Hi all, I am using kde 4.4 and it seems that kio_sftp doesn't use my public key to authenticate to ssh server. kio_fish works just fine but it isn't ideal. I tried it with libssh 0.4 and 0.4-r1. Should I report this as a bug or am I missing something?

Thank you

ssh-agent support is available as of libssh 0.3, and DSS and RSA key support was added before 0.1.

Additionally, I just tested it and it worked fine.

Ok, I did more testing. I think it works only if you have your public key as well. So if you have id_dsa and id_dsa.pub it works. But if you delete id_dsa.pub it stops working (ssh still works fine). I think the pub file isn't needed so I don't see why it behaves like this.

I don't know how it can work without the *.pub file, but if this is valid behaviour, then you need to contact the libssh developers.

Well, it is enough for the ssh program so it has to be enough for libssh.
I am going to write to libssh mailing list and ask there.

I'm glad I found this thread. Having sftp stop working was getting me very frustrated. Creating a pub file worked, but I agree it doesn't make sense to require it.

I wrote to libssh mailing list about this.
http://www.libssh.org/archive/libssh/20 ... 00024.html

Well, you need the public key and it is a design error that it is in a separate file. Public key auth works this way:

You send the public key to the server and the server tells you if you can authenticate with it. If you don't have a public key you have to unlock the private key and generate it. Pass it to the server if it is the right you can go on.

Now imagine you have 10 passphrase protected keys. If you don't have the public key you have to unlock the private key with your password, the public key is generated and sent to the server. The server says no, you can't authenticate with this key. So you try the next key.

This means in the worst case you have to unlock 10 keys each time you want connect to a ssh server.

I'm currently working on this so that the pubkey is automatically generated and saved to disk if it doesn't exist.

Read the manpage of 'ssh-keygen' or the RFCs of secsh for more information.

I see, thank you for the explanation.