Passwords and RSA Keys

Learn about authentication in Couchdrop

Authentication in Couchdrop comes in two flavours. Password based authentication, and for SFTP and SCP, RSA based authentication. Couchdrop has extensive support for both, and users can self manage keys and passwords if granted access to the Couchdrop Web App.

Most of the options here are only relevant for SFTP and SCP based authentication. The web interface does not support key based authentication.

Password only authentication

Password only authentication is the default setting for Couchdrop. When a user is first configured, they will need to provide a secure password that is used to login to both the web app and the SFTP and SCP server.

Passwords can be managed and changed by an administrator and the user themselves.

All users, regardless of key settings, need a password to be configured.

RSA (and others) key based authentication

Couchdrop supports standard key based authentication for SFTP and SCP. Key based authentication requires a private key and a public key. The public key is shared with Couchdrop and the private key remains a secret.

Keys can be re-used across multiple users and are configurable under Administration --> Users --> RSA Public Keys

Supported Key Types

We support the following key types.

Key Type
Description

RSA

The most common key type - by far. RSA keys are considered secure and have stood the test of time.

DSA

The precursor to RSA. Using DSA keys is generally frowned upon, but well supported in Couchdrop

ECDSA

The newest kid on the block.

Generating a new key

Creating a new key is not something that we facilitate inside Couchdrop. This is to ensure that Couchdrop is never the holder (even by accident) of SSH private keys. Not to worry, creating a key pair is simple.

On a Mac, Linux Box or any other Unix Server:

From a console:

#> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/.ssh/id_rsa): abc    
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in abc
Your public key has been saved in abc.pub
The key fingerprint is:
SHA256:slEtu8kkv6OwfhQSu0FDicYxfixekXAqXSZicPNlAJ0 donald@internet.box
The key's randomart image is:
+---[RSA 3072]----+
|+oOBB=o          |
|.=+@E+   .       |
|..=.=+  o .      |
| o ++ .. o       |
|  .  ++.S        |
|    . .O o       |
|    ... =        |
|     o. ..       |
|   .o.....       |
+----[SHA256]-----+

This will generate two files.

  • abc

  • abc.pub

The abc.pub file is what we need.

Open the file and copy it to Couchdrop: The file will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGB7TVVHUukb4cCDHQqmomNblw4vBOYabZyrJ7fGumI9+3N9YBZewkekcKESyjYqymbPal8cOEMOXToiDEhI04oEkcFYy3LWbclt+qEaakKqBWMJqJp3+V0LE+RfichkfZvBuhYhgP7iS4UVbtk8+KMqHz2E3PUHGULQ+rGBItg0ieOC8Z/6IA+nLyogopuvoABvp10HH2p8nl/zux6GJsx6PKPXABaxvoaxqPIpmQDvFJAO4p+q3S4xe0em60x6Y4AEDZnmGtlcURElVM9lxp/FXMKPEyb7qLyKmh++LRtKH5GnBehMZdzOyQJFQxZMk849lwcUNp3x2qTJVUvW0vsSq6X7UrGlUTHdJ3uFrMrJmk3+f499BaKw9n8t28Gx57W3CueuJZ7a9n/a5DSBG0gzR7GzZxhhXSrKIM7ilK+HVrE19/XdutKootd5f6kmtZpub6+lSLoPI0Ht6p9pgLKCsLhbS3t7Esy1T9g1mGChV5Qd0D2LPPSsUiVAf/jik= michaellawson@Michaels-MBP-2.fritz.box

Never share your private key. It's safe to share the public key, but not the private key.

Adding the public key to Couchdrop

Arguably the easiest step in the process.

  • Login to Couchdrop

  • Navigate to the user Administration --> Users --> User --> RSA Public Keys

  • Paste the public key into the field and click add.

You can add as many keys to a user account as you like. We don't judge.

Password and Key Authentication

For additional security, some clients support requiring both a key and a password for successful authentication. Couchdrop supports this out of the box and this can be enforced by toggling the option: Require Password and Public Key

Last updated