Authentication in Couchdrop comes in two flavours. Password based authentication, and for SFTP and SCP, RSA based authentication. Couchdrop has extensive support for both, and users can self manage keys and passwords if granted access to the Couchdrop Web App.

Password only authentication

Password only authentication is the default setting for Couchdrop. When a user is first configured, they will need to provide a secure password that is used to login to both the web app and the SFTP and SCP server.

Passwords can be managed and changed by an administrator and the user themselves.

All users, regardless of key settings, need a password to be configured.

RSA (and others) key based authentication

Couchdrop supports standard key based authentication for SFTP and SCP. Key based authentication requires a private key and a public key. The public key is shared with Couchdrop and the private key remains a secret.

Keys can be re-used across multiple users and are configurable under Administration --> Users --> RSA Public Keys

Supported Key Types

We support the following key types.

Generating a new key

Creating a new key is not something that we facilitate inside Couchdrop. This is to ensure that Couchdrop is never the holder (even by accident) of SSH private keys. Not to worry, creating a key pair is simple.

On a Mac, Linux Box or any other Unix Server:

From a console:

#> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/.ssh/id_rsa): abc    
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in abc
Your public key has been saved in abc.pub
The key fingerprint is:
SHA256:slEtu8kkv6OwfhQSu0FDicYxfixekXAqXSZicPNlAJ0 donald@internet.box
The key's randomart image is:
+---[RSA 3072]----+
|+oOBB=o          |
|.=+@E+   .       |
|..=.=+  o .      |
| o ++ .. o       |
|  .  ++.S        |
|    . .O o       |
|    ... =        |
|     o. ..       |
|   .o.....       |
+----[SHA256]-----+

This will generate two files.

• abc

• abc.pub

The abc.pub file is what we need.

Open the file and copy it to Couchdrop: The file will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGB7TVVHUukb4cCDHQqmomNblw4vBOYabZyrJ7fGumI9+3N9YBZewkekcKESyjYqymbPal8cOEMOXToiDEhI04oEkcFYy3LWbclt+qEaakKqBWMJqJp3+V0LE+RfichkfZvBuhYhgP7iS4UVbtk8+KMqHz2E3PUHGULQ+rGBItg0ieOC8Z/6IA+nLyogopuvoABvp10HH2p8nl/zux6GJsx6PKPXABaxvoaxqPIpmQDvFJAO4p+q3S4xe0em60x6Y4AEDZnmGtlcURElVM9lxp/FXMKPEyb7qLyKmh++LRtKH5GnBehMZdzOyQJFQxZMk849lwcUNp3x2qTJVUvW0vsSq6X7UrGlUTHdJ3uFrMrJmk3+f499BaKw9n8t28Gx57W3CueuJZ7a9n/a5DSBG0gzR7GzZxhhXSrKIM7ilK+HVrE19/XdutKootd5f6kmtZpub6+lSLoPI0Ht6p9pgLKCsLhbS3t7Esy1T9g1mGChV5Qd0D2LPPSsUiVAf/jik= michaellawson@Michaels-MBP-2.fritz.box

Adding the public key to Couchdrop

Arguably the easiest step in the process.

• Login to Couchdrop

• Navigate to the user Administration --> Users --> User --> RSA Public Keys

• Paste the public key into the field and click add.

Password and Key Authentication

For additional security, some clients support requiring both a key and a password for successful authentication. Couchdrop supports this out of the box and this can be enforced by toggling the option: Require Password and Public Key