Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

Ticket #124 (closed enhancement: wontfix)

Last modified 22 months ago

Adding the password saving feature for the concerned user in the "New SFTP Connection" settings.

Reported by:	takahisa@softagency.co.jp	Owned by:	alamaison
Priority:	major (affects peripheral workflow)	Milestone:	0.5 Failure and UI cleanup
Component:	authentication	Version:	0.4.6
Keywords:		Cc:

Description

Hi,

I am using Swish v0.4.6 with Windows7 Home Premium (64bit).
I found there is no Password inputting item for the concerned User
in "New SFTP Connection" window, and after creating the new SFTP
Connection and double-click it, another windows as "Keyboard-
interactive request" to input password was shown.

When the correct password was input in the above-mentioned window,
the SFTP connected drive contents are shown.

But, after the SFTP connected drive stays with no operation for a
while, and when when I tried to operate the SFTP connected drive,
I noticed the SFTP connected drive somehow cannot be operated
correctly and password input window was shown again.
When the correct password was input in the window, the SFTP connected
drive contents are shown again.

I think the above symptom happens because Swish doesn't have some
function to save the password of the concerned user, and I would
like Swish to enable the SFTP connected drive continuously with
no password input again.

Are you available to add some feature to save the password for the
concerned user as SFTP connection settings so that the above
symptom doesn't happen ?

Best regards,
Takahisa

Attachments

Change History

comment:1 Changed 22 months ago by alamaison

Status changed from new to closed
Resolution set to wontfix

SSH was designed to be very secure (that's what the first S is about) so saving a password rather defeats the point. That aside, it's not possible to do it in general either.

Standard SSH supports three way to authenticate with the server only one of which (password) works the way you expect and this method is usually disabled nowadays (it appears to be disabled on your server).

Keyboard-interactive authentication (the type your server is using) only looks like it is expecting a simple password. In fact, the server can ask you any series of questions it chooses in any order. For instance, it might ask you your username first and then ask you for your password. Therefore we can't blindly respond to its first question with a saved password as this would be a gaping security hole.

What you really need is public-key authentication. Unfortunately Swish doesn't support this yet but it is definitely something we want to add soon. (See #18)

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:		Priority:
Milestone:		Component:
Version:		Keywords:
Add/Remove from Cc:	<Author field>

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

Close as duplicate of Next status will be 'closed'Mark duplicate

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: