Ticket #134 (closed task: wontfix)

Opened 6 years ago

Last modified 3 years ago

Saving FTP Passwords

Reported by: freak-seb@gmx.de Owned by: alamaison
Priority: minor (e.g. uncommon, cosmetic, has workaround) Milestone:
Component: authentication Version:
Keywords: Cc:

Description

I search for a function to save the passwords.
I have a lot of connections I have to know all that's for me unlucky because I couldn't know all passwords better would be to save that.

I hope this functionality comes.

Change History

comment:1 Changed 6 years ago by anonymous

  • Type changed from defect to task

comment:2 Changed 6 years ago by alamaison

  • Status changed from new to closed
  • Resolution set to wontfix

Saving passwords defeats the point of SSH which is to be a secure protocol. Many SSH servers nowadays are configured so that it isn't even possible to save the password (see #124 for more details).

However, the correct, secure way to do this is to use  public-key authentication. Swish doesn't support this yet but we hope to do so soon. I suggest you add yourself to the Cc list of #18 to follow the progress of this feature.

comment:3 Changed 6 years ago by anonymous

Please correct me if I'm wrong. You're saying that if the client saves its password, it defeats the point of the PROTOCOL. It doesn't. This is no different from the situation where the the client has an unencrypted private key saved.

Whether the login details are saved on the client computer or not, does not endanger the protocol itself, nor defeat it - the communication between the client and server is still secured even if the endpoints are not compromised. And if the client is compromised, it does not matter much if the adversary reads the saved password from disk or intercepts the login details.

If you wish to save the password on disk securely, use DPAPI or something similar.

Please reopen.

comment:5 Changed 6 years ago by alamaison

* Ticket #155 marked duplicate of this one *

comment:2 Changed 6 years ago by alamaison

* Ticket #170 marked duplicate of this one *

comment:3 Changed 5 years ago by alamaison

* Ticket #183 marked duplicate of this one *

comment:3 Changed 5 years ago by alamaison

* Ticket #214 marked duplicate of this one *

comment:4 Changed 3 years ago by anonymous

I do agree with http://www.swish-sftp.org/ticket/134#comment:3. There are plenty of professional file transfer tools like winscp that allow saving password. Do not keep it in clear format like filezilla does and everybody will be happy. Some people won't use it but some (and I think a lot) will.

Note: See TracTickets for help on using tickets.