You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/02/17 19:32:18 UTC

[jira] [Reopened] (NIFI-1252) The FetchSFTP processor has inconsistent behavior when using public/private keys for login

     [ https://issues.apache.org/jira/browse/NIFI-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy LoPresto reopened NIFI-1252:
---------------------------------

I am re-opening this ticket and suggest adding a property to this processor to explicitly allow an empty passphrase on a private key, but by default requiring a passphrase. I think we should raise the status quo to enforce good security practices, which require a passphrase to protect this extremely sensitive data. We should instruct the user on the proper process to add a passphrase to their key if necessary. If there are legacy requirements/blockers to doing this, the administrator/dataflow manager will be required to explicitly acknowledge that this is unsafe and set the override property. As an example, this has been implemented for weak legacy cryptographic combinations in {{EncryptContent}} processor in [NIFI-1463]. This should also be done for all other uses of "private keys" throughout the application. 

> The FetchSFTP processor has inconsistent behavior when using public/private keys for login
> ------------------------------------------------------------------------------------------
>
>                 Key: NIFI-1252
>                 URL: https://issues.apache.org/jira/browse/NIFI-1252
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: David A. Wynne
>            Priority: Minor
>
> When using public/private keys for login in to a system with FetchSFTP, it requires the Private key passphrase to have a value.  The other processors that have the capability to use public/private keys do not require that the same property have a value. The FetchSFTP processor should be modified to have the same behavior. I am testing in  version NiFi-0.4.0-SNAPSHOT.
> If I put in a value for the property, it will work, it ignores the value since the key was created without a passphrase. So, it isn't a show stopper, just a little annoying.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)