You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by "Marx, Peter" <Pe...@knorr-bremse.com> on 2019/06/06 12:13:19 UTC
camel-ftp: meaning of option "UseUserKnownHostsFile" in combination
with "knownHostsUri"
Using Camel 2.23.2, I have provided a known_hosts file on classpath and refer to it in the route:
.to("sftp://user@sftpserver/out?knownHostsUri=known_hosts&privateKeyUri=privkey.pem&privateKeyPassphrase=***");
When running this, usage of knownHostsUri is confirmed, but after that it switches back to using my local user known_hosts file:
...
[06:06 13:47:08.648] [DEBUG] [org.apache.camel.component.file.remote.SftpOperations] - Using known hosts uri: known_hosts
[06:06 13:47:08.648] [INFO] [org.apache.camel.component.file.remote.SftpOperations] - Known host file not configured, using user known host file: C:\Users\marxp/.ssh/known_hosts
[06:06 13:47:08.648] [DEBUG] [org.apache.camel.component.file.remote.SftpOperations] - Using known hosts information from file: C:\Users\marxp/.ssh/known_hosts
The related code in SftpOperations.java is checking a second config setting. This is not only logged, but Camel is really using my user file and adding later the key (not shown here):
...
String knownHostsFile = sftpConfig.getKnownHostsFile();
if (knownHostsFile == null && sftpConfig.isUseUserKnownHostsFile()) {
knownHostsFile = System.getProperty("user.home") + "/.ssh/known_hosts";
LOG.info("Known host file not configured, using user known host file: {}", knownHostsFile);
...
I then added the "undocumented" option UseUserKnownHostsFile:
.to("sftp://user@sftpserver/out?knownHostsUri=known_hosts&UseUserKnownHostsFile=false&privateKeyUri=privkey.pem&privateKeyPassphrase=***");
And now only the known_hosts file on classpath is used as expected:
...
[06:06 13:55:12.749] [DEBUG] [org.apache.camel.component.file.remote.SftpOperations] - Using private key uri : privkey.pem
[06:06 13:55:14.111] [DEBUG] [org.apache.camel.component.file.remote.SftpOperations] - Using known hosts uri: known_hosts
[06:06 13:55:14.119] [DEBUG] [org.apache.camel.component.file.remote.SftpOperations] - Using StrickHostKeyChecking: no
[06:06 13:55:14.280] [WARN] [org.apache.camel.component.file.remote.SftpOperations] - JSCH -> Permanently added 'sftpserver (RSA) to the list of known hosts.
...
Why do I have to add this option ? Shouldn't specifying knownHostsUri rule out files based stuff automatically ?
Bonus question: should the target server key be written into my prepared file ? This does not happen in my target/classes/known_hosts
Peter
Knorr-Bremse Systeme für Schienenfahrzeuge GmbH
Sitz: München
Geschäftsführer: Dr. Jürgen Wilder (Vorsitzender), Mark Cleobury, Dr. Nicolas Lange, Dr. Peter Radina, Harald Schneider
Registergericht München, HR B 91 181
This transmission is intended solely for the addressee and contains confidential information.
If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like.
Re: camel-ftp: meaning of option "UseUserKnownHostsFile" in
combination with "knownHostsUri"
Posted by Alex Dettinger <al...@gmail.com>.
Hi Peter,
When CAMEL-8202 has been fixed, the isUseUserKnownHostsFile might have
been added to preserve the default behaviour across the camel 2.x line.
But then, the default value should have been false and you would not have
been impacted.
At the end of the day, setting this option to false is needed as a
workaround in camel 2.x.
However, I wonder if your idea could deserve creating a ticket against
camel-3.x.
Cheers,
Alex
<https://issues.apache.org/jira/browse/CAMEL-8202>