Hi, I'm a bit stumped evaluating your product. I created a few individual bug and feature requests, but would like to describe my complete use case, so you have the whole context.
I have an AWS EC2 Ubuntu server, to which I need key-based SSH, SCP and SFTP access for both automated build-tools and manual administration.
I'm also evaluating jumpcloud to push public keys to the server, which works so far.
So first I create a private key entry. Here I immediately hit the first problem: There is no button to generate a key, just load or paste.
So I close the new key entry wizard and head over to the SSH Key Generator and generate a key. It doesn't remember my last used key size, so I have to remember to change the setting. Same for the comment. If there was a button in the private key entry, it could offer the same settings as in the currently saved key.
I generate the key and click save, and it offers to save by default as PKCS#8, which is the only format in the dropdown that is understood by neither (!) WinSCP nor FileZilla (this alone cost me hours to figure out). Please make the SSH Key generator suggest putty private key by default (understood by WinSCP and FileZilla), and / or save my last used setting.
Ok so I save as putty private key on the desktop, create the a new private key entry in RDM, and load the key from the desktop.
I'm already thinking ahead to key rotation, and what can go wrong with all those manual steps and pitfalls.
Next I want to test SSH access, and I look for PuTTY, but only see SSH Shell. I'm confused, because for SFTP there is built-in, WinSCP and FileZilla, but for SSH there is only one option. So is this built-in? PuTTY? Something else?
Anyway, I create the SSH entry, put hostname and pick the private key from the credentials repository.
Connection works immediately, nice! (jumpcloud had enough time to push the key in the meantime...)
Ok now SFTP access, first WinSCP: I create the entry, set the host, switch from FTP to SFTP and select the private key from the credentials repository.
Connection: Works immediately, nice!
But alas, I cannot create a new file in my user's home directory, the error message says "Unable to use key file <path to temp dir>". I head over to the temp dir, delete everything (because the path was in the temp dir root, not inside RDM subfolder). I open another WinSCP session, and see the putty key file appear, and then after successful connection immediately disappear. What?
I head back to the private key entry and change the type from "Data" to "File", although why would I then use RDM in the first place, if I have to store the key file somewhere else?
Ok, that worked, I was able to connect and create a new file in my home dir.
Now, I'm already thinking, what's the point in using RDM, if I cannot use WinSCP with the private key stored as data inside RDM data source?
Anyway, next I try to create a new folder in the root dir, which fails as expected because I am not logged in as root. I try to find the setting in the WinSCP entry properties to configure the server command to "sudo on login", but there is no such configuration available. There is for the built-in SFTP, but not for WinSCP (I created a feature request for this).
Now I give up with WinSCP, both problems (data key and sudo on login) are blockers.
Out of curiosity, I also try FileZilla, even though I know it cannot do sudo on login (or at least I do not know how). I also created a feature request on the FileZilla issue tracking site for this.
I create a new SFTP FileZilla entry, set the host, switch from FTP to SFTP and select the private key from the credentials repository.
I try to connect, but no, FATAL ERROR: No supported authentication methods available (server sent: publickey).
I open FileZilla standalone, create a new site, enter host, change protocol to SFTP, logon type key file and make sure to select the same (putty) key file (on the desktop) that I configured for the private key entry in RDM. And voilà connection works immediately.
So the RDM FileZilla connection with key-based authentication doesn't work at all?
Maybe I'm just going at this completely the wrong way, I don't know. I do know that I wasted all of christmas trying to figure all of this out for a single test user with a single test server.
And what about build automation, how would I manage keys for that?