There are two ways to add your keys to #FileZilla.
You can add your keys inside the "Site Manager":
Go to:
File -> Site manager ..
Protocol:
In the settings panel for a given site select sFTP:
Add domain IP or domain name:
Logon Type:
Select "Key File"
Add the user name to log onto the server:
Browse for the .ppk you want to add and select it:
FileZilla offers you also to add .pem (privkey.pem) files, that's the #puTTy option for a file containing only the extracted private key of keyfile.ppk. At the same time FileZilla doesn't read/accept .pem files so it will prompt you to transform it into a .ppk file. If your .ppk is protected by a password (it should be), you get prompted to insert the password.
It is not clear if the newly created .ppk file from the .pem file by FileZilla is protected with the same password. It doesn't feel like that.
Save the changes and connect to your server.
The other option to add your key to FileZilla is by adding it directly to the main settings.
Go to:
Edit-> Settings ..
Choose SFTP and select the "Add key file" tab:
Add the key file and save.
If you use the input fields and quick connect options of the main FileZilla window, the keys saved in settings will be retrieved.
@jesuisatirebitpickup does FileZilla still store all your credentials in plaintext?
Actually as of now I couldn't make it work because of problems with the user name login. When you add a .ppk that has password protection it doesn't ask for the password while adding the key(-location) so I guess it will ask you for the password every time you log onto your server.
I guess it lacks an encryption of the .ppk with a password when you read the privkey out of a .pem file but at the same time assumes that you password protect your fileZilla setup with the password options it ships.
Re-reading your question it looks to me that I didn't answer (get) your question @sej7278.
If you refer to user name, and hosting data I guess the answer is yes, it looks like plain text from the front end.
The password apparently at least can be protected by a general password manager.
Has there been general questioning of #FileZilla's safety?
Is there some recommendation for linux desktops?
@jesuisatirebitpickup I'm pretty surprised to see anyone using FileZilla on Linux (same goes for putty). Although I'm not sure what graphical alternatives there are other than gftp, I tend to just use ssh+scp.
But yes FileZilla has famously stored passwords in plaintext for years, I'm not sure if that includes key passphrases.
security.stackexchange.com hat geschrieben:
Regarding the issue mentioned by Adi about passwords being stored in plain text, it's good to know that since version 3.26.0-rc1 (2017-05-25), FileZilla has support for encrypted passwords protected by a master password. Hence, there is no reason to say that FileZilla is less secure than other FTP clients.
security.stackexchange.com/que…