Following a recent increase in the frequency of brute force attacks on some of our servers, I finally decided to shut down all FTP services and to disable SSH password authentication, allowing only RSA authentication.
Unfortunately when it came to using Adobe Dreamweaver, I soon realized that I wouldn’t be able to use SSH keys. While the software supports SFTP connexions with password authentication, Adobe thought it wasn’t worth implementing support for SSH keys.
A Secure Workaround
While there is absolutely no way to make use of SSH keys in any version of Dreamweaver, here’s a little workaround:
- Download the Bitvise SSH Client (Tunnelier) here. It is free of charge for personal use.
- Launch the installer using all the default settings.
- Once the installation is completed, launch the Bitvise SSH Client software.
- Select the “Login” tab and enter the server’s hostname, the SSH port as well as the username:
- Click on “User keypair manager”. This window will appear:
- Click the “Generate New” button to generate a new pair of SSH keys.
- Use following settings for your new SSH keys:
- While you are not required to specify a passphrase, it is highly recommended to do so. If you don’t, anybody who gets their hands on your private SSH key file will be able to login to your server without any password. Once you are done, click on “Generate”.
- You will now see the new keypair:
- Select the new keypair and click on “Export”. Select “Export public key” and “OpenSSH format”.
- Click on “Export” and save the public key file to your hard drive using the “.pub” extension (not that it really matters).
- Close the keypair manager window and select the “Services” tab:
- Enable the FTP-to-SFTP Bridge service and leave the default configuration settings to their default values so that the service is enabled locally only.
- Select the “Options” tab and de-select “Open Terminal” and “Open SFTP”:
- Click on “Save profile” from the main menu.
- Before you can establish a connexion to your server using your new SSH keys, you must import them on your server first. For this tutorial, I will be using cPanel to do so.
- Log into cPanel (http://www.yourwebsite.com/cpanel) and click on “SSH/Shell Access”:
- On the next page, click the “Manage SSH Keys” button.
- Click on “Import Keys”:
- Enter your SSH key passphrase if you have one and copy the content from the public SSH key file (.pub) to the appropriate textarea. Click on “Import” when you’re done:
- Click on “Back to Manage Keys” and then on “Manage Authorization” next to the SSH key you have just imported:
- Click the “Authorize” button. Your new public SSH key should now be authorized:
- Now go back to Bitvise’s SSH client and click the “Login” button at the bottom to establish a connexion. You will be prompted to enter your passphrase if you specified one when creating the SSH key earlier.
- Once the SSH client has successfully established the connexion, launch Adobe Dreamweaver. Do not close the Bitvise SSH Client!
- Go to “Dreamweaver > Site > Manage Sites” and double-click your site to change its settings.
- Select “Servers” on the left and double-click the connexion you wish to modify:
- Select FTP as the connexion protocol and enter “localhost” in the “FTP Address” field. By default, the port should already be set to 21. Make sure to leave the username and password fields empty:
- Click the “Test” button to test the connexion. If it fails, have a look at the SSH client log window for any error message:
If you are concerned about the fact that the FTP-to-SFTP bridge is accepting anonymous connexions, keep in mind that the service is listening on the localhost interface exclusively (127.0.0.1) which means that it will not answer to requests from any other device on your LAN or WAN.