Idea: SSH Key + SFTP instead of FTP

Hello everyone. Long time no “see” but sometimes RL can be a bitch :grimacing:

Last night I got an idea that I would like to discuss with you. But let me set the stage first… As far as I understand (feel free to correct me when needed), an SSH key is being created for every user who is assigned the No login SSH Access. This key is used by the file manager, and is bound to accept connections only from

I was thinking that this SSH Key could/should also be used by the user when connecting remotely. Why you ask? Because FTP is not secure by design :frowning:

Moreover, there could also be a button or something on Hestia Web Interface, for the users to download their SSH key, to use it with FileZilla or WinSCP (Windows users apparently).

Last night I edited a user’s authorized_keys file to remove the from="" setting. And then I was able to connect remotely and of course jailed to the user’s home directory, and Hestia File Manager had no issues with that. YAY! :smiley: Though I’m not sure about any security implications… So your input would be highly appreciated.

What do you think?

The key is for filemanager auth only, but there is already a function, where you can easiely add a own ssh key:

Also sftp allows authentification with user and password for logins, which should be anyway the replacement for ftp/ftps communication. So in my point of view, all is already there where it should be :slight_smile:.

File manger will get deleted after xx min unless you was one of the beta testers… (Function of deleted after xx min has been added later.)

Option to discuss should we add an option to generate an ssh key. In addition to add a SSH key you.

Don’t know how easy it is on a Windows computer. For Linux / OS X you have an simple command you can run.

1 Like

Correct! Unless you’re one of those crazy people like me who run all SSH daemons with disabled password authentication :wink: In fact that is the second command when building a new server:
sed -ri 's/#?PasswordAuthentication\s+.*/PasswordAuthentication no/' /etc/ssh/sshd_config
This ofc means that in such cases, the admins (or the users themselves) need to create a separate key, unless the File Manager one could be used instead.

Hm… Interesting point that I wasn’t aware of >.< Thanks!

The whole idea was around a Self-Service solution for users, like “Click here to get your .PPK key to use it with FileZilla”. I’ll do some more research to see if the creation and conversion (to PPK format) of the SFTP Private Key (for remote connections) can be automated and implemented inside v-add-user. If that works out, then maybe a GUI button…

It is a bad idea to generate an ssh key on and leaf it on the server for a undefinend time.

If we add a function like this I would suggest add a extra “link” / button where the user can generate the key on demand and offer the private key as download. If possible in different formats

  • As “id_rsa” key for Linux and OSX
  • .pem file
  • And if possible to .ppk
1 Like