commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mevlut Evren Tekin (Issue Comment Edited) (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (VFS-283) SFTP can not use private keys protected by pass phrase
Date Thu, 24 Nov 2011 16:29:39 GMT

    [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156793#comment-13156793
] 

Mevlut Evren Tekin edited comment on VFS-283 at 11/24/11 4:27 PM:
------------------------------------------------------------------

I have just submitted a patch (vfs-283.patch attached). I tried to make sure it remained backward
compatible by leaving the existing method names and interfaces unchanged. There are two new
methods in SftpFileSystemConfigBuilder class(see below for further details) to allow added
passphrase support.

I have changed the datatype for identities from File[] to LinkedHashMap<File,String>
to allow storing and retrieving privateKeyFile-passphrase pairings.

Two new methods - setIdentityPairs and getIdentityPairs - have been added to the SftpFileSystemConfigBuilder
class to allow passphrase support for publickey authentication. Existing setIdentity and getIdentity
methods still accepts and returns File[] datatype as before. However their implementations
have been updated to do the conversion between File[] and the new LinkedHashMap<File,String>
datatypes within the method bodies. 

identities variable in createConnection method in SftpClientFactory class is now defined as
Map<File,String> datatype instead of File[] datatype for the added passphrase support.
If an identity is setup without a passphrase as existing applications would do using the old
SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[] identities) method,
then the method would call jsch.addIdentity(String prvkey) as before. If there is a passphrase
attached to the key file using the new SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions
opts, LinkedHashMap<File, String> pairs) method, then jsch.addIdentity(String prvkey,String
passphrase) will be appropriately called.

                
      was (Author: evrentekin):
    I have just submitted a patch. I tried to make sure it remained backward compatible by
leaving the existing method names and interfaces unchanged. There are two new methods in SftpFileSystemConfigBuilder
class(see below for further details) to allow added passphrase support.

I have changed the datatype for identities from File[] to LinkedHashMap<File,String>
to allow storing and retrieving privateKeyFile-passphrase pairings.

Two new methods - setIdentityPairs and getIdentityPairs - have been added to the SftpFileSystemConfigBuilder
class to allow passphrase support for publickey authentication. Existing setIdentity and getIdentity
methods still accepts and returns File[] datatype as before. However their implementations
have been updated to do the conversion between File[] and the new LinkedHashMap<File,String>
datatypes within the method bodies. 

identities variable in createConnection method in SftpClientFactory class is now defined as
Map<File,String> datatype instead of File[] datatype for the added passphrase support.
If an identity is setup without a passphrase as existing applications would do using the old
SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[] identities) method,
then the method would call jsch.addIdentity(String prvkey) as before. If there is a passphrase
attached to the key file using the new SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions
opts, LinkedHashMap<File, String> pairs) method, then jsch.addIdentity(String prvkey,String
passphrase) will be appropriately called.

                  
> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>
>                 Key: VFS-283
>                 URL: https://issues.apache.org/jira/browse/VFS-283
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS
Linux.
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch
>
>
> It is not possible to authenticate an SFTP connection with public key authentication
if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals
with pas phrases.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message