Comments (5)
OK, so I don't know how this happened, but somehow the base64 decoding of the openSSH key fingerprint must've gotten messed up, because in trying to get log info for you just now it does match up to what mod_sftp is logging. The only issue now is that when mod_sftp logs the key fingerprint, it's using the XX:XX:XX:... format, whereas ssh-keygen -l uses the base64 encoding of the binary key fingerprint. While that does make it a little harder to line things up, it's not a dealbreaker. I have no idea how I was getting mismatched fingerprints before, but it's not actually mismatched now so I'm just going to close this unless I run into other issues later.
from proftpd.
As I said, it's not a huge deal that the format isn't the same as long as the underlying data is the same. I can easily implement a way to convert the fingerprint into the format the mod_sftp uses for checking against logged values, and it's not like it's something that comes up all the time, it's more of a once in a while issue. While it would be nice if I could have it log in the openssh format, it's most definitely not a big deal.
from proftpd.
You might see if #1804 helps with the logging. Also, the fingerprints logged may depend on the SFTP client being used. For example, OpenSSH may try all of the keys in its local ssh-agent
, resulting in multiple fingerprints being logged by mod_sftp, until it finds the matching/authorized key.
from proftpd.
On pondering this more, I've closed the PR. Instead, I'm hoping you can provide the logging that you see, when a client authenticates using a public key, showing the fingerprint (or maybe more than one?). Thanks!
from proftpd.
I'll ponder some option/way to configure the format/encoding used when logging these fingerprints. (The fact that ssh-keygen
changed its format/encoding, without providing a way to select, is irritating.) I didn't want to just change the logging in mod_sftp, as doing so could (and probably would) break compatibility with some sites' setup.
from proftpd.
Related Issues (20)
- Using FTPS after upgrading from 1.3.8a to 1.3.8b leads to crash HOT 4
- SFTP Too many bad authentication attempts - Terminal is working HOT 3
- Client timeout after sending client version string after upgrading from 1.3.7e to 1.3.8b, but not reproducible for me HOT 2
- proftpd not using source port 20 for ftp active HOT 5
- Add support for logging SFTP ciphers/algorithms in SQL databases HOT 6
- Jot API gives the wrong timestamp in mod_exec HOT 6
- Impossible to connect to data port using implicit FTPS HOT 2
- Using mod_facl and mod_vroot at same time causes unexpected permissions issues HOT 16
- Ban on RootLogin does not seem to be working HOT 2
- proftpd in docker - not optimal configurable HOT 2
- Permission question about proftpd.sock HOT 1
- Bad handling of lack of extended attributes leads to SFTP out of memory error HOT 11
- proftpd.org HTTPS not working
- SFTP statvfs extension fails when mod_vroot is in use HOT 15
- DenyUser Limit does not work for ftp, but works for sftp HOT 6
- Repeated reload operations may cause memory leakage. HOT 3
- Implement [email protected] SFTP extension HOT 3
- ftp user in same group can not upload file HOT 6
- Add parameter to mod_sftp to specify allowed public key auth algorithms HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proftpd.