commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary D. Gregory (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase
Date Thu, 17 May 2012 15:16:08 GMT

    [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13277886#comment-13277886
] 

Gary D. Gregory commented on VFS-283:
-------------------------------------

Hello again,

I looked at the proposed patch and this seems like the wrong approach. We should never store
passwords. Instead the VFS user authenticator framework should be used.

What I am not sure about yet is if we should enhance the UA framework with private key and
public key fields like this:

{code}
Index: src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java
===================================================================
--- src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java	(revision 1339616)
+++ src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java	(working copy)
@@ -100,6 +100,12 @@
     /** The user's domain. */
     public static final Type DOMAIN = new Type("domain");
 
+    /** The user's private key. */
+    public static final Type PRIVATE_KEY = new Type("privateKey");
+
+    /** The user's public key. */
+    public static final Type PUBLIC_KEY = new Type("publicKey");
+
     /** The authentication data. */
     private final Map<Type, char[]> authenticationData = new TreeMap<Type, char[]>();
 {code}

And change the way the SFTP provider works to make it use UA for the key files instead of
saving a java.io.File reference in the config object.

It seems to me like the best security would use UA for all of this, private key file path
AND password.

To be continued...

feedback?
                
> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>
>                 Key: VFS-283
>                 URL: https://issues.apache.org/jira/browse/VFS-283
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS
Linux.
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch
>
>
> It is not possible to authenticate an SFTP connection with public key authentication
if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals
with pas phrases.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message