camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Stiborský <martin.stibor...@gmail.com>
Subject Re: camel-ssh - SSH keys authentication
Date Fri, 15 Feb 2013 11:48:03 GMT
Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical
thing.

ResourceKeyPairProvider keyPairProvider = new ResourceKeyPairProvider(
                new String[]{pathToTheKey}, null,
this.getClass().getClassLoader());

And camel-crypto, as new dependency, because org.bouncycastle.openssl ...

Thanks a lot guys.


On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <scott@cranton.com> wrote:

> Have you tried setting the keyPairProvider to an instance of
> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
> should work better in OSGi, though I haven't tried it recently...
>
> Re mulitple ids: you can add multiple component instances with
> different ids (e.g. sshGit) and reference them from Camel by those
> ids.
>
> addComponent("sshGit", sshGitComponent)
>
> .to("sshGit:git@localhost)
>
> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský
> <martin.stiborsky@gmail.com> wrote:
> > Often I found solution for a problem in few minutes after posting to
> > mailing list, so let's try the luck now :)
> >
> > Currently I'm digging in the camel-ssh, because definitely there is
> problem
> > with referencing the key file from resources.
> > The very first thing I should do was enabling debug for camel-ssh
> component
> > (surprise surprise...), because this:
> >
> > 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvider
> >            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (No
> > such file or directory)
> >
> > I'll follow advice from Claus Ibsen and check ResourceHelper and how it
> > could be used in camel-ssh...
> >
> >
> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský <
> > martin.stiborsky@gmail.com> wrote:
> >
> >> One more weird thing, from the log file:
> >>
> >> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionImpl
> >>            | 24 - org.apache.sshd.core - 0.8.0 | Session
> >> null@my-git.server.com/10.xx.xx.xx:22 closed
> >>
> >> The "null"…I assume there should be username :)
> >>
> >>
> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský <
> >> martin.stiborsky@gmail.com> wrote:
> >>
> >>> So, maybe the problem is really in the camel-ssh component, because,
> it's
> >>> possible to get the key from resources, like that:
> >>>
> >>>         from("cxfrs:bean:gitServer")
> >>>                 .routeId("GitRoutes")
> >>>                 .choice()
> >>>
> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
> >>>                 .setBody(constant("info"))
> >>>                 .process(new Processor() {
> >>>                     @Override
> >>>                     public void process(Exchange exchange) throws
> >>> Exception {
> >>>                         InputStream is =
> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
> >>>                         String myString = IOUtils.toString(is,
> "UTF-8");
> >>>
> >>>                         exchange.getOut().setBody(myString);
> >>>                     }
> >>>                 });
> >>>
> >>> So, no OSGi trouble here I guess…
> >>>
> >>>
> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský <
> >>> martin.stiborsky@gmail.com> wrote:
> >>>
> >>>> Ok, so camel-ssh needs some love, to make it better…ok.
> >>>> But without modifications in camel-ssh, I'm just not able to use it
> with
> >>>> my SSH key, I tried like all possible combinations now.
> >>>>
> >>>>         SshComponent sshGitComponent = new SshComponent();
> >>>>         sshGitComponent.setHost("localhost");
> >>>>         sshGitComponent.setPort(22);
> >>>>         sshGitComponent.setUsername("git");
> >>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new
> >>>> String[]{"gitkeys/mykey.pem"}));
> >>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
> >>>>
> >>>>         getContext().removeComponent("ssh");
> >>>>         getContext().addComponent("ssh", sshGitComponent);
> >>>>
> >>>>         from("cxfrs:bean:gitServer")
> >>>>                 .routeId("GitRoutes")
> >>>>                 .choice()
> >>>>
> >>>>
> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
> >>>>                     .setBody(constant("info"))
> >>>>                     .to("ssh:git@localhost");
> >>>>
> >>>> Why the removeComponent and the addComponent? I'd like to add new
> >>>> instance of SshComponent, under different id, but when I do that,
> >>>> Camel stucks on start, trying to find this new component…so I'm doing
> >>>> something wrong there probably…
> >>>>
> >>>> In src/main/resources/gitkeys/mykey.pem is the key…but as I said,
it
> >>>> doesn't work for me, or I missed the correct combination…I tried also
> >>>> classpath and file prefix, but no luck.
> >>>>
> >>>> The unit test works fine…problem is in the OSGi I guess…some classpath
> >>>> issue? I don't know, I have quite a headache from this already, need
a
> >>>> break.
> >>>>
> >>>>
> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.com
> >wrote:
> >>>>
> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský
> >>>>> <martin.stiborsky@gmail.com> wrote:
> >>>>> > Still one problem…the unit test was fine, but now in OSGi
> environment,
> >>>>> > there are more troubles…
> >>>>> > Is there some trick how to get resource from a bundle? I can't
get
> a
> >>>>> > reference to the key file stored in src/main/resources :(
> >>>>> >
> >>>>>
> >>>>> I guess maybe camel-ssh should load the cert file like we do in
other
> >>>>> components using ResourceHelper.
> >>>>> Then we can load from classpath (osgi and the rest of the world),
> files
> >>>>> etc.
> >>>>>
> >>>>> eg prefix with classpath: or file:
> >>>>>
> >>>>>
> >>>>> >
> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský <
> >>>>> > martin.stiborsky@gmail.com> wrote:
> >>>>> >
> >>>>> >> I can try help there as well. I was looking for a chance
to make
> my
> >>>>> "first
> >>>>> >> camel commit" anyway :)
> >>>>> >>
> >>>>> >>
> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton <
> scott@cranton.com>
> >>>>> wrote:
> >>>>> >>
> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does
need some
> >>>>> >>> attention. Thanks for the feedback, and I look forward
to seeing
> >>>>> your
> >>>>> >>> suggested updates to the doc.
> >>>>> >>>
> >>>>> >>> The certFilename is just a shorthand for creating a
> >>>>> >>> FileKeyPairProvider, which is identical to what the
> >>>>> >>> SshComponentSecurityTest is doing
> >>>>> >>>
> >>>>> >>>     sshComponent.setKeyPairProvider(new FileKeyPairProvider(new
> >>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
> >>>>> >>>
> >>>>> >>> but I see in the tests, I'm using the same resource
for both
> >>>>> producer
> >>>>> >>> and consumer, so to your point about when public key,
when
> private,
> >>>>> I
> >>>>> >>> should check that, update the tests, and most importantly
update
> the
> >>>>> >>> docs as it isn't clear...
> >>>>> >>>
> >>>>> >>> Thanks,
> >>>>> >>> Scott
> >>>>> >>>
> >>>>> >>>
> >>>>> >>>
> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborský
> >>>>> >>> <martin.stiborsky@gmail.com> wrote:
> >>>>> >>> > As usually, problem solved few minutes after I
posted this
> "call
> >>>>> for
> >>>>> >>> help
> >>>>> >>> > message".
> >>>>> >>> > Really there was a problem with loading the private
key from
> >>>>> resources.
> >>>>> >>> >
> >>>>> >>> > Now it works...my next message will be about updating
the
> >>>>> camel-ssh
> >>>>> >>> wiki :)
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborský
<
> >>>>> >>> > martin.stiborsky@gmail.com> wrote:
> >>>>> >>> >
> >>>>> >>> >> Hello guys,
> >>>>> >>> >> I need to use camel-ssh in my route, also,
I need
> authentication
> >>>>> with
> >>>>> >>> SSH
> >>>>> >>> >> keys to the remote server.
> >>>>> >>> >> I can't figure out how to configure the SSH
producer in Camel.
> >>>>> >>> >>
> >>>>> >>> >> Now I started digging in camel-ssh source
codes, but that is a
> >>>>> long
> >>>>> >>> trip
> >>>>> >>> >> for me right now :(
> >>>>> >>> >>
> >>>>> >>> >> First of all, I'm not sure, what is difference
between
> >>>>> "certFilename"
> >>>>> >>> and
> >>>>> >>> >> "keyPairProvider" options for the ssh endpoint?
> >>>>> >>> >>
> >>>>> >>> >> Then, the private key have to be provided
for the ssh
> endpoint,
> >>>>> right?
> >>>>> >>> The
> >>>>> >>> >> public key is configured on the remote server
account...
> >>>>> >>> >> Also, in which format the SSH private key
should be? PEM?
> >>>>> >>> >> Like this?
> >>>>> >>> >>
> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem
> id_rsa.pem
> >>>>> >>> >>
> >>>>> >>> >> I guess so, because it's like this here:
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem
> >>>>> >>> >>
> >>>>> >>> >> I'm not even sure if the key is loaded properly
in the Java
> code
> >>>>> from
> >>>>> >>> >> resources directory, because the exception
I see there is:
> >>>>> >>> >>
> >>>>> >>> >> ==========
> >>>>> >>> >> Caused by: java.io.IOException: Error performing
public key
> >>>>> >>> authentication
> >>>>> >>> >> at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86)
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146)
> >>>>> >>> >> at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113)
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>>
> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
> >>>>> >>> >> ... 72 more
> >>>>> >>> >> Caused by: java.lang.NullPointerException
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59)
> >>>>> >>> >> ... 75 more
> >>>>> >>> >> ==========
> >>>>> >>> >>
> >>>>> >>> >> Note the NullPointerException ...
> >>>>> >>> >>
> >>>>> >>> >> But I tried to follow this (
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
> >>>>> )
> >>>>> >>> test,
> >>>>> >>> >> so I guess it should work...
> >>>>> >>> >>
> >>>>> >>> >> Could you give me at least some hint?
> >>>>> >>> >> I promise I'll extend Camel wiki related to
this topic
> >>>>> definitely :P
> >>>>> >>> >>
> >>>>> >>> >> --
> >>>>> >>> >> S pozdravem / Best regards
> >>>>> >>> >> Martin Stiborský
> >>>>> >>> >>
> >>>>> >>> >> Jabber: stibi@njs.netlab.cz
> >>>>> >>> >> Twitter: http://www.twitter.com/stibi
> >>>>> >>> >>
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> > --
> >>>>> >>> > S pozdravem / Best regards
> >>>>> >>> > Martin Stiborský
> >>>>> >>> >
> >>>>> >>> > Jabber: stibi@njs.netlab.cz
> >>>>> >>> > Twitter: http://www.twitter.com/stibi
> >>>>> >>>
> >>>>> >>
> >>>>> >>
> >>>>> >>
> >>>>> >> --
> >>>>> >> S pozdravem / Best regards
> >>>>> >> Martin Stiborský
> >>>>> >>
> >>>>> >> Jabber: stibi@njs.netlab.cz
> >>>>> >> Twitter: http://www.twitter.com/stibi
> >>>>> >>
> >>>>> >
> >>>>> >
> >>>>> >
> >>>>> > --
> >>>>> > S pozdravem / Best regards
> >>>>> > Martin Stiborský
> >>>>> >
> >>>>> > Jabber: stibi@njs.netlab.cz
> >>>>> > Twitter: http://www.twitter.com/stibi
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Claus Ibsen
> >>>>> -----------------
> >>>>> Red Hat, Inc.
> >>>>> FuseSource is now part of Red Hat
> >>>>> Email: cibsen@redhat.com
> >>>>> Web: http://fusesource.com
> >>>>> Twitter: davsclaus
> >>>>> Blog: http://davsclaus.com
> >>>>> Author of Camel in Action: http://www.manning.com/ibsen
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> S pozdravem / Best regards
> >>>> Martin Stiborský
> >>>>
> >>>> Jabber: stibi@njs.netlab.cz
> >>>> Twitter: http://www.twitter.com/stibi
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> S pozdravem / Best regards
> >>> Martin Stiborský
> >>>
> >>> Jabber: stibi@njs.netlab.cz
> >>> Twitter: http://www.twitter.com/stibi
> >>>
> >>
> >>
> >>
> >> --
> >> S pozdravem / Best regards
> >> Martin Stiborský
> >>
> >> Jabber: stibi@njs.netlab.cz
> >> Twitter: http://www.twitter.com/stibi
> >>
> >
> >
> >
> > --
> > S pozdravem / Best regards
> > Martin Stiborský
> >
> > Jabber: stibi@njs.netlab.cz
> > Twitter: http://www.twitter.com/stibi
>



-- 
S pozdravem / Best regards
Martin Stiborský

Jabber: stibi@njs.netlab.cz
Twitter: http://www.twitter.com/stibi

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message