Return-Path: X-Original-To: apmail-commons-issues-archive@minotaur.apache.org Delivered-To: apmail-commons-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5D88D9223 for ; Thu, 24 Nov 2011 16:28:05 +0000 (UTC) Received: (qmail 93150 invoked by uid 500); 24 Nov 2011 16:28:04 -0000 Delivered-To: apmail-commons-issues-archive@commons.apache.org Received: (qmail 93050 invoked by uid 500); 24 Nov 2011 16:28:04 -0000 Mailing-List: contact issues-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: issues@commons.apache.org Delivered-To: mailing list issues@commons.apache.org Received: (qmail 93002 invoked by uid 99); 24 Nov 2011 16:28:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 16:28:04 +0000 X-ASF-Spam-Status: No, hits=-2001.2 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 16:28:01 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 4DD8B9CD5F for ; Thu, 24 Nov 2011 16:27:40 +0000 (UTC) Date: Thu, 24 Nov 2011 16:27:40 +0000 (UTC) From: "Mevlut Evren Tekin (Issue Comment Edited) (JIRA)" To: issues@commons.apache.org Message-ID: <1100408995.10136.1322152060320.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Issue Comment Edited] (VFS-283) SFTP can not use private keys protected by pass phrase MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156793#comment-13156793 ] Mevlut Evren Tekin edited comment on VFS-283 at 11/24/11 4:26 PM: ------------------------------------------------------------------ I have just submitted a patch. I tried to make sure it remained backward compatible by leaving the existing method names and interfaces unchanged. There are two new methods in SftpFileSystemConfigBuilder class(see below for further details) to allow added passphrase support. I have changed the datatype for identities from File[] to LinkedHashMap to allow storing and retrieving privateKeyFile-passphrase pairings. Two new methods - setIdentityPairs and getIdentityPairs - have been added to the SftpFileSystemConfigBuilder class to allow passphrase support for publickey authentication. Existing setIdentity and getIdentity methods still accepts and returns File[] datatype as before. However their implementations have been updated to do the conversion between File[] and the new LinkedHashMap datatypes within the method bodies. identities variable in createConnection method in SftpClientFactory class is now defined as Map datatype instead of File[] datatype for the added passphrase support. If an identity is setup without a passphrase as existing applications would do using the old SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[] identities) method, then the method would call jsch.addIdentity(String prvkey) as before. If there is a passphrase attached to the key file using the new SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions opts, LinkedHashMap pairs) method, then jsch.addIdentity(String prvkey,String passphrase) will be appropriately called. was (Author: evrentekin): I have just submitted a patch. I tried to make sure it remained backward compatible by leaving the existing method names and interfaces unchanged. There are two new methods in SftpFileSystemConfigBuilder class(see below for further details) to allow added passphrase support. I have changed the datatype for identities from File[] to LinkedHashMap to allow storing and retrieving privateKeyFile-passphrase pairings. Two new methods -setIdentityPairs and getIdentityPairs- have been added to the SftpFileSystemConfigBuilder class to allow passphrase support for publickey authentication. Existing setIdentity and getIdentity methods still accepts and returns File[] datatype as before. However their implementations have been updated to do the conversion between File[] and the new LinkedHashMap datatypes within the method bodies. identities variable in createConnection method in SftpClientFactory class is now defined as Map datatype instead of File[] datatype for the added passphrase support. If an identity is setup without a passphrase as existing applications would do using the old SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[] identities) method, then the method would call jsch.addIdentity(String prvkey) as before. If there is a passphrase attached to the key file using the new SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions opts, LinkedHashMap pairs) method, then jsch.addIdentity(String prvkey,String passphrase) will be appropriately called. > SFTP can not use private keys protected by pass phrase > ------------------------------------------------------ > > Key: VFS-283 > URL: https://issues.apache.org/jira/browse/VFS-283 > Project: Commons VFS > Issue Type: Improvement > Affects Versions: 1.0 > Environment: Java client running on Windows XP. OpenSSH server running on CentOS Linux. > Reporter: Torben Putkonen > Attachments: vfs-283.patch > > > It is not possible to authenticate an SFTP connection with public key authentication if the private key is protected by a pass phrase. > There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals with pas phrases. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira