camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: sftp with privateKeyFile using camel-ftp
Date Thu, 01 Jul 2010 06:21:47 GMT
Hi Bengt,

Did the jsch 0.1.43 release?
If so, I will head to update the OSGi feature and bundles.

Willem


Bengt Rodehav wrote:
> Claus,
> 
> A little update on this matter...
> 
> Atsuhiko at Jcarft gave me a fix version to test. It seems to solve the
> problems I had encountered. The fix was included in a release candidate for
> Jsch 0.1.43. I'm hoping they release this very soon. When they do, I wonder
> what has to be done in order to incorporate the new Jsch version into Camel?
> 
> It seems like Camel uses a repackaged (for OSGi) version of Jsch. The
> repackaging seems to be done by the ServiceMix team. I would of course want
> the Jsch fix to be part of the next Camel release (is there a planned date
> for 2.4?). I imagine it is just a matter of directing the dependencies to
> the new Jsch version since I don't think the API is changed. Will you (or
> someone on the Camel team) ask the ServiceMix guys to repackage the new Jsch
> version - or how does it usually work?
> 
> /Bengt
> 
> 2010/6/24 Bengt Rodehav <bengt@rodehav.com>
> 
>> Glad to be of help - as others help me.
>>
>> BTW just got an answer from Atsuhiko at Jcraft. He will try to fix this
>> tonight while watching Japan vs Denmark. Had to wish him good luck against
>> Denmark - sorry... Being Swedish I normally support Denmark and Norway when
>> we're not represented ourselves. But this time you were the ones who kicked
>> us out of the world cup :-)
>>
>> /Bengt
>>
>>
>> 2010/6/24 Claus Ibsen <claus.ibsen@gmail.com>
>>
>> Hi Bengt
>>> Thanks for sharing this information. Nice that you got the attention
>>> from JCraft. Then they may fix this in the near future.
>>> And thanks for helping out with the FTP component of Camel. Its now
>>> better thanks to you.
>>>
>>>
>>>
>>> On Thu, Jun 24, 2010 at 8:53 AM, Bengt Rodehav <bengt@rodehav.com> wrote:
>>>> Claus,
>>>>
>>>> It seems I stumbled on a bug in Jsch - must be in my genes...
>>>>
>>>> I have a conversation on their mailing list. Here is a link to the
>>> archives.
>>>> The latest messages are not yet in the archives but you can have a look
>>> in a
>>>> day or two.
>>>>
>>>>
>>> http://sourceforge.net/mailarchive/forum.php?thread_name=201006231155.UAA11635%40jcraft.com&forum_name=jsch-users
>>>> Basically, it seems like Jsch cannot handle situations where the server
>>>> requires more than one authentication method. In my case I required both
>>> a
>>>> private key AND a password. If I only require a private key or only
>>> require
>>>> a password then Jsch (and camel-ftp) works. Hope they will fix this
>>> promptly
>>>> but I have no insight as to how quick they release new versions of Jsch.
>>>>
>>>> /Bengt
>>>>
>>>>
>>>> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>>>>
>>>>> Logging patch is now attached to the JIRA.
>>>>>
>>>>> /Bengt
>>>>>
>>>>> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>>>>>
>>>>>> Claus,
>>>>>>
>>>>>> I'll try to get some help regarding this on the Jsch mailing list.
>>>>>>
>>>>>> Remember I told you nothing turns up in the log. I've looked at the
>>> source
>>>>>> code for camel-ftp (SftpOperations.java) and there is no logger
>>> attached to
>>>>>> Jsch. I created a JIRA for that:
>>>>>> https://issues.apache.org/activemq/browse/CAMEL-2842
>>>>>>
>>>>>> <https://issues.apache.org/activemq/browse/CAMEL-2842>I have
a patch
>>> that
>>>>>> I'll attach to the JIRA. I need to do a SVN update locally to be
able
>>> to
>>>>>> create a diff file but I cant currently connect to the SVN repository.
>>> I'll
>>>>>> attach the patch as soon as possible.
>>>>>>
>>>>>> /Bengt
>>>>>>
>>>>>> 2010/6/23 Bengt Rodehav <bengt@rodehav.com>
>>>>>>
>>>>>>  Hi Claus,
>>>>>>> Unfortunately I get nothing in the log. If it were the 256 limit
I
>>> was
>>>>>>> kind of expecting some kind of Exception. I've also been "bitten"
by
>>> it in
>>>>>>> the past and normally you get some kind of security related
>>> exception. Maybe
>>>>>>> it's caught somewhere...
>>>>>>>
>>>>>>> To be sure I'll download the updated policy files and also try
a
>>> separate
>>>>>>> client like you suggest.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> /Bengt
>>>>>>>
>>>>>>> 2010/6/23 Claus Ibsen <claus.ibsen@gmail.com>
>>>>>>>
>>>>>>> Hi
>>>>>>>> The key length restriction have bitten me in the past. You
had to
>>>>>>>> download a special extension and override some files in the
JRE to
>>> be
>>>>>>>> able to use longer keys. I think the restriction was very
low at the
>>>>>>>> time, like 256 or so.
>>>>>>>>
>>>>>>>> Since its JCraft that does the SFTP stuff you may have to
google a
>>> bit
>>>>>>>> and try reading some of their documentation how to do this.
Maybe
>>>>>>>> there is some help there.
>>>>>>>>
>>>>>>>> And I assume you dont get any errors or the likes in the
log /
>>> console?
>>>>>>>> And have you tried outside OSGi, eg from a plain unit test
also?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jun 22, 2010 at 11:08 PM, Bengt Rodehav <bengt@rodehav.com>
>>>>>>>> wrote:
>>>>>>>>> I'm trying to get sftp private key authentication to
work with
>>> sftp
>>>>>>>> with no
>>>>>>>>> luck. I have a route similar to the following:
>>>>>>>>>
>>>>>>>>> from("file:datadir").to("sftp://user@localhost
>>>>>>>>> /datadir?password=password&privateKeyFile=user.key");
>>>>>>>>>
>>>>>>>>> The sftp server is Serv-U. I generate key pairs using
Serv-U. The
>>>>>>>> public key
>>>>>>>>> is used by Serv-U while camel-ftp is configured with
the private
>>> key.
>>>>>>>> Camel
>>>>>>>>> manages to connect to Serv-U but never to log in. The
key type is
>>> DSA
>>>>>>>> and
>>>>>>>>> the key length is 1024. The private key looks lilke this:
>>>>>>>>>
>>>>>>>>> -----BEGIN DSA PRIVATE KEY-----
>>>>>>>>> MIIBugIBAAKBgQCR+zLyBwj0gcvNh6xmauvc2YdYYEjjoXdIUpzb01zmwFzqia9q
>>>>>>>>> nWCTL5t3iwqgBrZIxOa75M322OsG99+7JsBn1YaTxDJ4hSnX0dyheS620HsMFbP1
>>>>>>>>> 27LjYFX2mee8jeZN8GIUAdPLDHPkvGnlGfFFvj8f/IKfjAexECrBhlyhyQIVAI+1
>>>>>>>>> CU2hfXqiLDuIPKruy17wrzyVAoGAB7qCoD8vJPq4jMZ77Scv4dfWgz6F+LMImcl8
>>>>>>>>> QOIh+3f3JhJvR9f+hw1MGsg3l/z57GlfgXkqt420vTPI6OghELv/hauFNSExCKqv
>>>>>>>>> kJW+J7Hyoa0sGuf7Ihy9vC6PJnoNkopqqecwpAUUpvKahcZ1uvNnGfRDc5SGmuzn
>>>>>>>>> ZhKHy5ICgYBv94YBWdxGXWwcUKAmJrC+u3Xdnb8t1RY0RcrbKYqQe5Eekza4gh8B
>>>>>>>>> iGdLMBdX3CZlXINJRhsK0UU7E+edEIk+aCtAnFE2+S4zPqtpFGOLIjOQ+i2W5XZv
>>>>>>>>> MOHoxrse7qNvstZRc0BMaEKuKd9DW4wy9JMMZC7xChF8590rCaWA5gIURVR0jghL
>>>>>>>>> lZpwVaJtN6Yo7kUe9S8=
>>>>>>>>> -----END DSA PRIVATE KEY-----
>>>>>>>>>
>>>>>>>>> Is this a format that camel-ftp recognises? Can anyone
suggest how
>>> to
>>>>>>>> create
>>>>>>>>> a key pair that camel-ftp will recognise. I can then
try to see if
>>>>>>>> Serv-U
>>>>>>>>> also supports that?
>>>>>>>>>
>>>>>>>>> To verify that Serv-U works, I tried connecting with
Filezilla
>>> client.
>>>>>>>> It
>>>>>>>>> converted the private key to Putty format but then it
worked.
>>>>>>>>>
>>>>>>>>> Could it have anything to do with US export limitations?
Is the
>>> key to
>>>>>>>> long?
>>>>>>>>> /Bengt
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Claus Ibsen
>>>>>>>> Apache Camel Committer
>>>>>>>>
>>>>>>>> Author of Camel in Action: http://www.manning.com/ibsen/
>>>>>>>> Open Source Integration: http://fusesource.com
>>>>>>>> Blog: http://davsclaus.blogspot.com/
>>>>>>>> Twitter: http://twitter.com/davsclaus
>>>>>>>>
>>>>>>>
>>>
>>>
>>> --
>>> Claus Ibsen
>>> Apache Camel Committer
>>>
>>> Author of Camel in Action: http://www.manning.com/ibsen/
>>> Open Source Integration: http://fusesource.com
>>> Blog: http://davsclaus.blogspot.com/
>>> Twitter: http://twitter.com/davsclaus
>>>
>>
> 


Mime
View raw message