Discuss (FTP), (FTP on .NET CF) and (FTPS, SFTP and SCP).
no avatar
User

Graeme

Posts

37

Joined

Fri Oct 14, 2011 8:14 pm

Location

Dublin

PublicKeyAndPassword AuthenticationType - both required?

by Graeme » Fri Sep 28, 2012 12:41 am

no avatar
User

EDT Support

Posts

905

Joined

Mon Apr 26, 2004 3:03 pm

by EDT Support » Fri Sep 28, 2012 1:31 pm

no avatar
User

Graeme

Posts

37

Joined

Fri Oct 14, 2011 8:14 pm

Location

Dublin

by Graeme » Fri Sep 28, 2012 5:52 pm

no avatar
User

EDT Support

Posts

905

Joined

Mon Apr 26, 2004 3:03 pm

by EDT Support » Fri Sep 28, 2012 10:52 pm

no avatar
User

Graeme

Posts

37

Joined

Fri Oct 14, 2011 8:14 pm

Location

Dublin

by Graeme » Sat Sep 29, 2012 12:01 am

Or even just to update the documentation so that it explains the behaviour?

Now I'm still slightly puzzled about the difference between PublicKeyAndPassword, and just PublicKey types. In the latter, you still need to have a Username, otherwise the client doesn't know which account to use, right? And I presume you also need to a password, although it could be incorrect and the connection will still proceed - but is that not the same as the former type? That would render the PublicKey type redundant, since one can always connect with PublicKeyAndPassword.
no avatar
User

support2

Posts

3987

Joined

Tue May 18, 2004 8:30 am

by support2 » Sat Sep 29, 2012 4:25 pm

You always need a username, but for public key authentication you generally don't require a password - just the user's private key.
no avatar
User

Graeme

Posts

37

Joined

Fri Oct 14, 2011 8:14 pm

Location

Dublin

by Graeme » Mon Oct 01, 2012 5:50 pm

Do you know of any servers that require both public key and password?
no avatar
User

support2

Posts

3987

Joined

Tue May 18, 2004 8:30 am

by support2 » Mon Oct 01, 2012 6:01 pm

Sure, our own server, , can be configured to require both for SFTP.
no avatar
User

Graeme

Posts

37

Joined

Fri Oct 14, 2011 8:14 pm

Location

Dublin

by Graeme » Mon Oct 01, 2012 6:08 pm

Ok, so that would be better security, which would be the only scenario that makes sense to use PublicKeyAndPassword (where it would really be an AND). In other cases, the user should know whether they're authenticating with password or with public key and the code should choose one or the other. I don't see the point of having a server that allows one or the other, whereby the code uses PublicKeyAndPassword (as an OR).

Thanks for clarifying.

Who is online

Users browsing this forum: No registered users and 24 guests

Powered by phpBB ® | phpBB3 Style by KomiDesign
cron