Mailing-List: contact users-help@camel.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@camel.apache.org
Received-SPF: neutral (athena.apache.org: local policy)
MIME-Version: 1.0
In-Reply-To: 
 <CABXXapeMb4k0Q5Ser_UWvmyRyRLCF2SfQWi6zPcDwUj35RLXRA@mail.gmail.com>
References: 
 <CAERHfrKp49sNcBGN1_iPaCzG5nBm5PNNkr=E=1LpUwBcnptbzQ@mail.gmail.com>
	<CAERHfrLASu3bq+qys9PDo6ok1R2u+Nwkv_eEgUhxpBdSXEpn7Q@mail.gmail.com>
	<CABXXapdeiqVvhyRPyxQiLuP=w8XhhMQDErZn7hQMtz+wJHH1gg@mail.gmail.com>
	<CAERHfrKmfjESikhX=UcoxsYp-_wf0V4Ez9PoamZjAYGKxL-kEg@mail.gmail.com>
	<CAERHfrLbnoUzytQcNJDsvZuit1SSZaxYC-ArrJ_J+ntJLsStJw@mail.gmail.com>
	<CAGB5yNnwykiGCYBXPZAZTNYOaJvQQhosP+XQ09h32De1EAesow@mail.gmail.com>
	<CAERHfrJ7y00_1DBtftibDG_j-RaTBbxAWa1oGxt4N0FFat-tcQ@mail.gmail.com>
	<CAERHfr+XcZB-q4L+dE_tZM+EBU7LbjPVLUBEng2VuXvnYtOQCg@mail.gmail.com>
	<CAERHfrK0mKNbRdKYwDFOuwxUDYaw=NiL8v9Pfh6HtMyFoCZ3cA@mail.gmail.com>
	<CAERHfrL-hyrtPhAEOfsOxvZtX=YA88b1bdNJk7Dggk9vZczVqw@mail.gmail.com>
	<CABXXapcfvBE3WSZn9rThLd_5gZjyUOWx6WhykVLBzJFZBHM8zg@mail.gmail.com>
	<CAERHfrLePrvCp_2jJEU7pq1N7YFPVj0d75+RzOnE1j=oWGuQFw@mail.gmail.com>
	<CABXXapeMb4k0Q5Ser_UWvmyRyRLCF2SfQWi6zPcDwUj35RLXRA@mail.gmail.com>
Date: Fri, 15 Feb 2013 15:33:37 -0500
Message-ID: 
 <CABXXapf+tmQBw6tg-oRCeUkuxjeLOWGm1S653zrc0vu9ndnCPA@mail.gmail.com>
Subject: Re: camel-ssh - SSH keys authentication
From: Scott Cranton <scott@cranton.com>
To: users@camel.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I've created an example showing camel-ssh deployed in Karaf using
classpath and file based public key security.

https://github.com/scranton/example-security-camel-ssh

I'll try to clean it up shortly, and submit to camel either updating
existing camel-ssh example, or adding as a new example...

Then look to update the doc...

On Fri, Feb 15, 2013 at 6:53 AM, Scott Cranton <scott@cranton.com> wrote:
> Excellent! thanks for the QA ;-)
>
> The camel-ssh doc clearly needs help, so any thoughts you have on how
> to update based on your recent experience would be most appreciated...
>
> On Fri, Feb 15, 2013 at 6:48 AM, Martin Stiborsk=C3=BD
> <martin.stiborsky@gmail.com> wrote:
>> Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical
>> thing.
>>
>> ResourceKeyPairProvider keyPairProvider =3D new ResourceKeyPairProvider(
>>                 new String[]{pathToTheKey}, null,
>> this.getClass().getClassLoader());
>>
>> And camel-crypto, as new dependency, because org.bouncycastle.openssl ..=
.
>>
>> Thanks a lot guys.
>>
>>
>> On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <scott@cranton.com> wrot=
e:
>>
>>> Have you tried setting the keyPairProvider to an instance of
>>> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
>>> should work better in OSGi, though I haven't tried it recently...
>>>
>>> Re mulitple ids: you can add multiple component instances with
>>> different ids (e.g. sshGit) and reference them from Camel by those
>>> ids.
>>>
>>> addComponent("sshGit", sshGitComponent)
>>>
>>> .to("sshGit:git@localhost)
>>>
>>> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborsk=C3=BD
>>> <martin.stiborsky@gmail.com> wrote:
>>> > Often I found solution for a problem in few minutes after posting to
>>> > mailing list, so let's try the luck now :)
>>> >
>>> > Currently I'm digging in the camel-ssh, because definitely there is
>>> problem
>>> > with referencing the key file from resources.
>>> > The very first thing I should do was enabling debug for camel-ssh
>>> component
>>> > (surprise surprise...), because this:
>>> >
>>> > 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvi=
der
>>> >            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
>>> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem=
 (No
>>> > such file or directory)
>>> >
>>> > I'll follow advice from Claus Ibsen and check ResourceHelper and how =
it
>>> > could be used in camel-ssh...
>>> >
>>> >
>>> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborsk=C3=BD <
>>> > martin.stiborsky@gmail.com> wrote:
>>> >
>>> >> One more weird thing, from the log file:
>>> >>
>>> >> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionIm=
pl
>>> >>            | 24 - org.apache.sshd.core - 0.8.0 | Session
>>> >> null@my-git.server.com/10.xx.xx.xx:22 closed
>>> >>
>>> >> The "null"=E2=80=A6I assume there should be username :)
>>> >>
>>> >>
>>> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborsk=C3=BD <
>>> >> martin.stiborsky@gmail.com> wrote:
>>> >>
>>> >>> So, maybe the problem is really in the camel-ssh component, because=
,
>>> it's
>>> >>> possible to get the key from resources, like that:
>>> >>>
>>> >>>         from("cxfrs:bean:gitServer")
>>> >>>                 .routeId("GitRoutes")
>>> >>>                 .choice()
>>> >>>
>>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositorie=
s"))
>>> >>>                 .setBody(constant("info"))
>>> >>>                 .process(new Processor() {
>>> >>>                     @Override
>>> >>>                     public void process(Exchange exchange) throws
>>> >>> Exception {
>>> >>>                         InputStream is =3D
>>> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
>>> >>>                         String myString =3D IOUtils.toString(is,
>>> "UTF-8");
>>> >>>
>>> >>>                         exchange.getOut().setBody(myString);
>>> >>>                     }
>>> >>>                 });
>>> >>>
>>> >>> So, no OSGi trouble here I guess=E2=80=A6
>>> >>>
>>> >>>
>>> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborsk=C3=BD <
>>> >>> martin.stiborsky@gmail.com> wrote:
>>> >>>
>>> >>>> Ok, so camel-ssh needs some love, to make it better=E2=80=A6ok.
>>> >>>> But without modifications in camel-ssh, I'm just not able to use i=
t
>>> with
>>> >>>> my SSH key, I tried like all possible combinations now.
>>> >>>>
>>> >>>>         SshComponent sshGitComponent =3D new SshComponent();
>>> >>>>         sshGitComponent.setHost("localhost");
>>> >>>>         sshGitComponent.setPort(22);
>>> >>>>         sshGitComponent.setUsername("git");
>>> >>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider=
(new
>>> >>>> String[]{"gitkeys/mykey.pem"}));
>>> >>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
>>> >>>>
>>> >>>>         getContext().removeComponent("ssh");
>>> >>>>         getContext().addComponent("ssh", sshGitComponent);
>>> >>>>
>>> >>>>         from("cxfrs:bean:gitServer")
>>> >>>>                 .routeId("GitRoutes")
>>> >>>>                 .choice()
>>> >>>>
>>> >>>>
>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>> >>>>                     .setBody(constant("info"))
>>> >>>>                     .to("ssh:git@localhost");
>>> >>>>
>>> >>>> Why the removeComponent and the addComponent? I'd like to add new
>>> >>>> instance of SshComponent, under different id, but when I do that,
>>> >>>> Camel stucks on start, trying to find this new component=E2=80=A6s=
o I'm doing
>>> >>>> something wrong there probably=E2=80=A6
>>> >>>>
>>> >>>> In src/main/resources/gitkeys/mykey.pem is the key=E2=80=A6but as =
I said, it
>>> >>>> doesn't work for me, or I missed the correct combination=E2=80=A6I=
 tried also
>>> >>>> classpath and file prefix, but no luck.
>>> >>>>
>>> >>>> The unit test works fine=E2=80=A6problem is in the OSGi I guess=E2=
=80=A6some classpath
>>> >>>> issue? I don't know, I have quite a headache from this already, ne=
ed a
>>> >>>> break.
>>> >>>>
>>> >>>>
>>> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.co=
m
>>> >wrote:
>>> >>>>
>>> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborsk=C3=BD
>>> >>>>> <martin.stiborsky@gmail.com> wrote:
>>> >>>>> > Still one problem=E2=80=A6the unit test was fine, but now in OS=
Gi
>>> environment,
>>> >>>>> > there are more troubles=E2=80=A6
>>> >>>>> > Is there some trick how to get resource from a bundle? I can't =
get
>>> a
>>> >>>>> > reference to the key file stored in src/main/resources :(
>>> >>>>> >
>>> >>>>>
>>> >>>>> I guess maybe camel-ssh should load the cert file like we do in o=
ther
>>> >>>>> components using ResourceHelper.
>>> >>>>> Then we can load from classpath (osgi and the rest of the world),
>>> files
>>> >>>>> etc.
>>> >>>>>
>>> >>>>> eg prefix with classpath: or file:
>>> >>>>>
>>> >>>>>
>>> >>>>> >
>>> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborsk=C3=BD <
>>> >>>>> > martin.stiborsky@gmail.com> wrote:
>>> >>>>> >
>>> >>>>> >> I can try help there as well. I was looking for a chance to ma=
ke
>>> my
>>> >>>>> "first
>>> >>>>> >> camel commit" anyway :)
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton <
>>> scott@cranton.com>
>>> >>>>> wrote:
>>> >>>>> >>
>>> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does need s=
ome
>>> >>>>> >>> attention. Thanks for the feedback, and I look forward to see=
ing
>>> >>>>> your
>>> >>>>> >>> suggested updates to the doc.
>>> >>>>> >>>
>>> >>>>> >>> The certFilename is just a shorthand for creating a
>>> >>>>> >>> FileKeyPairProvider, which is identical to what the
>>> >>>>> >>> SshComponentSecurityTest is doing
>>> >>>>> >>>
>>> >>>>> >>>     sshComponent.setKeyPairProvider(new FileKeyPairProvider(n=
ew
>>> >>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
>>> >>>>> >>>
>>> >>>>> >>> but I see in the tests, I'm using the same resource for both
>>> >>>>> producer
>>> >>>>> >>> and consumer, so to your point about when public key, when
>>> private,
>>> >>>>> I
>>> >>>>> >>> should check that, update the tests, and most importantly upd=
ate
>>> the
>>> >>>>> >>> docs as it isn't clear...
>>> >>>>> >>>
>>> >>>>> >>> Thanks,
>>> >>>>> >>> Scott
>>> >>>>> >>>
>>> >>>>> >>>
>>> >>>>> >>>
>>> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborsk=C3=BD
>>> >>>>> >>> <martin.stiborsky@gmail.com> wrote:
>>> >>>>> >>> > As usually, problem solved few minutes after I posted this
>>> "call
>>> >>>>> for
>>> >>>>> >>> help
>>> >>>>> >>> > message".
>>> >>>>> >>> > Really there was a problem with loading the private key fro=
m
>>> >>>>> resources.
>>> >>>>> >>> >
>>> >>>>> >>> > Now it works...my next message will be about updating the
>>> >>>>> camel-ssh
>>> >>>>> >>> wiki :)
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborsk=C3=BD <
>>> >>>>> >>> > martin.stiborsky@gmail.com> wrote:
>>> >>>>> >>> >
>>> >>>>> >>> >> Hello guys,
>>> >>>>> >>> >> I need to use camel-ssh in my route, also, I need
>>> authentication
>>> >>>>> with
>>> >>>>> >>> SSH
>>> >>>>> >>> >> keys to the remote server.
>>> >>>>> >>> >> I can't figure out how to configure the SSH producer in Ca=
mel.
>>> >>>>> >>> >>
>>> >>>>> >>> >> Now I started digging in camel-ssh source codes, but that =
is a
>>> >>>>> long
>>> >>>>> >>> trip
>>> >>>>> >>> >> for me right now :(
>>> >>>>> >>> >>
>>> >>>>> >>> >> First of all, I'm not sure, what is difference between
>>> >>>>> "certFilename"
>>> >>>>> >>> and
>>> >>>>> >>> >> "keyPairProvider" options for the ssh endpoint?
>>> >>>>> >>> >>
>>> >>>>> >>> >> Then, the private key have to be provided for the ssh
>>> endpoint,
>>> >>>>> right?
>>> >>>>> >>> The
>>> >>>>> >>> >> public key is configured on the remote server account...
>>> >>>>> >>> >> Also, in which format the SSH private key should be? PEM?
>>> >>>>> >>> >> Like this?
>>> >>>>> >>> >>
>>> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
>>> >>>>> >>> >>
>>> >>>>> >>> >> I guess so, because it's like this here:
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/tes=
t/resources/hostkey.pem
>>> >>>>> >>> >>
>>> >>>>> >>> >> I'm not even sure if the key is loaded properly in the Jav=
a
>>> code
>>> >>>>> from
>>> >>>>> >>> >> resources directory, because the exception I see there is:
>>> >>>>> >>> >>
>>> >>>>> >>> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>> >>>>> >>> >> Caused by: java.io.IOException: Error performing public ke=
y
>>> >>>>> >>> authentication
>>> >>>>> >>> >> at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.=
java:86)
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSe=
ssionImpl.java:146)
>>> >>>>> >>> >> at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.=
java:113)
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>>
>>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
>>> >>>>> >>> >> ... 72 more
>>> >>>>> >>> >> Caused by: java.lang.NullPointerException
>>> >>>>> >>> >>  at
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.=
java:59)
>>> >>>>> >>> >> ... 75 more
>>> >>>>> >>> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>> >>>>> >>> >>
>>> >>>>> >>> >> Note the NullPointerException ...
>>> >>>>> >>> >>
>>> >>>>> >>> >> But I tried to follow this (
>>> >>>>> >>> >>
>>> >>>>> >>>
>>> >>>>>
>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/tes=
t/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
>>> >>>>> )
>>> >>>>> >>> test,
>>> >>>>> >>> >> so I guess it should work...
>>> >>>>> >>> >>
>>> >>>>> >>> >> Could you give me at least some hint?
>>> >>>>> >>> >> I promise I'll extend Camel wiki related to this topic
>>> >>>>> definitely :P
>>> >>>>> >>> >>
>>> >>>>> >>> >> --
>>> >>>>> >>> >> S pozdravem / Best regards
>>> >>>>> >>> >> Martin Stiborsk=C3=BD
>>> >>>>> >>> >>
>>> >>>>> >>> >> Jabber: stibi@njs.netlab.cz
>>> >>>>> >>> >> Twitter: http://www.twitter.com/stibi
>>> >>>>> >>> >>
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> >
>>> >>>>> >>> > --
>>> >>>>> >>> > S pozdravem / Best regards
>>> >>>>> >>> > Martin Stiborsk=C3=BD
>>> >>>>> >>> >
>>> >>>>> >>> > Jabber: stibi@njs.netlab.cz
>>> >>>>> >>> > Twitter: http://www.twitter.com/stibi
>>> >>>>> >>>
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >>
>>> >>>>> >> --
>>> >>>>> >> S pozdravem / Best regards
>>> >>>>> >> Martin Stiborsk=C3=BD
>>> >>>>> >>
>>> >>>>> >> Jabber: stibi@njs.netlab.cz
>>> >>>>> >> Twitter: http://www.twitter.com/stibi
>>> >>>>> >>
>>> >>>>> >
>>> >>>>> >
>>> >>>>> >
>>> >>>>> > --
>>> >>>>> > S pozdravem / Best regards
>>> >>>>> > Martin Stiborsk=C3=BD
>>> >>>>> >
>>> >>>>> > Jabber: stibi@njs.netlab.cz
>>> >>>>> > Twitter: http://www.twitter.com/stibi
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> --
>>> >>>>> Claus Ibsen
>>> >>>>> -----------------
>>> >>>>> Red Hat, Inc.
>>> >>>>> FuseSource is now part of Red Hat
>>> >>>>> Email: cibsen@redhat.com
>>> >>>>> Web: http://fusesource.com
>>> >>>>> Twitter: davsclaus
>>> >>>>> Blog: http://davsclaus.com
>>> >>>>> Author of Camel in Action: http://www.manning.com/ibsen
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> --
>>> >>>> S pozdravem / Best regards
>>> >>>> Martin Stiborsk=C3=BD
>>> >>>>
>>> >>>> Jabber: stibi@njs.netlab.cz
>>> >>>> Twitter: http://www.twitter.com/stibi
>>> >>>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> S pozdravem / Best regards
>>> >>> Martin Stiborsk=C3=BD
>>> >>>
>>> >>> Jabber: stibi@njs.netlab.cz
>>> >>> Twitter: http://www.twitter.com/stibi
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> S pozdravem / Best regards
>>> >> Martin Stiborsk=C3=BD
>>> >>
>>> >> Jabber: stibi@njs.netlab.cz
>>> >> Twitter: http://www.twitter.com/stibi
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > S pozdravem / Best regards
>>> > Martin Stiborsk=C3=BD
>>> >
>>> > Jabber: stibi@njs.netlab.cz
>>> > Twitter: http://www.twitter.com/stibi
>>>
>>
>>
>>
>> --
>> S pozdravem / Best regards
>> Martin Stiborsk=C3=BD
>>
>> Jabber: stibi@njs.netlab.cz
>> Twitter: http://www.twitter.com/stibi