Mailing-List: contact users-help@camel.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@camel.apache.org
Received-SPF: pass (athena.apache.org: domain of martin.stiborsky@gmail.com
 designates 74.125.82.43 as permitted sender)
MIME-Version: 1.0
In-Reply-To: 
 <CABXXapcfvBE3WSZn9rThLd_5gZjyUOWx6WhykVLBzJFZBHM8zg@mail.gmail.com>
References: 
 <CAERHfrKp49sNcBGN1_iPaCzG5nBm5PNNkr=E=1LpUwBcnptbzQ@mail.gmail.com>
	<CAERHfrLASu3bq+qys9PDo6ok1R2u+Nwkv_eEgUhxpBdSXEpn7Q@mail.gmail.com>
	<CABXXapdeiqVvhyRPyxQiLuP=w8XhhMQDErZn7hQMtz+wJHH1gg@mail.gmail.com>
	<CAERHfrKmfjESikhX=UcoxsYp-_wf0V4Ez9PoamZjAYGKxL-kEg@mail.gmail.com>
	<CAERHfrLbnoUzytQcNJDsvZuit1SSZaxYC-ArrJ_J+ntJLsStJw@mail.gmail.com>
	<CAGB5yNnwykiGCYBXPZAZTNYOaJvQQhosP+XQ09h32De1EAesow@mail.gmail.com>
	<CAERHfrJ7y00_1DBtftibDG_j-RaTBbxAWa1oGxt4N0FFat-tcQ@mail.gmail.com>
	<CAERHfr+XcZB-q4L+dE_tZM+EBU7LbjPVLUBEng2VuXvnYtOQCg@mail.gmail.com>
	<CAERHfrK0mKNbRdKYwDFOuwxUDYaw=NiL8v9Pfh6HtMyFoCZ3cA@mail.gmail.com>
	<CAERHfrL-hyrtPhAEOfsOxvZtX=YA88b1bdNJk7Dggk9vZczVqw@mail.gmail.com>
	<CABXXapcfvBE3WSZn9rThLd_5gZjyUOWx6WhykVLBzJFZBHM8zg@mail.gmail.com>
Date: Fri, 15 Feb 2013 12:48:03 +0100
Message-ID: 
 <CAERHfrLePrvCp_2jJEU7pq1N7YFPVj0d75+RzOnE1j=oWGuQFw@mail.gmail.com>
Subject: Re: camel-ssh - SSH keys authentication
From: =?ISO-8859-1?Q?Martin_Stiborsk=FD?= <martin.stiborsky@gmail.com>
To: users@camel.apache.org
Content-Type: multipart/alternative; boundary=f46d043c8194a5b29904d5c1f28c

--f46d043c8194a5b29904d5c1f28c
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical
thing.

ResourceKeyPairProvider keyPairProvider =3D new ResourceKeyPairProvider(
                new String[]{pathToTheKey}, null,
this.getClass().getClassLoader());

And camel-crypto, as new dependency, because org.bouncycastle.openssl ...

Thanks a lot guys.


On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <scott@cranton.com> wrote:

> Have you tried setting the keyPairProvider to an instance of
> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
> should work better in OSGi, though I haven't tried it recently...
>
> Re mulitple ids: you can add multiple component instances with
> different ids (e.g. sshGit) and reference them from Camel by those
> ids.
>
> addComponent("sshGit", sshGitComponent)
>
> .to("sshGit:git@localhost)
>
> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborsk=FD
> <martin.stiborsky@gmail.com> wrote:
> > Often I found solution for a problem in few minutes after posting to
> > mailing list, so let's try the luck now :)
> >
> > Currently I'm digging in the camel-ssh, because definitely there is
> problem
> > with referencing the key file from resources.
> > The very first thing I should do was enabling debug for camel-ssh
> component
> > (surprise surprise...), because this:
> >
> > 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvide=
r
> >            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (=
No
> > such file or directory)
> >
> > I'll follow advice from Claus Ibsen and check ResourceHelper and how it
> > could be used in camel-ssh...
> >
> >
> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborsk=FD <
> > martin.stiborsky@gmail.com> wrote:
> >
> >> One more weird thing, from the log file:
> >>
> >> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionImpl
> >>            | 24 - org.apache.sshd.core - 0.8.0 | Session
> >> null@my-git.server.com/10.xx.xx.xx:22 closed
> >>
> >> The "null"=85I assume there should be username :)
> >>
> >>
> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborsk=FD <
> >> martin.stiborsky@gmail.com> wrote:
> >>
> >>> So, maybe the problem is really in the camel-ssh component, because,
> it's
> >>> possible to get the key from resources, like that:
> >>>
> >>>         from("cxfrs:bean:gitServer")
> >>>                 .routeId("GitRoutes")
> >>>                 .choice()
> >>>
> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"=
))
> >>>                 .setBody(constant("info"))
> >>>                 .process(new Processor() {
> >>>                     @Override
> >>>                     public void process(Exchange exchange) throws
> >>> Exception {
> >>>                         InputStream is =3D
> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
> >>>                         String myString =3D IOUtils.toString(is,
> "UTF-8");
> >>>
> >>>                         exchange.getOut().setBody(myString);
> >>>                     }
> >>>                 });
> >>>
> >>> So, no OSGi trouble here I guess=85
> >>>
> >>>
> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborsk=FD <
> >>> martin.stiborsky@gmail.com> wrote:
> >>>
> >>>> Ok, so camel-ssh needs some love, to make it better=85ok.
> >>>> But without modifications in camel-ssh, I'm just not able to use it
> with
> >>>> my SSH key, I tried like all possible combinations now.
> >>>>
> >>>>         SshComponent sshGitComponent =3D new SshComponent();
> >>>>         sshGitComponent.setHost("localhost");
> >>>>         sshGitComponent.setPort(22);
> >>>>         sshGitComponent.setUsername("git");
> >>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(n=
ew
> >>>> String[]{"gitkeys/mykey.pem"}));
> >>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
> >>>>
> >>>>         getContext().removeComponent("ssh");
> >>>>         getContext().addComponent("ssh", sshGitComponent);
> >>>>
> >>>>         from("cxfrs:bean:gitServer")
> >>>>                 .routeId("GitRoutes")
> >>>>                 .choice()
> >>>>
> >>>>
> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
> >>>>                     .setBody(constant("info"))
> >>>>                     .to("ssh:git@localhost");
> >>>>
> >>>> Why the removeComponent and the addComponent? I'd like to add new
> >>>> instance of SshComponent, under different id, but when I do that,
> >>>> Camel stucks on start, trying to find this new component=85so I'm do=
ing
> >>>> something wrong there probably=85
> >>>>
> >>>> In src/main/resources/gitkeys/mykey.pem is the key=85but as I said, =
it
> >>>> doesn't work for me, or I missed the correct combination=85I tried a=
lso
> >>>> classpath and file prefix, but no luck.
> >>>>
> >>>> The unit test works fine=85problem is in the OSGi I guess=85some cla=
sspath
> >>>> issue? I don't know, I have quite a headache from this already, need=
 a
> >>>> break.
> >>>>
> >>>>
> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.com
> >wrote:
> >>>>
> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborsk=FD
> >>>>> <martin.stiborsky@gmail.com> wrote:
> >>>>> > Still one problem=85the unit test was fine, but now in OSGi
> environment,
> >>>>> > there are more troubles=85
> >>>>> > Is there some trick how to get resource from a bundle? I can't ge=
t
> a
> >>>>> > reference to the key file stored in src/main/resources :(
> >>>>> >
> >>>>>
> >>>>> I guess maybe camel-ssh should load the cert file like we do in oth=
er
> >>>>> components using ResourceHelper.
> >>>>> Then we can load from classpath (osgi and the rest of the world),
> files
> >>>>> etc.
> >>>>>
> >>>>> eg prefix with classpath: or file:
> >>>>>
> >>>>>
> >>>>> >
> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborsk=FD <
> >>>>> > martin.stiborsky@gmail.com> wrote:
> >>>>> >
> >>>>> >> I can try help there as well. I was looking for a chance to make
> my
> >>>>> "first
> >>>>> >> camel commit" anyway :)
> >>>>> >>
> >>>>> >>
> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton <
> scott@cranton.com>
> >>>>> wrote:
> >>>>> >>
> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does need som=
e
> >>>>> >>> attention. Thanks for the feedback, and I look forward to seein=
g
> >>>>> your
> >>>>> >>> suggested updates to the doc.
> >>>>> >>>
> >>>>> >>> The certFilename is just a shorthand for creating a
> >>>>> >>> FileKeyPairProvider, which is identical to what the
> >>>>> >>> SshComponentSecurityTest is doing
> >>>>> >>>
> >>>>> >>>     sshComponent.setKeyPairProvider(new FileKeyPairProvider(new
> >>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
> >>>>> >>>
> >>>>> >>> but I see in the tests, I'm using the same resource for both
> >>>>> producer
> >>>>> >>> and consumer, so to your point about when public key, when
> private,
> >>>>> I
> >>>>> >>> should check that, update the tests, and most importantly updat=
e
> the
> >>>>> >>> docs as it isn't clear...
> >>>>> >>>
> >>>>> >>> Thanks,
> >>>>> >>> Scott
> >>>>> >>>
> >>>>> >>>
> >>>>> >>>
> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborsk=FD
> >>>>> >>> <martin.stiborsky@gmail.com> wrote:
> >>>>> >>> > As usually, problem solved few minutes after I posted this
> "call
> >>>>> for
> >>>>> >>> help
> >>>>> >>> > message".
> >>>>> >>> > Really there was a problem with loading the private key from
> >>>>> resources.
> >>>>> >>> >
> >>>>> >>> > Now it works...my next message will be about updating the
> >>>>> camel-ssh
> >>>>> >>> wiki :)
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborsk=FD <
> >>>>> >>> > martin.stiborsky@gmail.com> wrote:
> >>>>> >>> >
> >>>>> >>> >> Hello guys,
> >>>>> >>> >> I need to use camel-ssh in my route, also, I need
> authentication
> >>>>> with
> >>>>> >>> SSH
> >>>>> >>> >> keys to the remote server.
> >>>>> >>> >> I can't figure out how to configure the SSH producer in Came=
l.
> >>>>> >>> >>
> >>>>> >>> >> Now I started digging in camel-ssh source codes, but that is=
 a
> >>>>> long
> >>>>> >>> trip
> >>>>> >>> >> for me right now :(
> >>>>> >>> >>
> >>>>> >>> >> First of all, I'm not sure, what is difference between
> >>>>> "certFilename"
> >>>>> >>> and
> >>>>> >>> >> "keyPairProvider" options for the ssh endpoint?
> >>>>> >>> >>
> >>>>> >>> >> Then, the private key have to be provided for the ssh
> endpoint,
> >>>>> right?
> >>>>> >>> The
> >>>>> >>> >> public key is configured on the remote server account...
> >>>>> >>> >> Also, in which format the SSH private key should be? PEM?
> >>>>> >>> >> Like this?
> >>>>> >>> >>
> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
> >>>>> >>> >>
> >>>>> >>> >> I guess so, because it's like this here:
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/=
resources/hostkey.pem
> >>>>> >>> >>
> >>>>> >>> >> I'm not even sure if the key is loaded properly in the Java
> code
> >>>>> from
> >>>>> >>> >> resources directory, because the exception I see there is:
> >>>>> >>> >>
> >>>>> >>> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >>>>> >>> >> Caused by: java.io.IOException: Error performing public key
> >>>>> >>> authentication
> >>>>> >>> >> at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.ja=
va:86)
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSess=
ionImpl.java:146)
> >>>>> >>> >> at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.ja=
va:113)
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>>
> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
> >>>>> >>> >> ... 72 more
> >>>>> >>> >> Caused by: java.lang.NullPointerException
> >>>>> >>> >>  at
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.ja=
va:59)
> >>>>> >>> >> ... 75 more
> >>>>> >>> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >>>>> >>> >>
> >>>>> >>> >> Note the NullPointerException ...
> >>>>> >>> >>
> >>>>> >>> >> But I tried to follow this (
> >>>>> >>> >>
> >>>>> >>>
> >>>>>
> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/=
java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
> >>>>> )
> >>>>> >>> test,
> >>>>> >>> >> so I guess it should work...
> >>>>> >>> >>
> >>>>> >>> >> Could you give me at least some hint?
> >>>>> >>> >> I promise I'll extend Camel wiki related to this topic
> >>>>> definitely :P
> >>>>> >>> >>
> >>>>> >>> >> --
> >>>>> >>> >> S pozdravem / Best regards
> >>>>> >>> >> Martin Stiborsk=FD
> >>>>> >>> >>
> >>>>> >>> >> Jabber: stibi@njs.netlab.cz
> >>>>> >>> >> Twitter: http://www.twitter.com/stibi
> >>>>> >>> >>
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> >
> >>>>> >>> > --
> >>>>> >>> > S pozdravem / Best regards
> >>>>> >>> > Martin Stiborsk=FD
> >>>>> >>> >
> >>>>> >>> > Jabber: stibi@njs.netlab.cz
> >>>>> >>> > Twitter: http://www.twitter.com/stibi
> >>>>> >>>
> >>>>> >>
> >>>>> >>
> >>>>> >>
> >>>>> >> --
> >>>>> >> S pozdravem / Best regards
> >>>>> >> Martin Stiborsk=FD
> >>>>> >>
> >>>>> >> Jabber: stibi@njs.netlab.cz
> >>>>> >> Twitter: http://www.twitter.com/stibi
> >>>>> >>
> >>>>> >
> >>>>> >
> >>>>> >
> >>>>> > --
> >>>>> > S pozdravem / Best regards
> >>>>> > Martin Stiborsk=FD
> >>>>> >
> >>>>> > Jabber: stibi@njs.netlab.cz
> >>>>> > Twitter: http://www.twitter.com/stibi
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Claus Ibsen
> >>>>> -----------------
> >>>>> Red Hat, Inc.
> >>>>> FuseSource is now part of Red Hat
> >>>>> Email: cibsen@redhat.com
> >>>>> Web: http://fusesource.com
> >>>>> Twitter: davsclaus
> >>>>> Blog: http://davsclaus.com
> >>>>> Author of Camel in Action: http://www.manning.com/ibsen
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> S pozdravem / Best regards
> >>>> Martin Stiborsk=FD
> >>>>
> >>>> Jabber: stibi@njs.netlab.cz
> >>>> Twitter: http://www.twitter.com/stibi
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> S pozdravem / Best regards
> >>> Martin Stiborsk=FD
> >>>
> >>> Jabber: stibi@njs.netlab.cz
> >>> Twitter: http://www.twitter.com/stibi
> >>>
> >>
> >>
> >>
> >> --
> >> S pozdravem / Best regards
> >> Martin Stiborsk=FD
> >>
> >> Jabber: stibi@njs.netlab.cz
> >> Twitter: http://www.twitter.com/stibi
> >>
> >
> >
> >
> > --
> > S pozdravem / Best regards
> > Martin Stiborsk=FD
> >
> > Jabber: stibi@njs.netlab.cz
> > Twitter: http://www.twitter.com/stibi
>


--=20
S pozdravem / Best regards
Martin Stiborsk=FD

Jabber: stibi@njs.netlab.cz
Twitter: http://www.twitter.com/stibi

--f46d043c8194a5b29904d5c1f28c--