must be configured with a way to first authenticate a user (confirm that a
prospective client has a legitimate claim to whatever authorities we might
grant a particular user), and second to decide what root directory cap should
-be granted to the authenticated username. FTP uses a username and password
-for this purpose. SFTP can either use a username and password, or a username
-and an RSA or DSA public key (SSH servers are frequently configured to
-require public key logins and reject passwords, to remove the threat of
-password-guessing attacks, at the expense of requiring users to carry their
-private keys around with them).
+be granted to the authenticated username. A username and password is used
+for this purpose. (The SFTP protocol is also capable of using client
+RSA or DSA public keys, but this is not currently implemented.)
Tahoe provides two mechanisms to perform this user-to-rootcap mapping. The
first is a simple flat file with one account per line. The second is an
To use the first form, create a file (probably in
BASEDIR/private/ftp.accounts) in which each non-comment/non-blank line is a
-space-separated line of (USERNAME, PASSWORD/PUBKEY, ROOTCAP), like so:
+space-separated line of (USERNAME, PASSWORD, ROOTCAP), like so:
% cat BASEDIR/private/ftp.accounts
# This is a password line, (username, password, rootcap)
alice password URI:DIR2:ioej8xmzrwilg772gzj4fhdg7a:wtiizszzz2rgmczv4wl6bqvbv33ag4kvbr6prz3u6w3geixa6m6a
bob sekrit URI:DIR2:6bdmeitystckbl9yqlw7g56f4e:serp5ioqxnh34mlbmzwvkp3odehsyrr7eytt5f64we3k9hhcrcja
- # and this is a public key line (username, pubkey, rootcap)
- carol ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv2xHRVBoXnwxHLzthRD1wOWtyZ08b8n9cMZfJ58CBdBwAYP2NVNXc0XjRvswm5hnnAO+jyWPVNpXJjm9XllzYhODSNtSN+TXuJlUjhzA/T+ZwdgsgSAeHuuMQBoWt4Qc9HV6rHCdAeMhcnyqm6Q0sRAsfA/wfwiIgbvE7+cWpFa2anB6WeAnvK8+dMN0nvnkPE7GNyf/WFR1Ffuh9ifKdRB6yDNp17bQAqA3OWSFjch6fGPhp94y4g2jmTHlEUTyVsilgGqvGOutOVYnmOMnFijugU1Vu33G39GGzXWla6+fXwTk/oiVPiCYD7A7WFKes3nqMg8iVN6a6sxujrhnHQ== warner@fluxx URI:DIR2:6bdmeitystckbl9yqlw7g56f4e:serp5ioqxnh34mlbmzwvkp3odehsyrr7eytt5f64we3k9hhcrcja
+Future versions of Tahoe may support using client public keys for SFTP.
+The words "ssh-rsa" and "ssh-dsa" after the username are reserved to specify
+the public key format, so users cannot have a password equal to either of
+these strings.
-[TODO: the PUBKEY form is not yet supported]
-
-Note that if the second word of the line is "ssh-rsa" or "ssh-dss", the rest
-of the line is parsed differently, so users cannot have a password equal to
-either of these strings.
-
-Then add an 'accounts.file' directive to your tahoe.cfg file, as described
+Now add an 'accounts.file' directive to your tahoe.cfg file, as described
in the next sections.
% cd BASEDIR
% ssh-keygen -f private/ssh_host_rsa_key
+The server private key file must not have a passphrase.
+
Then, to enable the SFTP server with an accounts file, add the following
lines to the BASEDIR/tahoe.cfg file:
If SFTP is used to write to an existing mutable file, it will publish a
new version when the file handle is closed.
-Mutable files are not supported by the FTP frontend.
+Mutable files are not supported by the FTP frontend (ticket #680). Currently,
+a directory containing mutable files cannot even be listed over FTP.
projects / tahoe-lafs / tahoe-lafs.git / commitdiff