What is a "master password" in SSH FTP?

[Red Squirrel]

I manage and host a website for a local take-out store and they got a 3rd party to implement online ordering as it handles all the CC stuff etc and they need access to the account. So I gave them SSH credentials to use SSH FTP and I am able to login fine myself.

They are asking for a "master password" and sent me this screenshot. I've never seen this before.



What exactly is this password and why would it be prompting them for it? The server is a fairly standard CentOS/Apache setup.

 

[ViRGE]

The master password is for FileZilla, not for the SSH connection.

FileZilla has a site manager to remember site login credentials. Previously this database was unencrypted, but now they offer the ability to encrypt it with a master password.

https://www.bleepingcomputer.com/ne...or-master-password-that-encrypts-your-logins/

The master password is user selected. So if you didn't put it on there, then your customers did.

 

[Red Squirrel]

Hmmm where is that stored then, like is it local to their own machine? Or is it something that gets created on the profile on my server in a hidden file or something? From their explaination, they login to the server but then it prompts them for another password.

They're suppose to call me today so I'll try to figure out more details. I can SSH with putty or with Filezilla so I'm starting to wonder if the problem is on their end. But they're a web design company they should probably know that stuff better than I do.

 

[ViRGE]

The master password is used locally. Think of it as an encryption key that it used to encrypt and decrypt the stored login credentials of a server. (I wouldn't really call it a stored element, but it's very much a local element)

 

[Red Squirrel]

Ah I see, no idea why they were asking me then. It does appear they have managed to get in since I see changes to the website.