camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: camel-ssh - SSH keys authentication
Date Sat, 02 Mar 2013 17:46:11 GMT
Hi

I logged a ticket to make this easier out of the box
https://issues.apache.org/jira/browse/CAMEL-6120

On Fri, Feb 15, 2013 at 9:33 PM, Scott Cranton <scott@cranton.com> wrote:
> I've created an example showing camel-ssh deployed in Karaf using
> classpath and file based public key security.
>
> https://github.com/scranton/example-security-camel-ssh
>
> I'll try to clean it up shortly, and submit to camel either updating
> existing camel-ssh example, or adding as a new example...
>
> Then look to update the doc...
>
> On Fri, Feb 15, 2013 at 6:53 AM, Scott Cranton <scott@cranton.com> wrote:
>> Excellent! thanks for the QA ;-)
>>
>> The camel-ssh doc clearly needs help, so any thoughts you have on how
>> to update based on your recent experience would be most appreciated...
>>
>> On Fri, Feb 15, 2013 at 6:48 AM, Martin Stiborský
>> <martin.stiborsky@gmail.com> wrote:
>>> Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical
>>> thing.
>>>
>>> ResourceKeyPairProvider keyPairProvider = new ResourceKeyPairProvider(
>>>                 new String[]{pathToTheKey}, null,
>>> this.getClass().getClassLoader());
>>>
>>> And camel-crypto, as new dependency, because org.bouncycastle.openssl ...
>>>
>>> Thanks a lot guys.
>>>
>>>
>>> On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <scott@cranton.com> wrote:
>>>
>>>> Have you tried setting the keyPairProvider to an instance of
>>>> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That
>>>> should work better in OSGi, though I haven't tried it recently...
>>>>
>>>> Re mulitple ids: you can add multiple component instances with
>>>> different ids (e.g. sshGit) and reference them from Camel by those
>>>> ids.
>>>>
>>>> addComponent("sshGit", sshGitComponent)
>>>>
>>>> .to("sshGit:git@localhost)
>>>>
>>>> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský
>>>> <martin.stiborsky@gmail.com> wrote:
>>>> > Often I found solution for a problem in few minutes after posting to
>>>> > mailing list, so let's try the luck now :)
>>>> >
>>>> > Currently I'm digging in the camel-ssh, because definitely there is
>>>> problem
>>>> > with referencing the key file from resources.
>>>> > The very first thing I should do was enabling debug for camel-ssh
>>>> component
>>>> > (surprise surprise...), because this:
>>>> >
>>>> > 2013-02-15 10:21:46,261 | INFO  | qtp724367630-92  | FileKeyPairProvider
>>>> >            | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key
>>>> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem
(No
>>>> > such file or directory)
>>>> >
>>>> > I'll follow advice from Claus Ibsen and check ResourceHelper and how
it
>>>> > could be used in camel-ssh...
>>>> >
>>>> >
>>>> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský <
>>>> > martin.stiborsky@gmail.com> wrote:
>>>> >
>>>> >> One more weird thing, from the log file:
>>>> >>
>>>> >> 2013-02-15 08:58:22,582 | INFO  | NioProcessor-21  | ClientSessionImpl
>>>> >>            | 24 - org.apache.sshd.core - 0.8.0 | Session
>>>> >> null@my-git.server.com/10.xx.xx.xx:22 closed
>>>> >>
>>>> >> The "null"…I assume there should be username :)
>>>> >>
>>>> >>
>>>> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský <
>>>> >> martin.stiborsky@gmail.com> wrote:
>>>> >>
>>>> >>> So, maybe the problem is really in the camel-ssh component,
because,
>>>> it's
>>>> >>> possible to get the key from resources, like that:
>>>> >>>
>>>> >>>         from("cxfrs:bean:gitServer")
>>>> >>>                 .routeId("GitRoutes")
>>>> >>>                 .choice()
>>>> >>>
>>>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>>> >>>                 .setBody(constant("info"))
>>>> >>>                 .process(new Processor() {
>>>> >>>                     @Override
>>>> >>>                     public void process(Exchange exchange) throws
>>>> >>> Exception {
>>>> >>>                         InputStream is =
>>>> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem");
>>>> >>>                         String myString = IOUtils.toString(is,
>>>> "UTF-8");
>>>> >>>
>>>> >>>                         exchange.getOut().setBody(myString);
>>>> >>>                     }
>>>> >>>                 });
>>>> >>>
>>>> >>> So, no OSGi trouble here I guess…
>>>> >>>
>>>> >>>
>>>> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský <
>>>> >>> martin.stiborsky@gmail.com> wrote:
>>>> >>>
>>>> >>>> Ok, so camel-ssh needs some love, to make it better…ok.
>>>> >>>> But without modifications in camel-ssh, I'm just not able
to use it
>>>> with
>>>> >>>> my SSH key, I tried like all possible combinations now.
>>>> >>>>
>>>> >>>>         SshComponent sshGitComponent = new SshComponent();
>>>> >>>>         sshGitComponent.setHost("localhost");
>>>> >>>>         sshGitComponent.setPort(22);
>>>> >>>>         sshGitComponent.setUsername("git");
>>>> >>>>         sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new
>>>> >>>> String[]{"gitkeys/mykey.pem"}));
>>>> >>>>         sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA);
>>>> >>>>
>>>> >>>>         getContext().removeComponent("ssh");
>>>> >>>>         getContext().addComponent("ssh", sshGitComponent);
>>>> >>>>
>>>> >>>>         from("cxfrs:bean:gitServer")
>>>> >>>>                 .routeId("GitRoutes")
>>>> >>>>                 .choice()
>>>> >>>>
>>>> >>>>
>>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories"))
>>>> >>>>                     .setBody(constant("info"))
>>>> >>>>                     .to("ssh:git@localhost");
>>>> >>>>
>>>> >>>> Why the removeComponent and the addComponent? I'd like to
add new
>>>> >>>> instance of SshComponent, under different id, but when I
do that,
>>>> >>>> Camel stucks on start, trying to find this new component…so
I'm doing
>>>> >>>> something wrong there probably…
>>>> >>>>
>>>> >>>> In src/main/resources/gitkeys/mykey.pem is the key…but
as I said, it
>>>> >>>> doesn't work for me, or I missed the correct combination…I
tried also
>>>> >>>> classpath and file prefix, but no luck.
>>>> >>>>
>>>> >>>> The unit test works fine…problem is in the OSGi I guess…some
classpath
>>>> >>>> issue? I don't know, I have quite a headache from this already,
need a
>>>> >>>> break.
>>>> >>>>
>>>> >>>>
>>>> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ibsen@gmail.com
>>>> >wrote:
>>>> >>>>
>>>> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský
>>>> >>>>> <martin.stiborsky@gmail.com> wrote:
>>>> >>>>> > Still one problem…the unit test was fine, but
now in OSGi
>>>> environment,
>>>> >>>>> > there are more troubles…
>>>> >>>>> > Is there some trick how to get resource from a
bundle? I can't get
>>>> a
>>>> >>>>> > reference to the key file stored in src/main/resources
:(
>>>> >>>>> >
>>>> >>>>>
>>>> >>>>> I guess maybe camel-ssh should load the cert file like
we do in other
>>>> >>>>> components using ResourceHelper.
>>>> >>>>> Then we can load from classpath (osgi and the rest of
the world),
>>>> files
>>>> >>>>> etc.
>>>> >>>>>
>>>> >>>>> eg prefix with classpath: or file:
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> >
>>>> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský
<
>>>> >>>>> > martin.stiborsky@gmail.com> wrote:
>>>> >>>>> >
>>>> >>>>> >> I can try help there as well. I was looking
for a chance to make
>>>> my
>>>> >>>>> "first
>>>> >>>>> >> camel commit" anyway :)
>>>> >>>>> >>
>>>> >>>>> >>
>>>> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton
<
>>>> scott@cranton.com>
>>>> >>>>> wrote:
>>>> >>>>> >>
>>>> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh
page does need some
>>>> >>>>> >>> attention. Thanks for the feedback, and
I look forward to seeing
>>>> >>>>> your
>>>> >>>>> >>> suggested updates to the doc.
>>>> >>>>> >>>
>>>> >>>>> >>> The certFilename is just a shorthand for
creating a
>>>> >>>>> >>> FileKeyPairProvider, which is identical
to what the
>>>> >>>>> >>> SshComponentSecurityTest is doing
>>>> >>>>> >>>
>>>> >>>>> >>>     sshComponent.setKeyPairProvider(new
FileKeyPairProvider(new
>>>> >>>>> >>> String[]{"src/test/resources/hostkey.pem"}));
>>>> >>>>> >>>
>>>> >>>>> >>> but I see in the tests, I'm using the same
resource for both
>>>> >>>>> producer
>>>> >>>>> >>> and consumer, so to your point about when
public key, when
>>>> private,
>>>> >>>>> I
>>>> >>>>> >>> should check that, update the tests, and
most importantly update
>>>> the
>>>> >>>>> >>> docs as it isn't clear...
>>>> >>>>> >>>
>>>> >>>>> >>> Thanks,
>>>> >>>>> >>> Scott
>>>> >>>>> >>>
>>>> >>>>> >>>
>>>> >>>>> >>>
>>>> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin
Stiborský
>>>> >>>>> >>> <martin.stiborsky@gmail.com> wrote:
>>>> >>>>> >>> > As usually, problem solved few minutes
after I posted this
>>>> "call
>>>> >>>>> for
>>>> >>>>> >>> help
>>>> >>>>> >>> > message".
>>>> >>>>> >>> > Really there was a problem with loading
the private key from
>>>> >>>>> resources.
>>>> >>>>> >>> >
>>>> >>>>> >>> > Now it works...my next message will
be about updating the
>>>> >>>>> camel-ssh
>>>> >>>>> >>> wiki :)
>>>> >>>>> >>> >
>>>> >>>>> >>> >
>>>> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM,
Martin Stiborský <
>>>> >>>>> >>> > martin.stiborsky@gmail.com> wrote:
>>>> >>>>> >>> >
>>>> >>>>> >>> >> Hello guys,
>>>> >>>>> >>> >> I need to use camel-ssh in my
route, also, I need
>>>> authentication
>>>> >>>>> with
>>>> >>>>> >>> SSH
>>>> >>>>> >>> >> keys to the remote server.
>>>> >>>>> >>> >> I can't figure out how to configure
the SSH producer in Camel.
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> Now I started digging in camel-ssh
source codes, but that is a
>>>> >>>>> long
>>>> >>>>> >>> trip
>>>> >>>>> >>> >> for me right now :(
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> First of all, I'm not sure, what
is difference between
>>>> >>>>> "certFilename"
>>>> >>>>> >>> and
>>>> >>>>> >>> >> "keyPairProvider" options for
the ssh endpoint?
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> Then, the private key have to
be provided for the ssh
>>>> endpoint,
>>>> >>>>> right?
>>>> >>>>> >>> The
>>>> >>>>> >>> >> public key is configured on the
remote server account...
>>>> >>>>> >>> >> Also, in which format the SSH
private key should be? PEM?
>>>> >>>>> >>> >> Like this?
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa
-outform pem > id_rsa.pem
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> I guess so, because it's like
this here:
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> I'm not even sure if the key is
loaded properly in the Java
>>>> code
>>>> >>>>> from
>>>> >>>>> >>> >> resources directory, because the
exception I see there is:
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> ==========
>>>> >>>>> >>> >> Caused by: java.io.IOException:
Error performing public key
>>>> >>>>> >>> authentication
>>>> >>>>> >>> >> at
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86)
>>>> >>>>> >>> >>  at
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146)
>>>> >>>>> >>> >> at
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113)
>>>> >>>>> >>> >>  at
>>>> >>>>> >>> >>
>>>> >>>>>
>>>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38)
>>>> >>>>> >>> >> ... 72 more
>>>> >>>>> >>> >> Caused by: java.lang.NullPointerException
>>>> >>>>> >>> >>  at
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59)
>>>> >>>>> >>> >> ... 75 more
>>>> >>>>> >>> >> ==========
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> Note the NullPointerException
...
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> But I tried to follow this (
>>>> >>>>> >>> >>
>>>> >>>>> >>>
>>>> >>>>>
>>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
>>>> >>>>> )
>>>> >>>>> >>> test,
>>>> >>>>> >>> >> so I guess it should work...
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> Could you give me at least some
hint?
>>>> >>>>> >>> >> I promise I'll extend Camel wiki
related to this topic
>>>> >>>>> definitely :P
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> --
>>>> >>>>> >>> >> S pozdravem / Best regards
>>>> >>>>> >>> >> Martin Stiborský
>>>> >>>>> >>> >>
>>>> >>>>> >>> >> Jabber: stibi@njs.netlab.cz
>>>> >>>>> >>> >> Twitter: http://www.twitter.com/stibi
>>>> >>>>> >>> >>
>>>> >>>>> >>> >
>>>> >>>>> >>> >
>>>> >>>>> >>> >
>>>> >>>>> >>> > --
>>>> >>>>> >>> > S pozdravem / Best regards
>>>> >>>>> >>> > Martin Stiborský
>>>> >>>>> >>> >
>>>> >>>>> >>> > Jabber: stibi@njs.netlab.cz
>>>> >>>>> >>> > Twitter: http://www.twitter.com/stibi
>>>> >>>>> >>>
>>>> >>>>> >>
>>>> >>>>> >>
>>>> >>>>> >>
>>>> >>>>> >> --
>>>> >>>>> >> S pozdravem / Best regards
>>>> >>>>> >> Martin Stiborský
>>>> >>>>> >>
>>>> >>>>> >> Jabber: stibi@njs.netlab.cz
>>>> >>>>> >> Twitter: http://www.twitter.com/stibi
>>>> >>>>> >>
>>>> >>>>> >
>>>> >>>>> >
>>>> >>>>> >
>>>> >>>>> > --
>>>> >>>>> > S pozdravem / Best regards
>>>> >>>>> > Martin Stiborský
>>>> >>>>> >
>>>> >>>>> > Jabber: stibi@njs.netlab.cz
>>>> >>>>> > Twitter: http://www.twitter.com/stibi
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> --
>>>> >>>>> Claus Ibsen
>>>> >>>>> -----------------
>>>> >>>>> Red Hat, Inc.
>>>> >>>>> FuseSource is now part of Red Hat
>>>> >>>>> Email: cibsen@redhat.com
>>>> >>>>> Web: http://fusesource.com
>>>> >>>>> Twitter: davsclaus
>>>> >>>>> Blog: http://davsclaus.com
>>>> >>>>> Author of Camel in Action: http://www.manning.com/ibsen
>>>> >>>>>
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> --
>>>> >>>> S pozdravem / Best regards
>>>> >>>> Martin Stiborský
>>>> >>>>
>>>> >>>> Jabber: stibi@njs.netlab.cz
>>>> >>>> Twitter: http://www.twitter.com/stibi
>>>> >>>>
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> --
>>>> >>> S pozdravem / Best regards
>>>> >>> Martin Stiborský
>>>> >>>
>>>> >>> Jabber: stibi@njs.netlab.cz
>>>> >>> Twitter: http://www.twitter.com/stibi
>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> S pozdravem / Best regards
>>>> >> Martin Stiborský
>>>> >>
>>>> >> Jabber: stibi@njs.netlab.cz
>>>> >> Twitter: http://www.twitter.com/stibi
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > S pozdravem / Best regards
>>>> > Martin Stiborský
>>>> >
>>>> > Jabber: stibi@njs.netlab.cz
>>>> > Twitter: http://www.twitter.com/stibi
>>>>
>>>
>>>
>>>
>>> --
>>> S pozdravem / Best regards
>>> Martin Stiborský
>>>
>>> Jabber: stibi@njs.netlab.cz
>>> Twitter: http://www.twitter.com/stibi



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message