Total Commander

Maybe this option is described somewhere - but I did not find it.
So my main pain right now - when I am using my favorite sftp plugin - I have to save passwords for my sftp hosts inside the wcx_ftp.ini file -
coz used by me plugin do save inside this file. BUT each time - when I am trying to enter at my saved sftp host entry - Total Commander asks to enter the master password.
But I do NOT want to use again and master password! At all! How to disable this feature at all?

Maybe enter new empty master-password?

No - empty is equal to non-empty. I still will see the window with request to enter master pass. And still have to press OK button even for empty pass.
I do not want to use this Master Pass at all. So somewhere should be an option - disable using of Master Pass at all.

There is no secure way to store a password without using another (master) password. Why? If TC could decrypt it without a password, then a malicious tool could do the same. For that, the tool doesn't even need to run on your PC, it's enough if it can get the file with the passwords.

I am talking not about using FTP connections - but about sftp connections, which are in fact - standalone plugins. So IF inside the plugin the password IS encrypting somehow - then why we should add additional level of the secure from TC side? I mean - in file wcx_ftp.ini pass has already been saved as encrypted as I see. Or not?

AFAIK it is plugin who asks TC to store passwords in a secure storage (there is a special callback function for that). And when plugin stores its password in that storage, TC encrypts it, just because it is a secure storage (anyway TC can't know is stored password already encrypted or not).

The SFTP plugin isn't encrypting the password, it wouldn't make any sense to encrypt it twice. Even if it did, what password should it use to encrypt it? A hard-coded password?

Stop using a password for your sftp account at all. You can access your SFTP server via SSH using Putty. Create a certificate with a passphrase and store the public part in the personal area of your sftp server. Use the Pageant program (belongs to the Putty package) to make the key (public and private part) ready to use on all servers where you stored the certificate. You have to key in the passphrase(s) of your stored certificate(s) once per Pageant Start and can log in to the sftp server(s) as often as you wish without using a master password or a passphrase a second time.
The details of how to create and use the certificates is found in the openssh help. Hard stuff, I know.

bafibo wrote:Stop using a password for your sftp account at all. You can access your SFTP server via SSH using Putty. Create a certificate with a passphrase and store the public part in the personal area of your sftp server. Use the Pageant program (belongs to the Putty package) to make the key (public and private part) ready to use on all servers where you stored the certificate. You have to key in the passphrase(s) of your stored certificate(s) once per Pageant Start and can log in to the sftp server(s) as often as you wish without using a master password or a passphrase a second time.
The details of how to create and use the certificates is found in the openssh help. Hard stuff, I know.

No need for Putty, here we want the file system in TC !
TC's sftp plugin supports certificate login or Pageant since a long time .

and I can't change all IT stuff. So it works like it was done many years ago. No keys - only login-password.

and of course Horst.Epp is right - "we want the file system in TC!"