camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: sftp with privateKeyFile using camel-ftp
Date Thu, 24 Jun 2010 07:15:52 GMT
Hi Bengt

Thanks for sharing this information. Nice that you got the attention
from JCraft. Then they may fix this in the near future.
And thanks for helping out with the FTP component of Camel. Its now
better thanks to you.



On Thu, Jun 24, 2010 at 8:53 AM, Bengt Rodehav <bengt@rodehav.com> wrote:
> Claus,
>
> It seems I stumbled on a bug in Jsch - must be in my genes...
>
> I have a conversation on their mailing list. Here is a link to the archives.
> The latest messages are not yet in the archives but you can have a look in a
> day or two.
>
> http://sourceforge.net/mailarchive/forum.php?thread_name=201006231155.UAA11635%40jcraft.com&forum_name=jsch-users
>
> Basically, it seems like Jsch cannot handle situations where the server
> requires more than one authentication method. In my case I required both a
> private key AND a password. If I only require a private key or only require
> a password then Jsch (and camel-ftp) works. Hope they will fix this promptly
> but I have no insight as to how quick they release new versions of Jsch.
>
> /Bengt
>
>
> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>
>> Logging patch is now attached to the JIRA.
>>
>> /Bengt
>>
>> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>>
>>> Claus,
>>>
>>> I'll try to get some help regarding this on the Jsch mailing list.
>>>
>>> Remember I told you nothing turns up in the log. I've looked at the source
>>> code for camel-ftp (SftpOperations.java) and there is no logger attached to
>>> Jsch. I created a JIRA for that:
>>> https://issues.apache.org/activemq/browse/CAMEL-2842
>>>
>>> <https://issues.apache.org/activemq/browse/CAMEL-2842>I have a patch that
>>> I'll attach to the JIRA. I need to do a SVN update locally to be able to
>>> create a diff file but I cant currently connect to the SVN repository. I'll
>>> attach the patch as soon as possible.
>>>
>>> /Bengt
>>>
>>> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>>>
>>>  Hi Claus,
>>>>
>>>> Unfortunately I get nothing in the log. If it were the 256 limit I was
>>>> kind of expecting some kind of Exception. I've also been "bitten" by it in
>>>> the past and normally you get some kind of security related exception. Maybe
>>>> it's caught somewhere...
>>>>
>>>> To be sure I'll download the updated policy files and also try a separate
>>>> client like you suggest.
>>>>
>>>> Thanks,
>>>>
>>>> /Bengt
>>>>
>>>> 2010/6/23 Claus Ibsen <claus.ibsen@gmail.com>
>>>>
>>>> Hi
>>>>>
>>>>> The key length restriction have bitten me in the past. You had to
>>>>> download a special extension and override some files in the JRE to be
>>>>> able to use longer keys. I think the restriction was very low at the
>>>>> time, like 256 or so.
>>>>>
>>>>> Since its JCraft that does the SFTP stuff you may have to google a bit
>>>>> and try reading some of their documentation how to do this. Maybe
>>>>> there is some help there.
>>>>>
>>>>> And I assume you dont get any errors or the likes in the log / console?
>>>>> And have you tried outside OSGi, eg from a plain unit test also?
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Jun 22, 2010 at 11:08 PM, Bengt Rodehav <bengt@rodehav.com>
>>>>> wrote:
>>>>> > I'm trying to get sftp private key authentication to work with sftp
>>>>> with no
>>>>> > luck. I have a route similar to the following:
>>>>> >
>>>>> > from("file:datadir").to("sftp://user@localhost
>>>>> > /datadir?password=password&privateKeyFile=user.key");
>>>>> >
>>>>> > The sftp server is Serv-U. I generate key pairs using Serv-U. The
>>>>> public key
>>>>> > is used by Serv-U while camel-ftp is configured with the private
key.
>>>>> Camel
>>>>> > manages to connect to Serv-U but never to log in. The key type is
DSA
>>>>> and
>>>>> > the key length is 1024. The private key looks lilke this:
>>>>> >
>>>>> > -----BEGIN DSA PRIVATE KEY-----
>>>>> > MIIBugIBAAKBgQCR+zLyBwj0gcvNh6xmauvc2YdYYEjjoXdIUpzb01zmwFzqia9q
>>>>> > nWCTL5t3iwqgBrZIxOa75M322OsG99+7JsBn1YaTxDJ4hSnX0dyheS620HsMFbP1
>>>>> > 27LjYFX2mee8jeZN8GIUAdPLDHPkvGnlGfFFvj8f/IKfjAexECrBhlyhyQIVAI+1
>>>>> > CU2hfXqiLDuIPKruy17wrzyVAoGAB7qCoD8vJPq4jMZ77Scv4dfWgz6F+LMImcl8
>>>>> > QOIh+3f3JhJvR9f+hw1MGsg3l/z57GlfgXkqt420vTPI6OghELv/hauFNSExCKqv
>>>>> > kJW+J7Hyoa0sGuf7Ihy9vC6PJnoNkopqqecwpAUUpvKahcZ1uvNnGfRDc5SGmuzn
>>>>> > ZhKHy5ICgYBv94YBWdxGXWwcUKAmJrC+u3Xdnb8t1RY0RcrbKYqQe5Eekza4gh8B
>>>>> > iGdLMBdX3CZlXINJRhsK0UU7E+edEIk+aCtAnFE2+S4zPqtpFGOLIjOQ+i2W5XZv
>>>>> > MOHoxrse7qNvstZRc0BMaEKuKd9DW4wy9JMMZC7xChF8590rCaWA5gIURVR0jghL
>>>>> > lZpwVaJtN6Yo7kUe9S8=
>>>>> > -----END DSA PRIVATE KEY-----
>>>>> >
>>>>> > Is this a format that camel-ftp recognises? Can anyone suggest how
to
>>>>> create
>>>>> > a key pair that camel-ftp will recognise. I can then try to see
if
>>>>> Serv-U
>>>>> > also supports that?
>>>>> >
>>>>> > To verify that Serv-U works, I tried connecting with Filezilla client.
>>>>> It
>>>>> > converted the private key to Putty format but then it worked.
>>>>> >
>>>>> > Could it have anything to do with US export limitations? Is the
key to
>>>>> long?
>>>>> >
>>>>> > /Bengt
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Claus Ibsen
>>>>> Apache Camel Committer
>>>>>
>>>>> Author of Camel in Action: http://www.manning.com/ibsen/
>>>>> Open Source Integration: http://fusesource.com
>>>>> Blog: http://davsclaus.blogspot.com/
>>>>> Twitter: http://twitter.com/davsclaus
>>>>>
>>>>
>>>>
>>>
>>
>



-- 
Claus Ibsen
Apache Camel Committer

Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus

Mime
View raw message