Allow edit of SFTP public Key in web user admin interface
CompletedWith the new web user admin interface, it would be best to be able to edit the user's public key in-line, just like you do with the password field. This would remove the need to place a file on the SFTP server manually for new accounts.
-
Official comment
This feature is now available in Cerberus FTP Server 12.9. See our blog post for details:
-
Hey Brian,
Thank you very much for your feedback and for providing us an example. I have generated an internal request for this feature and submitted it to our product team for future consideration.
1 -
Is there any update on this.
This is the one major hurdle for our management staff to be able to transition to using the web interface 100%.
0 -
Hi Brian,
Thanks for reaching out. Unfortunately we don't have an update on this request at this time. Could you provide us a bit more information on the reason that this is such a hurdle for your management staff? When it comes to feature requests, the more information we have, the better it is for our product team. When we get feature requests, we like to know the context and background. The following bits of information are very helpful:
- What is the problem that this feature would fix?
- Why is it a problem?
- Is there a workaround you currently have for this problem?
- Do you have a suggestion on how you would like to see the problem fixed?
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
0 -
Hi Jeff-
Thank you for looking into this, this would be a huge improvement to the interface for us admins of CerberusSFTP.
What is the problem that this feature would fix?
The web interface allows you to add a user, and set a password for said user, but it does not allow you to set/change/edit the public keys. The problem is that user managers have to remote into a windows server and save a key file, and then specify the location of the file in the Cerberus web admin interface.
Why is it a problem?
1) Security - The server is less secure as users have to manage keys by connecting to the server's file system, and not directly via the cerberus sftp admin website.
2) Configuration errors - There is a higher chance of error for the wrong key to be saved/selected.
3) Non-unified experience - Having to setup the user in multiple locations, rather than a unified experience, makes the web interface less useful.
Is there a workaround you currently have for this problem?
Manually copying the keys.
Do you have a suggestion on how you would like to see the problem fixed?
Add a tab/section in the user configuration where we could paste the public key text, or upload the key directly.
How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
Admins are affected by this issue.Thank you,
-Brian0 -
Thank you very much for the feedback, Brian. I have updated the internal ticket with the information you have provided.
0 -
Hi Jeff-
I know you would probably not be able to commit to the timeline for this, but I would like to emphasize that this would be a HUGE improvement in the quality of life for this product for us. If there is anything I can do on my end to help move this along, or even test functionality I would be more than happy to help.
Thank you,
0 -
Thank you for the feedback, Brian. I have passed this along to our product team.
0 -
Hi Brian,
Thanks for checking up on this one. We're currently prototyping some ideas and investigating the feasability of including this in a near-term minor release.
The simplest approach that we could probably get in fairly quickly would be to allow copying and pasting the text of the public key into a text box, and either store that content or automatically write it out to a pre-determined file path for the user or group.
Are you currently working with native Cerberus users for this feature, or are you also using AD and/or LDAP users?
0 -
It would be awesome to be able to edit the key that way. We frequently run into the situation, where a user needs to send us a new public key. Public keys are typically test stored in the two approved formats.
If we were able to edit the key via the GUI by pasting in the key (and cerberus then updates the authorized key file for that user) then that would be great. I would like to see editing, not completely replacing the key if there is a kay that already exists. Furthermore, while Cerberus supports multiple keys per user, it does not currently does not support mixed-key types within the keyfile... but that is a different bug that should be fixed seperately.
We user Cerberus native users for the most part, with some from AD.
0 -
Hi Brian
Sorry it's taken me a few week's to reply.
I do have a prototype that allows an administrator to select a file on their local machine and upload it to the Cerberus server into a specific folder for a user or group. That works great, allows you to overwrite an existing file with the same name, or upload a new file and leave the existing one alone as long as the filenames are different (in case you decide you want to switch back to the old file). It also constrains uploads to a specific public keys folder for a given user or group so that addresses most security concerns I have.
There's also a separate option to edit an existing key file as well (and will optionally create a new key file for you if one is not currently selected). I think these will satisfy most use cases. We've also added some additional error checking, as well as showing the public key types and fingerprints for the keys in the file when testing or editing. We're curently targeting this for release in 12.9.
The support for mixed key types in a single file is a feature we are tracking separately. However, that's not likely to be something we will attempt to support. The keys in a client's public key file need to be in the same format. What we very well might add in the near future is an automatic conversion feature so you can easily convert a key to one of the two formats we currently support. That way you can add as many keys as you like, and they will all be in the same format.
I think we will have a near-term minor release that addresses your biggest pain points here and I'm looking forward to getting this out there and in your hands for feedback. Thanks!
0
Please sign in to leave a comment.
Comments
11 comments