camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Cranton <sc...@cranton.com>
Subject Re: camel-ssh - SSH keys authentication
Date Fri, 15 Feb 2013 20:33:37 GMT
I've created an example showing camel-ssh deployed in Karaf using
classpath and file based public key security.

https://github.com/scranton/example-security-camel-ssh

I'll try to clean it up shortly, and submit to camel either updating
existing camel-ssh example, or adding as a new example...

Then look to update the doc...

On Fri, Feb 15, 2013 at 6:53 AM, Scott Cranton <scott@cranton.com> wrote:
> Excellent! thanks for the QA ;-)
>
> The camel-ssh doc clearly needs help, so any thoughts you have on how
> to update based on your recent experience would be most appreciated...
>
> On Fri, Feb 15, 2013 at 6:48 AM, Martin Stiborský
> <martin.stiborsky@gmail.com> wrote:
>> Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical
>> thing.
>>
>> ResourceKeyPairProvider keyPairProvider = new ResourceKeyPairProvider(
>>                 new String[]{pathToTheKey}, null,
>> this.getClass().getClassLoader());
>>
>> And camel-crypto, as new dependency, because org.bouncycastle.openssl ...
>>
>> Thanks a lot guys.
>>
>>
>> On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <scott@cranton.com> wrote:
>>
>>> Have you tried setting the keyPairProvider to an instance of
>>> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
>>> should work better in OSGi, though I haven't tried it recently...
>>>
>>> Re mulitple ids: you can add multiple component instances with
>>> different ids (e.g. sshGit) and reference them from Camel by those
>>> ids.
>>>
>>> addComponent("sshGit", sshGitComponent)
>>>
>>> .to("sshGit:git@localhost)
>>>
>>> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský
>>> <martin.stiborsky@gmail.com> wrote:
>>> > Often I found solution for a problem in few minutes after posting to
>>> > mailing list, so let's try the luck now :)
>>> >
>>> > Currently I'm digging in the camel-ssh, because definitely there is
>>> problem
>>> > with referencing the key file from resources.
>>> > The very first thing I should do was enabling debug for camel-ssh
>>> component
>>> > (surprise surprise...), because this:
>>> >
>>> > 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvider
>>> >            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
>>> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (No
>>> > such file or directory)
>>> >
>>> > I'll follow advice from Claus Ibsen and check ResourceHelper and how it
>>> > could be used in camel-ssh...
>>> >
>>> >
>>> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský <
>>> > martin.stiborsky@gmail.com> wrote:
>>> >
>>> >> One more weird thing, from the log file:
>>> >>
>>> >> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionImpl
>>> >>            | 24 - org.apache.sshd.core - 0.8.0 | Session
>>> >> null@my-git.server.com/10.xx.xx.xx:22 closed
>>> >>
>>> >> The "null"…I assume there should be username :)
>>> >>
>>> >>
>>> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský <
>>> >> martin.stiborsky@gmail.com> wrote:
>>> >>
>>> >>> So, maybe the problem is really in the camel-ssh component, because,
>>> it's
>>> >>> possible to get the key from resources, like that:
>>> >>>
>>> >>>         from("cxfrs:bean:gitServer")
>>> >>>                 .routeId("GitRoutes")
>>> >>>                 .choice()
>>> >>>
>>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>> >>>                 .setBody(constant("info"))
>>> >>>                 .process(new Processor() {
>>> >>>                     @Override
>>> >>>                     public void process(Exchange exchange) throws
>>> >>> Exception {
>>> >>>                         InputStream is =
>>> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
>>> >>>                         String myString = IOUtils.toString(is,
>>> "UTF-8");
>>> >>>
>>> >>>                         exchange.getOut().setBody(myString);
>>> >>>                     }
>>> >>>                 });
>>> >>>
>>> >>> So, no OSGi trouble here I guess…
>>> >>>
>>> >>>
>>> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský <
>>> >>> martin.stiborsky@gmail.com> wrote:
>>> >>>
>>> >>>> Ok, so camel-ssh needs some love, to make it better…ok.
>>> >>>> But without modifications in camel-ssh, I'm just not able to
use it
>>> with
>>> >>>> my SSH key, I tried like all possible combinations now.
>>> >>>>
>>> >>>>         SshComponent sshGitComponent = new SshComponent();
>>> >>>>         sshGitComponent.setHost("localhost");
>>> >>>>         sshGitComponent.setPort(22);
>>> >>>>         sshGitComponent.setUsername("git");
>>> >>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new
>>> >>>> String[]{"gitkeys/mykey.pem"}));
>>> >>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
>>> >>>>
>>> >>>>         getContext().removeComponent("ssh");
>>> >>>>         getContext().addComponent("ssh", sshGitComponent);
>>> >>>>
>>> >>>>         from("cxfrs:bean:gitServer")
>>> >>>>                 .routeId("GitRoutes")
>>> >>>>                 .choice()
>>> >>>>
>>> >>>>
>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>> >>>>                     .setBody(constant("info"))
>>> >>>>                     .to("ssh:git@localhost");
>>> >>>>
>>> >>>> Why the removeComponent and the addComponent? I'd like to add
new
>>> >>>> instance of SshComponent, under different id, but when I do
that,
>>> >>>> Camel stucks on start, trying to find this new component…so
I'm doing
>>> >>>> something wrong there probably…
>>> >>>>
>>> >>>> In src/main/resources/gitkeys/mykey.pem is the key…but as
I said, it
>>> >>>> doesn't work for me, or I missed the correct combination…I
tried also
>>> >>>> classpath and file prefix, but no luck.
>>> >>>>
>>> >>>> The unit test works fine…problem is in the OSGi I guess…some
classpath
>>> >>>> issue? I don't know, I have quite a headache from this already,
need a
>>> >>>> break.
>>> >>>>
>>> >>>>
>>> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.com
>>> >wrote:
>>> >>>>
>>> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský
>>> >>>>> <martin.stiborsky@gmail.com> wrote:
>>> >>>>> > Still one problem…the unit test was fine, but now
in OSGi
>>> environment,
>>> >>>>> > there are more troubles…
>>> >>>>> > Is there some trick how to get resource from a bundle?
I can't get
>>> a
>>> >>>>> > reference to the key file stored in src/main/resources
:(
>>> >>>>> >
>>> >>>>>
>>> >>>>> I guess maybe camel-ssh should load the cert file like we
do in other
>>> >>>>> components using ResourceHelper.
>>> >>>>> Then we can load from classpath (osgi and the rest of the
world),
>>> files
>>> >>>>> etc.
>>> >>>>>
>>> >>>>> eg prefix with classpath: or file:
>>> >>>>>
>>> >>>>>
>>> >>>>> >
>>> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský
<
>>> >>>>> > martin.stiborsky@gmail.com> wrote:
>>> >>>>> >
>>> >>>>> >> I can try help there as well. I was looking for
a chance to make
>>> my
>>> >>>>> "first
>>> >>>>> >> camel commit" anyway :)
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton
<
>>> scott@cranton.com>
>>> >>>>> wrote:
>>> >>>>> >>
>>> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh
page does need some
>>> >>>>> >>> attention. Thanks for the feedback, and I look
forward to seeing
>>> >>>>> your
>>> >>>>> >>> suggested updates to the doc.
>>> >>>>> >>>
>>> >>>>> >>> The certFilename is just a shorthand for creating
a
>>> >>>>> >>> FileKeyPairProvider, which is identical to
what the
>>> >>>>> >>> SshComponentSecurityTest is doing
>>> >>>>> >>>
>>> >>>>> >>>     sshComponent.setKeyPairProvider(new FileKeyPairProvider(new
>>> >>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
>>> >>>>> >>>
>>> >>>>> >>> but I see in the tests, I'm using the same
resource for both
>>> >>>>> producer
>>> >>>>> >>> and consumer, so to your point about when public
key, when
>>> private,
>>> >>>>> I
>>> >>>>> >>> should check that, update the tests, and most
importantly update
>>> the
>>> >>>>> >>> docs as it isn't clear...
>>> >>>>> >>>
>>> >>>>> >>> Thanks,
>>> >>>>> >>> Scott
>>> >>>>> >>>
>>> >>>>> >>>
>>> >>>>> >>>
>>> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborský
>>> >>>>> >>> <martin.stiborsky@gmail.com> wrote:
>>> >>>>> >>> > As usually, problem solved few minutes
after I posted this
>>> "call
>>> >>>>> for
>>> >>>>> >>> help
>>> >>>>> >>> > message".
>>> >>>>> >>> > Really there was a problem with loading
the private key from
>>> >>>>> resources.
>>> >>>>> >>> >
>>> >>>>> >>> > Now it works...my next message will be
about updating the
>>> >>>>> camel-ssh
>>> >>>>> >>> wiki :)
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin
Stiborský <
>>> >>>>> >>> > martin.stiborsky@gmail.com> wrote:
>>> >>>>> >>> >
>>> >>>>> >>> >> Hello guys,
>>> >>>>> >>> >> I need to use camel-ssh in my route,
also, I need
>>> authentication
>>> >>>>> with
>>> >>>>> >>> SSH
>>> >>>>> >>> >> keys to the remote server.
>>> >>>>> >>> >> I can't figure out how to configure
the SSH producer in Camel.
>>> >>>>> >>> >>
>>> >>>>> >>> >> Now I started digging in camel-ssh
source codes, but that is a
>>> >>>>> long
>>> >>>>> >>> trip
>>> >>>>> >>> >> for me right now :(
>>> >>>>> >>> >>
>>> >>>>> >>> >> First of all, I'm not sure, what is
difference between
>>> >>>>> "certFilename"
>>> >>>>> >>> and
>>> >>>>> >>> >> "keyPairProvider" options for the
ssh endpoint?
>>> >>>>> >>> >>
>>> >>>>> >>> >> Then, the private key have to be provided
for the ssh
>>> endpoint,
>>> >>>>> right?
>>> >>>>> >>> The
>>> >>>>> >>> >> public key is configured on the remote
server account...
>>> >>>>> >>> >> Also, in which format the SSH private
key should be? PEM?
>>> >>>>> >>> >> Like this?
>>> >>>>> >>> >>
>>> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform
pem > id_rsa.pem
>>> >>>>> >>> >>
>>> >>>>> >>> >> I guess so, because it's like this
here:
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem
>>> >>>>> >>> >>
>>> >>>>> >>> >> I'm not even sure if the key is loaded
properly in the Java
>>> code
>>> >>>>> from
>>> >>>>> >>> >> resources directory, because the exception
I see there is:
>>> >>>>> >>> >>
>>> >>>>> >>> >> ==========
>>> >>>>> >>> >> Caused by: java.io.IOException: Error
performing public key
>>> >>>>> >>> authentication
>>> >>>>> >>> >> at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86)
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146)
>>> >>>>> >>> >> at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113)
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>>
>>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
>>> >>>>> >>> >> ... 72 more
>>> >>>>> >>> >> Caused by: java.lang.NullPointerException
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59)
>>> >>>>> >>> >> ... 75 more
>>> >>>>> >>> >> ==========
>>> >>>>> >>> >>
>>> >>>>> >>> >> Note the NullPointerException ...
>>> >>>>> >>> >>
>>> >>>>> >>> >> But I tried to follow this (
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
>>> >>>>> )
>>> >>>>> >>> test,
>>> >>>>> >>> >> so I guess it should work...
>>> >>>>> >>> >>
>>> >>>>> >>> >> Could you give me at least some hint?
>>> >>>>> >>> >> I promise I'll extend Camel wiki related
to this topic
>>> >>>>> definitely :P
>>> >>>>> >>> >>
>>> >>>>> >>> >> --
>>> >>>>> >>> >> S pozdravem / Best regards
>>> >>>>> >>> >> Martin Stiborský
>>> >>>>> >>> >>
>>> >>>>> >>> >> Jabber: stibi@njs.netlab.cz
>>> >>>>> >>> >> Twitter: http://www.twitter.com/stibi
>>> >>>>> >>> >>
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> > --
>>> >>>>> >>> > S pozdravem / Best regards
>>> >>>>> >>> > Martin Stiborský
>>> >>>>> >>> >
>>> >>>>> >>> > Jabber: stibi@njs.netlab.cz
>>> >>>>> >>> > Twitter: http://www.twitter.com/stibi
>>> >>>>> >>>
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >> --
>>> >>>>> >> S pozdravem / Best regards
>>> >>>>> >> Martin Stiborský
>>> >>>>> >>
>>> >>>>> >> Jabber: stibi@njs.netlab.cz
>>> >>>>> >> Twitter: http://www.twitter.com/stibi
>>> >>>>> >>
>>> >>>>> >
>>> >>>>> >
>>> >>>>> >
>>> >>>>> > --
>>> >>>>> > S pozdravem / Best regards
>>> >>>>> > Martin Stiborský
>>> >>>>> >
>>> >>>>> > Jabber: stibi@njs.netlab.cz
>>> >>>>> > Twitter: http://www.twitter.com/stibi
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> --
>>> >>>>> Claus Ibsen
>>> >>>>> -----------------
>>> >>>>> Red Hat, Inc.
>>> >>>>> FuseSource is now part of Red Hat
>>> >>>>> Email: cibsen@redhat.com
>>> >>>>> Web: http://fusesource.com
>>> >>>>> Twitter: davsclaus
>>> >>>>> Blog: http://davsclaus.com
>>> >>>>> Author of Camel in Action: http://www.manning.com/ibsen
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> --
>>> >>>> S pozdravem / Best regards
>>> >>>> Martin Stiborský
>>> >>>>
>>> >>>> Jabber: stibi@njs.netlab.cz
>>> >>>> Twitter: http://www.twitter.com/stibi
>>> >>>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> S pozdravem / Best regards
>>> >>> Martin Stiborský
>>> >>>
>>> >>> Jabber: stibi@njs.netlab.cz
>>> >>> Twitter: http://www.twitter.com/stibi
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> S pozdravem / Best regards
>>> >> Martin Stiborský
>>> >>
>>> >> Jabber: stibi@njs.netlab.cz
>>> >> Twitter: http://www.twitter.com/stibi
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > S pozdravem / Best regards
>>> > Martin Stiborský
>>> >
>>> > Jabber: stibi@njs.netlab.cz
>>> > Twitter: http://www.twitter.com/stibi
>>>
>>
>>
>>
>> --
>> S pozdravem / Best regards
>> Martin Stiborský
>>
>> Jabber: stibi@njs.netlab.cz
>> Twitter: http://www.twitter.com/stibi

Mime
View raw message