How to make lftp to use key for authentication for sftp on Linux?

ByEric Ma

lftp with SSH key authentication for SFTP

If you’ve set up passwordless SSH login with key-based authentication but lftp keeps prompting for a password, you need to explicitly configure it to use your SSH keys.

The basic approach

The simplest method is to pass an empty password to lftp, which signals it to fall back on SSH key authentication:

lftp -u user, sftp://example.com

The trailing comma after the username (with no password) tells lftp to skip password authentication and use SSH keys instead. This works because lftp will attempt SSH key authentication when no password is provided.

Configuration file method

Rather than typing this every time, add it to your lftp rc file at ~/.lftprc:

set sftp:auto-confirm yes
set sftp:connect-timeout 10

Then create an entry in ~/.ssh/config to ensure your key is used:

Host example.com
    User user
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes

Now you can simply use:

lftp sftp://example.com

lftp will read your SSH config and use the specified key automatically.

Verify key-based auth is working

Before troubleshooting lftp, confirm SSH key authentication works directly:

ssh -v user@example.com

Look for Offering public key in the output. If you see Permission denied (publickey), your key isn’t properly configured on the remote server.

Check that:

  • Your public key is in ~/.ssh/authorized_keys on the remote server
  • Permissions are correct: 700 for ~/.ssh and 600 for authorized_keys
  • SSH key has appropriate permissions locally: 600 for private key, 644 for public key

Debugging lftp connection issues

Enable verbose output to see what’s happening:

lftp -d -u user, sftp://example.com

The -d flag shows debug output. Look for lines mentioning key files or authentication method. Common issues include:

  • lftp using a different SSH configuration: Ensure lftp is reading your ~/.ssh/config. Some systems may need you to explicitly point to it.
  • SSH agent not running: If your key requires a passphrase, start ssh-agent:
eval $(ssh-agent)
ssh-add ~/.ssh/id_ed25519

Then lftp will retrieve the unlocked key from the agent.

  • Wrong key path: lftp may not find your key if it’s in a non-standard location. Use the SSH config method above to specify the exact path.

Script automation

For automation in scripts, use a here-document to avoid interactive prompts:

lftp -u user, sftp://example.com << EOF
ls
quit
EOF

Or set an SSH agent in the script before running lftp:

export SSH_AUTH_SOCK=/tmp/ssh-agent-$USER.sock
ssh-agent -a $SSH_AUTH_SOCK
ssh-add ~/.ssh/id_ed25519
lftp -u user, sftp://example.com

Key takeaways

  • Empty password (-u user,) forces lftp to use SSH keys
  • Configure ~/.ssh/config for automatic key selection
  • Use ssh -v to verify key authentication works before debugging lftp
  • For passphrased keys, rely on ssh-agent for unattended access
  • Enable debug mode (-d flag) when troubleshooting connection problems
Read more:

Similar Posts

2 Comments

  1. Try this : Hope this will solve your problem

    lftp sftp://user:password@host:port -e “get file.name; bye”

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *