New SFTP plugin available now

Post by *ghisler(Author) » 2009-02-12, 16:34 UTC

Currently plugins cannot change the directory in the other panel, sorry. But you can create a button in the button bar, like this:

Command: cd \\SFTP\connection\path
Start path: c:\local\directory

The same will also work in the Ctrl+D menu (directory hotlist), where the other path is named "Target path".

Zabo · Post by *Zabo » 2009-02-18, 23:06 UTC

First of all... really beautiful plug-in! Thanks a lot! It was worth waiting!

Okay, everything is working fine, but there's one particular issue I want to mention. I think it's a rather rare situation, so no wonder it doesn't work in this case. This is it: I have a server with an AFS share with read/write restrictions. The only way to access those files through SSH, is to log in with a (Kerberos) user that has the right (AFS) authorisations. Simply put, it works like this:

SSH client -> SSH daemon -> PAM -> Get Kerberos credentials and create cache -> get AFS tokens/principal

Normally this whole sequence works automatically without configuration on the SSH client. It works in PuTTY and WinSCP. However in Total Commander it does not work, meaning: I can't get access to my files on the AFS share. Oddly enough, when I open a PuTTY session to the server at the same, I have access to the files on the AFS share (through TC)!

So I thought, maybe there's no Kerberos credential cache created for some reason. But no, the cache IS created. However, I noticed that the cache size was smaller and further inspection revealed that the cache was missing the required AFS principal.

Example 1, cache created in a PuTTY session:

Code: Select all

$ klist -c /tmp/krb5cc_BgpBvu
Credentials cache: FILE:/tmp/krb5cc_BgpBvu
        Principal: user@REALM

  Issued           Expires          Principal
Feb 18 23:42:23  Feb 19 19:42:23  krbtgt/REALM@REALM
Feb 18 23:42:23  Feb 19 19:42:23  afs@REALM

Example 2, cache created in a TC session:

Code: Select all

$ klist -c /tmp/krb5cc_F10417
Credentials cache: FILE:/tmp/krb5cc_F10417
        Principal: user@REALM

  Issued           Expires          Principal
Feb 18 23:37:01  Feb 19 19:37:01  krbtgt/REALM@REALM

So TC as SSH client does something different than PuTTY/WinSCP. The SSH server seems to respond differently to TC requests as it seems to skip some logic that prevents creating an AFS tokens/principal.

Christian, I think it's a lot of hassle to do debugging at the server-side, as you need a complete Kerberos/AFS setup to test on. Any chance you can figure out at the client-side why the TC plug-in works differently? Does it start the SSH session with different settings? In case you can't figure this out on your side, contact me. I will try to arrange a testing environment for you including SSH access and an AFS share.

I need to mention that SftpDrive has the same problem as the TC plug-in.

Alright, I hope this makes at least a bit of sense to you... Thanks in advance for looking into this issue!

Post by *ghisler(Author) » 2009-02-19, 17:20 UTC

Unfortunately Kerberos isn't currently supported because I don't have any possibility to test it. It seems that Kerberos needs a special authentication (GSSAPI).

Zabo · Post by *Zabo » 2009-02-19, 21:11 UTC

ghisler(Author) wrote:Unfortunately Kerberos isn't currently supported because I don't have any possibility to test it. It seems that Kerberos needs a special authentication (GSSAPI).

Well, you only need GSSAPI for password-less/SSO authentication. To make that work, there's a lot more needed, because it heavily depends on the OS configuration (not only the SSH client). But this is not what I need...

In my case it's enough to do the regular "keyboard-interactive" authentication with SSH. The SSH server daemon (through PAM) will determine whether to test the credentials (just username/password) against Kerberos or a local password database. The authentication between the SSH client and the server is exactly the same. It's just that I configured PAM to test against Kerberos instead of the default local password files. So, the SSH client (you as programmer) shouldn't really care whether I use Kerberos or not.

Actually, Kerberos works perfectly!! I can login, it's just that I'm lacking access to my AFS share. What happens behind the SSH server daemon is different when using TC from what happens when using PuTTY/WinSCP. In some way something that the SSH client does triggers different behaviour. I don't know, maybe a flag that TC doesn't set but PuTTY/WinSCP does? Or maybe some environment variables that must be set?

Well, if I have some time I will turn on debugging at the server-side and try to compare the behaviour of TC and PuTTY/WinSCP.

Cristian, is there a way to have more (debug) information when using the SFTP plug-in? That could be pretty useful during the log in phase.

Post by *ghisler(Author) » 2009-02-23, 16:51 UTC

In my case it's enough to do the regular "keyboard-interactive" authentication with SSH.

My plugin does support "keyboard-interactive" authentication, but it also supports password authentication and client certificates. If the server reports to support both "keyboard-interactive" and password, it uses password authentication.

You can create a log via Configuration - Options - FTP to see what authentication is used.

azThazehT · Post by *azThazehT » 2009-02-26, 11:30 UTC

First of all thanks for this loong waited great plugin

If special characters have to be escaped on the sftp server, copying has problems.
In my case i have a file with name "a$1.class" and i want to copy it on a solaris system over sftp. Sometimes it uploads as a.class sometimes it does not upload.
On solaris if you want to have a file name with '$' you have to escape it with '\'. So i think it's about escaping those special characters.

If you overcome this situation you will have my blessings

Post by *ghisler(Author) » 2009-02-26, 16:21 UTC

Unfortunately the plugin cannot know whether a specific server needs such escapings or not. If you (or someone at your company) knows to write C/C++, you can modify the plugin yourself, it's open source. You can use the free Visual Studio Express from Microsoft to change the plugin.

Lefteous · Post by *Lefteous » 2009-02-26, 16:42 UTC

2ghisler(Author)

You can use the free Visual Studio Express from Microsoft to change the plugin.

Is the Express Edition able to handle resource files?

fenix_productions · Post by *fenix_productions » 2009-02-26, 16:57 UTC

2Lefteous

Lefteous wrote:Is the Express Edition able to handle resource files?

You can't create them from IDE. You'll have to use external resources editor and add its output to VS project. At least that is what I had to do with svgwdx plug.

Post by *ghisler(Author) » 2009-02-26, 17:21 UTC

There is no editor, so you have to edit the .rc file by hand. But the plugin (including the resources) compiled just fine after a few changes (mostly typecasing for the Unicode functions).

I also had to explicitly enter the used libraries in the settings:
wsock32.lib kernel32.lib shell32.lib gdi32.lib user32.lib comdlg32.lib

In the .rc file, I had to change the line

#include "afxres.h"

to

#include "windows.h"
#define IDC_STATIC -1

because I had no MFC installed (don't know whether this is present on Visual Studio Express 2005 or not).

I can send you the needed changes by e-mail if you need them, I will include them in the next plugin version.

Lefteous · Post by *Lefteous » 2009-02-26, 17:38 UTC

I'm not sure if spending 300 bucks is worth for the standard edition just because the free version has no respource editor. I'm not going to handle them externally or manually. It seems to be some kind of rip-off to not include it in the free version.

ymfans · Post by *ymfans » 2009-03-04, 11:42 UTC

i find a bug:

this plugin can't copy file which's name including the '$' character.

such as : Main$1.class,ASDF$4.class

CoolWater · Post by *CoolWater » 2009-03-04, 13:44 UTC

ymfans wrote:i find a bug:

this plugin can't copy file which's name including the '$' character.

such as : Main$1.class,ASDF$4.class

I cannot confirm this (for debian). But, what happens is that everything from the $ sign on is removed from the filename, in your case Main$1.class becomes Main.class

Regards,
CoolWater

ymfans · Post by *ymfans » 2009-03-06, 06:10 UTC

CoolWater wrote:
ymfans wrote:i find a bug:

this plugin can't copy file which's name including the '$' character.

such as : Main$1.class,ASDF$4.class
I cannot confirm this (for debian). But, what happens is that everything from the $ sign on is removed from the filename, in your case Main$1.class becomes Main.class

Regards,
CoolWater

that will work well if i rename the filename to Main.class.

With this plugin,sometimes it don't copy the Main$1.class,sometimes it copy the Main.class's content and rename it to Main$1.class:

source:
Main.class 34k
Main$1.class 3k
Main$2.class 2k

copy:
Main.class 34k
Main$1.class 34k
Main$2.class 34k
all the three file's content is the same!!!

ymfans · Post by *ymfans » 2009-03-06, 09:52 UTC

azThazehT wrote:First of all thanks for this loong waited great plugin

If special characters have to be escaped on the sftp server, copying has problems.
In my case i have a file with name "a$1.class" and i want to copy it on a solaris system over sftp. Sometimes it uploads as a.class sometimes it does not upload.
On solaris if you want to have a file name with '$' you have to escape it with '\'. So i think it's about escaping those special characters.

If you overcome this situation you will have my blessings

the same problem