commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary D. Gregory (JIRA)" <>
Subject [jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase
Date Thu, 17 May 2012 15:16:08 GMT


Gary D. Gregory commented on VFS-283:

Hello again,

I looked at the proposed patch and this seems like the wrong approach. We should never store
passwords. Instead the VFS user authenticator framework should be used.

What I am not sure about yet is if we should enhance the UA framework with private key and
public key fields like this:

Index: src/main/java/org/apache/commons/vfs2/
--- src/main/java/org/apache/commons/vfs2/	(revision 1339616)
+++ src/main/java/org/apache/commons/vfs2/	(working copy)
@@ -100,6 +100,12 @@
     /** The user's domain. */
     public static final Type DOMAIN = new Type("domain");
+    /** The user's private key. */
+    public static final Type PRIVATE_KEY = new Type("privateKey");
+    /** The user's public key. */
+    public static final Type PUBLIC_KEY = new Type("publicKey");
     /** The authentication data. */
     private final Map<Type, char[]> authenticationData = new TreeMap<Type, char[]>();

And change the way the SFTP provider works to make it use UA for the key files instead of
saving a reference in the config object.

It seems to me like the best security would use UA for all of this, private key file path
AND password.

To be continued...

> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>                 Key: VFS-283
>                 URL:
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch
> It is not possible to authenticate an SFTP connection with public key authentication
if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals
with pas phrases.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message