Is there a way to connect to an Amazon EC2 server via SFTP with SSH private key authentication only? I've been busting my head researching this but couldn't find a proper answer.
Basically, I need to edit files in Dreamweaver and enable automatic upload on save.
I have some detailed instructions of the setup:
Download Bitvise SSH Client (Tunnelier)http://www.bitvise.com/download-area
In login tab, press ‘Use keypair manager’ and import your amazon .pem key. You should finally end up with something like this:
In login tab set your amazon instance information
Host: ec2 instance IP Port: 22 Username: ec2-user Initial method:
publickey – slot 1
In services tab setup localhost listener for FTP connections like below:
Press Login to connect to the Amazon EC2. If success, it will open the ssh and SFT terminals. You may now close these 2 windows.
In Dreamweaver, setup a new server to connect to bitwise 127.0.0.1 listener. You can set the Root Directory of the FTP.
Now when you put files to ‘Amazon Test’ they will be directed to your amazon EC2 instance, in selected Root Directory above.
Adobe doesn't offer the option to use SFTP with private key authentication with Dreamweaver.
According to Adobes web site you can use FTPS where there is a certificate used for authenticating that your connecting to the correct server and obviously encryption, but nothing about the use of SFTP with private key authentication.
You can read all about what is available with Dreamweaver remote server connect function here: http://helpx.adobe.com/dreamweaver/using/connect-remote-server.html
You can use Putty's Pageant and FileZilla which I know is a bummer considering the cost of Adobe Dreamweaver (I have it) but appears to be the only other secure option.
You can read about how to use the 2 here: http://wiki.filezilla-project.org/Howto
I see this is an old post, but I just ran into this issue. I have been using an app that has the same issue for years, my solution was to use Bitvise Tunnelier (http://www.bitvise.com/tunnelier) it allows you to connect to ssh with your key pair and it will proxy FTP to localhost on whatever port you set. So in Dreamweaver you connect to localhost at that port with regular FTP. It's secure enough for most cases because Tunnelier will not accept connections from anything but local.
The download page on their site can be a pain to find, it is here: http://www.bitvise.com/download-area . You will want "Download Bitvise SSH Client (Tunnelier)".
You may simply allow password authentication on your EC2 instance (which is disabled by default) by looking at the following instructions
http://bensnotepad.com/enable-password-access-to-your-amazon-ec2-linux-instance
Related
I want to transfer a few files weekly from mainframe to a Linux server running RedHat using a batch (JCL) job using FTPS.
Linux server is configured with vsftpd. Is it possible to send file from mainframe to linux using FTPS?
Getting this error while transferring the file from mainframe to Linux.
EZA1736I FTP
EZY2640I Using 'SYS1.TCPPARMS(FTPDATA)' for local site configuration parameters.
EZA1450I xxx FTP CS xxx
EZA1456I Connect to ?
EZA1736I host_name
EZA1554I Connecting to: host_name xxx.xxx.xxx.xxx port: 21.
220 (vsFTPd 2.0.5)
EZA1701I >>> AUTH TLS
234 Proceed with negotiation.
EZA2897I Authentication negotiation failed
EZA1534I *** Control connection with host_name dies.
EZA1457I You must first issue the 'OPEN' command
EZA1460I Command:
EZA1618I Unknown command: 'Atul'
EZA1619I For a list of the available commands, say HELP
EZA1460I Command:
EZA1736I Summer#123
EZA1618I Unknown command: 'Monsoon#123'
EZA1460I Command:
EZA1736I cd /home/Atul/
EZA1457I You must first issue the 'OPEN' command
From your log you seem to be able to set up an unsecured connection to the FTP server. That's good.
EZA2897I Authentication negotiation failed indicates that the TLS-handshake did not complete successfully. Either the partners could not find a common TLS-version and/or ciphersuite or (that's the point I'd examine first) the certificate provided by the FTPs-server isn't trusted by the client user. To be sure you would have to capture and examine a TCP- or TLS-trace.
In a first step I would check the certificate provided by the FTP server and compare it to the trusted certificates in your security manager. In the case of RACF you would have to examine SITE-certificates and/or certificates in the user's keyring.
Yes, sending from the mainframe using FTPS to VSFTP is certainly possible. Both the client (z/OS in this case) and server (Linux in this case) need to agree on the encryption method to be used and I believe by default, z/OS has to trust the certificate for the server, which may involve importing the certificate bundle to a key ring that the batch job has access to. The job not having access to a keyring that trusts the chain for the server certificate would be my first guess.
I don't have experience with setting up the RACF keyring things, but I can say that people do successfully send us data every day from z/OS to our Linux server via FTPS.
So I'm working on a project by connecting to an FTP server which hosts the project (webdev app project based in PHP).
However I want to go work from cafe's once in a while an not just from home and i was wondering how can I do that securely?
The FTP connection is encrypted with "Pure FTP" setting in Netbeans, and there's a username and password requirement from the FTP server.
I also have a running VPN service on my laptop.
Is this enough? Or should I secure it better? I tried to find information but my search did not yield sufficient information, so any reference will also be great.
Code#30
You don't. FTP is plaintext protocol and public wifi is usually not encrypted if it is what you mean. You don't want to send passwords over this. But there are several way how to make it usable:
Use SFTP or FTPS, which adds a layer of security to the file transfer protocol.
Use VPN to the network where the FTP server is (not VPN to somewhere else -- you would be still tranfering the passwords from the other side of VPN).
Use stunnel, SSH port forwarding or SSH SOCKS proxy.
I am new to Google Compute Engine. I already installed Apache and MySQL, but I have been unable to to find a way to connect to the server in FileZilla. How do I do that? Also, how can I get access to phpMyAdmin?
With FileZilla, you should use sftp as described on the FileZilla wiki. See also a related question on alternative methods for uploading files to your instance and make sure that port 22 is open in your firewall as described in this answer.
For phpMyAdmin, consider using an ssh tunnel. To create a tunnel, you just need to pass the right args to ssh via gcutil, where $A is the local port (must be unused on your local machine) and $B is the remote port (i.e., the port phpMyAdmin is listening to on the remote host):
gcutil --project=[...] ssh --ssh_arg -L$A:localhost:$B <instance-name>
Then, you can connect to localhost:$A and it will work.
Maybe you already have a Private key(.ppk) for connecting SSH.
For connect to Filezilla you have to change Private key to Public key.
1. launch Filezilla and select Edit->Settings->SFTP
2. Select Add key file.
3. Select your Private Key and Filezilla will make new public key by using your private key.
4. Now You can connect your server by SFTP in Filezilla
Hello I have been playing with Heritrix, and would like to include it on a website/allow remote web access to it.
I have a Linux based server where I have a hosted webpage, and I have built a version of Heritrix.
The issue is I am at home now and would like to be able to offer access to the webUI in Heritrix via the hosted webpage.
I looked through the manual and discovered the -b command to bind it to remote hosts however the documentation could be better.
So what I was hoping for was a little explanation/elaboration on how this command works and if it would be possible to bind the webUI to existing webpage
Thanks for your time in advance
(Here is a link to the documentation im working from: https://webarchive.jira.com/wiki/display/Heritrix/HOWTO+Launch+Heritrix )
You should use -b <public ip address> like -b 192.168.1.1
If you don't want to use a public IP, you can use SSH port forwarding to do this. When creating a PuTTY session, under Connection > SSH > Tunnels enter the following:
Source port: 8443 (or the port Heritrix is installed on, if different)
Destination: localhost:8443 (it's good practice to match the port you're forwarding)
Back on the Session window, make sure you save the session. Now whenever you SSH onto your server you can access the Heritrix web UI by hitting https://localhost:8443
So i've setup a windows instance, but can't seem to FTP into it. After much research, i've discovered SFTP is the way forward.
I've setup my security group, adding the following rule:
SSH tcp 22 22 0.0.0.0/0
Using the public DNS name supplied in the console, i try to SFTP in using Filezilla & Cyberduck, but they just time out.
I know the next step is sorting out the key pairs, but i doubt that'll do me any good if my server isn't even accepting connections.
Any idea what i've missed?
EDIT:
Looking at the Filezilla logs, its looks like the server isn't responding to the connection requests...
12:51:29 Status: Connecting to ec2-122-248-248-178.ap-southeast-1.compute.amazonaws.com...
12:51:29 Response: fzSftp started
12:51:29 Command: keyfile "D:\Users\berling\Lacie Fuj Sync\Freelancing\AWS_Public_Key.ppk"
12:51:29 Command: open "greg#ec2-122-248-248-178.ap-southeast-1.compute.amazonaws.com" 22
12:51:49 Error: Connection timed out
12:51:49 Error: Could not connect to server
Do i need to install an SFTP/SSH server on the server? I was under the impression it was already setup for Amazon servers for some reason... am i wrong about that?
The rule you have set up - SSH tcp 22 22 0.0.0.0/0 - where is that? Your firewall, or at the EC2 end? And why 0.0.0.0? I would recommend using real IP addresses.
Check why the connection is timing out - is SFTP getting past your firewall? Is it getting blocked at the EC2 end - firewall or network logs will be your friend here.
Have you confirmed it is timing out before starting the handshake? Check SSH logs.
Do you have an SFTP server running and configured correctly? Some require all configs to be set before they are happy - your comment that you haven't yet sorted key pairs makes me wonder if this one only accepts certificate auth.
Check those and see how you do.
Install WinSSHD on your EC2 instance. It provides RDP, SFTP, Console access - all over port 22.
Install Tunnelier on your client.
I haven't tried this particular package, but Cygwin, and Services for Unix provide OpenSSH version.
Copssh claims to install openssh, and allow migration/configuration of users:
http://sourceforge.net/projects/sereds/files/Copssh/4.0.4/