socket</span>

    Let me know if I can help, I have quite a bit of experience of ssh and sftp.

    #5991
    Avatar photo[anonymous]

    It’s not less secure than storing that key’s password, or any password in the Publii config πŸ˜‰

    But do you know that Publii does not store your key’s password and any other passwords in their config? It is stored using system password storage system using node-keytar πŸ™‚

    Anyway – as I wrote – I will try to diagnose this issue in my free time πŸ™‚