By default, for security reasons, Monsta disables SSH Agent Auth and Public Key Auth because SSH Agent Auth allows you to access SFTP hosts without entering a password. If your username and host are guessable, and the SSH agent is running on your web server, then it may be possible to for someone to access your remote server without entering any credentials.
Your Monsta install should be secured by some other mechanism (e.g. a .htaccess file to add extra authentication), or your SFTP host and username should not be guessable (e.g. not localhost/root). If you are confident that someone is not able to guess this information, then you can enable SSH Agent Auth.
SSH Public Key Auth lets you access SFTP hosts without entering a password. If your host, username and key paths are guessable, then it may be possible for someone to access your remote server without entering any credentials.
For example, your SSH keys are automatically generated in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, (or id_dsa and id_dsa.pub). These are easily guessable, and if you have put both on your web server then someone might be able to connect to localhost by entering these.
If you are sure that someone can not guess your SSH key paths, username or host, then you can SSH Public Key Auth.
If you installed Monsta version 2.1.5 or later, you will already have the necessary variables in your config.php file.
To enable SSH Agent authentication, change this line:
$configSSHAgentAuthEnabled = false;
to
$configSSHAgentAuthEnabled = true;
To enable SSH Public Key authentication, change this line:
$configSSHKeyAuthEnabled = false;
to
$configSSHKeyAuthEnabled = true;
If you installed a Monsta version less than 2.1.5, you will need to add these lines to your config.php to enable Agent auth and Public Key auth, respectively:
define("SSH_AGENT_AUTH_ENABLED", true);
or
define("SSH_KEY_AUTH_ENABLED", true);