SFTP serve command with --auth-proxy - how to authenticate without private key?

What is the problem you are having with rclone?

I'm unsure how to authenticate using the rclone serve sftp command with --auth-proxy when you are only provided the user and public_key on stdin.

To do proper public key authentication, you would need to authenticate against the clients' private key, which is unavailable.

What is your rclone version (output from rclone version)

v1.53.3 on Debian 11

Which cloud storage system are you using? (eg Google Drive)

Google Cloud Storage (as the dynamic backend)

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone -v --gcs-bucket-policy-only --auth-proxy ./test_proxy.py serve sftp

Auth proxy implemented similar to here, with root being a GCS object path

The rclone config contents with secrets removed.

Provided above on command line

A log from the command with the -vv flag

No logs as a design question rather than a bug

You should find that rclone has done this already (over the ssh protocol) by the time it calls the auth proxy.

So rclone has checked that the user has the private part of the public key you've been passed. Its up to you to check that a) that the public key is OK to use and b) the user name is valid.

Normally rclone would check in the authorized keys file to see if the user is a valid user, but using the auth proxy you need to do that yourself.

Does that make sense?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.