camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Cranton <sc...@cranton.com>
Subject Re: camel-ssh - SSH keys authentication
Date Fri, 15 Feb 2013 10:34:08 GMT
Have you tried setting the keyPairProvider to an instance of
org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
should work better in OSGi, though I haven't tried it recently...

Re mulitple ids: you can add multiple component instances with
different ids (e.g. sshGit) and reference them from Camel by those
ids.

addComponent("sshGit", sshGitComponent)

.to("sshGit:git@localhost)

On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský
<martin.stiborsky@gmail.com> wrote:
> Often I found solution for a problem in few minutes after posting to
> mailing list, so let's try the luck now :)
>
> Currently I'm digging in the camel-ssh, because definitely there is problem
> with referencing the key file from resources.
> The very first thing I should do was enabling debug for camel-ssh component
> (surprise surprise...), because this:
>
> 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvider
>            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
> /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (No
> such file or directory)
>
> I'll follow advice from Claus Ibsen and check ResourceHelper and how it
> could be used in camel-ssh...
>
>
> On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský <
> martin.stiborsky@gmail.com> wrote:
>
>> One more weird thing, from the log file:
>>
>> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionImpl
>>            | 24 - org.apache.sshd.core - 0.8.0 | Session
>> null@my-git.server.com/10.xx.xx.xx:22 closed
>>
>> The "null"…I assume there should be username :)
>>
>>
>> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský <
>> martin.stiborsky@gmail.com> wrote:
>>
>>> So, maybe the problem is really in the camel-ssh component, because, it's
>>> possible to get the key from resources, like that:
>>>
>>>         from("cxfrs:bean:gitServer")
>>>                 .routeId("GitRoutes")
>>>                 .choice()
>>>
>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>>                 .setBody(constant("info"))
>>>                 .process(new Processor() {
>>>                     @Override
>>>                     public void process(Exchange exchange) throws
>>> Exception {
>>>                         InputStream is =
>>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
>>>                         String myString = IOUtils.toString(is, "UTF-8");
>>>
>>>                         exchange.getOut().setBody(myString);
>>>                     }
>>>                 });
>>>
>>> So, no OSGi trouble here I guess…
>>>
>>>
>>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský <
>>> martin.stiborsky@gmail.com> wrote:
>>>
>>>> Ok, so camel-ssh needs some love, to make it better…ok.
>>>> But without modifications in camel-ssh, I'm just not able to use it with
>>>> my SSH key, I tried like all possible combinations now.
>>>>
>>>>         SshComponent sshGitComponent = new SshComponent();
>>>>         sshGitComponent.setHost("localhost");
>>>>         sshGitComponent.setPort(22);
>>>>         sshGitComponent.setUsername("git");
>>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new
>>>> String[]{"gitkeys/mykey.pem"}));
>>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
>>>>
>>>>         getContext().removeComponent("ssh");
>>>>         getContext().addComponent("ssh", sshGitComponent);
>>>>
>>>>         from("cxfrs:bean:gitServer")
>>>>                 .routeId("GitRoutes")
>>>>                 .choice()
>>>>
>>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>>>                     .setBody(constant("info"))
>>>>                     .to("ssh:git@localhost");
>>>>
>>>> Why the removeComponent and the addComponent? I'd like to add new
>>>> instance of SshComponent, under different id, but when I do that,
>>>> Camel stucks on start, trying to find this new component…so I'm doing
>>>> something wrong there probably…
>>>>
>>>> In src/main/resources/gitkeys/mykey.pem is the key…but as I said, it
>>>> doesn't work for me, or I missed the correct combination…I tried also
>>>> classpath and file prefix, but no luck.
>>>>
>>>> The unit test works fine…problem is in the OSGi I guess…some classpath
>>>> issue? I don't know, I have quite a headache from this already, need a
>>>> break.
>>>>
>>>>
>>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.com>wrote:
>>>>
>>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský
>>>>> <martin.stiborsky@gmail.com> wrote:
>>>>> > Still one problem…the unit test was fine, but now in OSGi environment,
>>>>> > there are more troubles…
>>>>> > Is there some trick how to get resource from a bundle? I can't get
a
>>>>> > reference to the key file stored in src/main/resources :(
>>>>> >
>>>>>
>>>>> I guess maybe camel-ssh should load the cert file like we do in other
>>>>> components using ResourceHelper.
>>>>> Then we can load from classpath (osgi and the rest of the world), files
>>>>> etc.
>>>>>
>>>>> eg prefix with classpath: or file:
>>>>>
>>>>>
>>>>> >
>>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský <
>>>>> > martin.stiborsky@gmail.com> wrote:
>>>>> >
>>>>> >> I can try help there as well. I was looking for a chance to
make my
>>>>> "first
>>>>> >> camel commit" anyway :)
>>>>> >>
>>>>> >>
>>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton <scott@cranton.com>
>>>>> wrote:
>>>>> >>
>>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does need
some
>>>>> >>> attention. Thanks for the feedback, and I look forward to
seeing
>>>>> your
>>>>> >>> suggested updates to the doc.
>>>>> >>>
>>>>> >>> The certFilename is just a shorthand for creating a
>>>>> >>> FileKeyPairProvider, which is identical to what the
>>>>> >>> SshComponentSecurityTest is doing
>>>>> >>>
>>>>> >>>     sshComponent.setKeyPairProvider(new FileKeyPairProvider(new
>>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
>>>>> >>>
>>>>> >>> but I see in the tests, I'm using the same resource for
both
>>>>> producer
>>>>> >>> and consumer, so to your point about when public key, when
private,
>>>>> I
>>>>> >>> should check that, update the tests, and most importantly
update the
>>>>> >>> docs as it isn't clear...
>>>>> >>>
>>>>> >>> Thanks,
>>>>> >>> Scott
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborský
>>>>> >>> <martin.stiborsky@gmail.com> wrote:
>>>>> >>> > As usually, problem solved few minutes after I posted
this "call
>>>>> for
>>>>> >>> help
>>>>> >>> > message".
>>>>> >>> > Really there was a problem with loading the private
key from
>>>>> resources.
>>>>> >>> >
>>>>> >>> > Now it works...my next message will be about updating
the
>>>>> camel-ssh
>>>>> >>> wiki :)
>>>>> >>> >
>>>>> >>> >
>>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborský
<
>>>>> >>> > martin.stiborsky@gmail.com> wrote:
>>>>> >>> >
>>>>> >>> >> Hello guys,
>>>>> >>> >> I need to use camel-ssh in my route, also, I need
authentication
>>>>> with
>>>>> >>> SSH
>>>>> >>> >> keys to the remote server.
>>>>> >>> >> I can't figure out how to configure the SSH producer
in Camel.
>>>>> >>> >>
>>>>> >>> >> Now I started digging in camel-ssh source codes,
but that is a
>>>>> long
>>>>> >>> trip
>>>>> >>> >> for me right now :(
>>>>> >>> >>
>>>>> >>> >> First of all, I'm not sure, what is difference
between
>>>>> "certFilename"
>>>>> >>> and
>>>>> >>> >> "keyPairProvider" options for the ssh endpoint?
>>>>> >>> >>
>>>>> >>> >> Then, the private key have to be provided for the
ssh endpoint,
>>>>> right?
>>>>> >>> The
>>>>> >>> >> public key is configured on the remote server account...
>>>>> >>> >> Also, in which format the SSH private key should
be? PEM?
>>>>> >>> >> Like this?
>>>>> >>> >>
>>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem >
id_rsa.pem
>>>>> >>> >>
>>>>> >>> >> I guess so, because it's like this here:
>>>>> >>> >>
>>>>> >>>
>>>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem
>>>>> >>> >>
>>>>> >>> >> I'm not even sure if the key is loaded properly
in the Java code
>>>>> from
>>>>> >>> >> resources directory, because the exception I see
there is:
>>>>> >>> >>
>>>>> >>> >> ==========
>>>>> >>> >> Caused by: java.io.IOException: Error performing
public key
>>>>> >>> authentication
>>>>> >>> >> at
>>>>> >>> >>
>>>>> >>>
>>>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86)
>>>>> >>> >>  at
>>>>> >>> >>
>>>>> >>>
>>>>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146)
>>>>> >>> >> at
>>>>> >>> >>
>>>>> >>>
>>>>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113)
>>>>> >>> >>  at
>>>>> >>> >>
>>>>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
>>>>> >>> >> ... 72 more
>>>>> >>> >> Caused by: java.lang.NullPointerException
>>>>> >>> >>  at
>>>>> >>> >>
>>>>> >>>
>>>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59)
>>>>> >>> >> ... 75 more
>>>>> >>> >> ==========
>>>>> >>> >>
>>>>> >>> >> Note the NullPointerException ...
>>>>> >>> >>
>>>>> >>> >> But I tried to follow this (
>>>>> >>> >>
>>>>> >>>
>>>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
>>>>> )
>>>>> >>> test,
>>>>> >>> >> so I guess it should work...
>>>>> >>> >>
>>>>> >>> >> Could you give me at least some hint?
>>>>> >>> >> I promise I'll extend Camel wiki related to this
topic
>>>>> definitely :P
>>>>> >>> >>
>>>>> >>> >> --
>>>>> >>> >> S pozdravem / Best regards
>>>>> >>> >> Martin Stiborský
>>>>> >>> >>
>>>>> >>> >> Jabber: stibi@njs.netlab.cz
>>>>> >>> >> Twitter: http://www.twitter.com/stibi
>>>>> >>> >>
>>>>> >>> >
>>>>> >>> >
>>>>> >>> >
>>>>> >>> > --
>>>>> >>> > S pozdravem / Best regards
>>>>> >>> > Martin Stiborský
>>>>> >>> >
>>>>> >>> > Jabber: stibi@njs.netlab.cz
>>>>> >>> > Twitter: http://www.twitter.com/stibi
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> S pozdravem / Best regards
>>>>> >> Martin Stiborský
>>>>> >>
>>>>> >> Jabber: stibi@njs.netlab.cz
>>>>> >> Twitter: http://www.twitter.com/stibi
>>>>> >>
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > S pozdravem / Best regards
>>>>> > Martin Stiborský
>>>>> >
>>>>> > Jabber: stibi@njs.netlab.cz
>>>>> > Twitter: http://www.twitter.com/stibi
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Claus Ibsen
>>>>> -----------------
>>>>> Red Hat, Inc.
>>>>> FuseSource is now part of Red Hat
>>>>> Email: cibsen@redhat.com
>>>>> Web: http://fusesource.com
>>>>> Twitter: davsclaus
>>>>> Blog: http://davsclaus.com
>>>>> Author of Camel in Action: http://www.manning.com/ibsen
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> S pozdravem / Best regards
>>>> Martin Stiborský
>>>>
>>>> Jabber: stibi@njs.netlab.cz
>>>> Twitter: http://www.twitter.com/stibi
>>>>
>>>
>>>
>>>
>>> --
>>> S pozdravem / Best regards
>>> Martin Stiborský
>>>
>>> Jabber: stibi@njs.netlab.cz
>>> Twitter: http://www.twitter.com/stibi
>>>
>>
>>
>>
>> --
>> S pozdravem / Best regards
>> Martin Stiborský
>>
>> Jabber: stibi@njs.netlab.cz
>> Twitter: http://www.twitter.com/stibi
>>
>
>
>
> --
> S pozdravem / Best regards
> Martin Stiborský
>
> Jabber: stibi@njs.netlab.cz
> Twitter: http://www.twitter.com/stibi

Mime
View raw message