gulp-sftp icon indicating copy to clipboard operation
gulp-sftp copied to clipboard

Published 20 hours ago verified publisher icon gtg092x

Use with ssh-copy-id - no passphrase given

Open ursbraem opened this issue 9 years ago • 9 comments

I tried to use gulp-sftp in gulpfile.js as such:

var sftpOptions = {
    host: 'example.org',
        user: 'username',
    remotePath: '/home/public_html/'
};

and then, later on

.pipe(sftp(sftpOptions));

I had hoped that gulp-sftp would access my local key I have created with ssh-copy-id, just as the terminal does, so no storing of passwords or passphrase in redundant places would be necessary. Is that possible?

Though, the following error is produced:

        throw new Error('Encrypted private key detected, but no passphrase giv
              ^
Error: Encrypted private key detected, but no passphrase given
    at Connection.connect (/Users/username/project/node_modules/gulp-sftp/node_modules/ssh2/lib/Connection.js:292:15)
    at Transform.pool (/Users/username/project/node_modules/gulp-sftp/index.js:209:11)
    at Transform.through.obj.finished [as _transform] (/Users/username/project/node_modules/gulp-sftp/index.js:229:14)
    at Transform._read (/Users/username/project/node_modules/gulp-sftp/node_modules/through2/node_modules/readable-stream/lib/_stream_transform.js:184:10)
    at Transform._write (/Users/username/project/node_modules/gulp-sftp/node_modules/through2/node_modules/readable-stream/lib/_stream_transform.js:172:12)
    at doWrite (/Users/username/project/node_modules/gulp-sftp/node_modules/through2/node_modules/readable-stream/lib/_stream_writable.js:237:10)
    at writeOrBuffer (/Users/username/project/node_modules/gulp-sftp/node_modules/through2/node_modules/readable-stream/lib/_stream_writable.js:227:5)
    at Transform.Writable.write (/Users/username/project/node_modules/gulp-sftp/node_modules/through2/node_modules/readable-stream/lib/_stream_writable.js:194:11)
    at DestroyableTransform.ondata (stream.js:51:26)
    at DestroyableTransform.emit (events.js:95:17)

Can you help me understand what I am doing and/or expecting wrong? About Encryption: I have activated Filevault on my mac, but that can't be what it means?

ursbraem avatar Oct 07 '14 15:10 ursbraem

I can try and recreate your issue, but what seems to be happening is that your private key at ~/.ssh/id_rsa is encrypted and needs a passphrase. Do you remember creating a local private key? If so, check the auth documentation for adding that passphrase to your .ftpass file.

I don't have a lot of time today, but I can further discuss this with you if you're new and getting into key-based auth.

gtg092x avatar Oct 12 '14 18:10 gtg092x

And this likely has nothing to do with filevault - this is about a private key with a passphrase. Check out this SO post about it.

gtg092x avatar Oct 12 '14 18:10 gtg092x

Thanks for the reply, and I understand more now. Yes, I have a local private key. I've set up .ftppass and entered the passphrase in there.

gulpfile.js

var sftpOptions = {
    host: 'web.server.com',
    auth: 'privateKeyEncrypted',
    remotePath: '/home/user/dir/'
};

.ftppass:

{
  "privateKeyEncrypted": {
    "user": "username",
    "passphrase": "mypassphraseincleartext"
  }
}

Now I get:

[22:54:32] Authenticating with private key.
events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: getaddrinfo ENOTFOUND
    at errnoException (dns.js:37:11)
    at Object.onanswer [as oncomplete] (dns.js:124:16)

Any idea where I could poke further? Server, path and user are correct.

And: why is it that I have to enter my passphrase here manually in the config, but not when, say, using SublimeSFTP with the key-pairs?

PS: in .ssh/config, I have set ForwardAgent yes.

ursbraem avatar Oct 12 '14 21:10 ursbraem

I'm pretty sure sublime stores the passphrase somewhere, it may be accessing your osx key chain, I don't really know.

As for the error, the stack trace is from a DNS lookup, so it's probably not finding your host. Make sure you can copy paste the host name directly into your console and ping it.

ping hostname.com

gtg092x avatar Oct 12 '14 21:10 gtg092x

I'm pretty sure sublime stores the passphrase somewhere, it may be accessing your osx key chain, I don't really know.

True that. On https://www.sublimetext.com/forum/viewtopic.php?f=2&t=8010 it says:

Sublime SFTP fully integrates with the OS X Keychain, Pageant (for Windows) and the various Linux keychain apps for SSH key passphrases.

Can gulp-sftp do that too? :-)

Make sure you can copy paste the host name directly into your console and ping it

I can ping it successfully, but I'll make more tries with different servers.

ursbraem avatar Oct 20 '14 09:10 ursbraem

@ursbraem - can you put that in as a feature request? I'll look into using a node keystore library. Also, any update on your host accessibility?

gtg092x avatar Oct 22 '14 19:10 gtg092x

put that in as a feature request

How / where do I do that?

any update on your host accessibility

I can't test it right now, but I will, with different accounts

ursbraem avatar Oct 23 '14 14:10 ursbraem

any update on your host accessibility

It's definitely a server issue. On another, more standard hosting, the authentication with the .ftppass file and the passphrase in cleartext works just fine.

Still, it feels bad to have my passphrase out in the wild. Well, it's not out in the wild. But I have to take extra care that the file is not being shared. In fact, to me, the passphrase is nearly more valuable than a single server password, as it's used in many more places. So I would have to exclude .ftppass from all sharing.

can you put that in as a feature request? I'll look into using a node keystore library.

Putting it in. Can I make a donation? :-)

ursbraem avatar Oct 27 '14 19:10 ursbraem

Can't argue with that - I'll get a tipjar together and cc you on the new issue. Thanks!

gtg092x avatar Nov 04 '14 01:11 gtg092x