commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanchez (JIRA)" <>
Subject [jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase
Date Sun, 21 Oct 2012 01:28:13 GMT


Antonio Sanchez commented on VFS-283:

The attached patch gives my solution.  I created an SftpIdentityAuthenticator interface and
object that attempts to "authenticate" a private key if it has the ability to.  This way,
you can write your own authenticator and add it to the FileSystemOptions to be used for certain
key files (for example, an interactive authenticator might prompt for a passphrase).  It uses
the existing UserAuthenticationData structure to pass around the password information.

I don't think it makes much sense to add public/private keys to UserAuthenticationData, since
no other provider uses private keys.

Here is how you might use this:

FileSystemOptions opts = new FileSystemOptions();
File sshKey = new File("private_rsa");
SftpFileSystemConfigBuilder.getInstance().setIdentities(opts, new File[]{sshKey});
SftpStaticIdentityAuthenticator keyAuth = new SftpStaticIdentityAuthenticator(sshKey, "password");
SftpFileSystemConfigBuilder.getInstance().setIdentityAuthenticators(opts, new SftpStaticIdentityAuthenticator[]
> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>                 Key: VFS-283
>                 URL:
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch, vfspassphrase.patch
> It is not possible to authenticate an SFTP connection with public key authentication
if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals
with pas phrases.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message