You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by je...@apache.org on 2022/08/10 19:46:07 UTC

[camel] branch main updated: CAMEL-17835: camel-sftp: Update component and migration docs.

This is an automated email from the ASF dual-hosted git repository.

jeremyross pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new 8f4b8e6b2da CAMEL-17835: camel-sftp: Update component and migration docs.
8f4b8e6b2da is described below

commit 8f4b8e6b2da12ab759ba9f3a8c09401ca62d8f43
Author: Jeremy Ross <je...@gmail.com>
AuthorDate: Wed Aug 10 12:31:58 2022 -0500

    CAMEL-17835: camel-sftp: Update component and migration docs.
    
    Include tip on restoring ssh-rsa/SHA1 for older SFTP servers.
---
 .../camel-ftp/src/main/docs/sftp-component.adoc      | 20 ++++++++++++++++++++
 .../ROOT/pages/camel-3x-upgrade-guide-3_17.adoc      |  6 ++++++
 2 files changed, 26 insertions(+)

diff --git a/components/camel-ftp/src/main/docs/sftp-component.adoc b/components/camel-ftp/src/main/docs/sftp-component.adoc
index a5953a88a96..f0f2c2fdcc7 100644
--- a/components/camel-ftp/src/main/docs/sftp-component.adoc
+++ b/components/camel-ftp/src/main/docs/sftp-component.adoc
@@ -45,6 +45,26 @@ include::partial$component-endpoint-options.adoc[]
 include::partial$component-endpoint-headers.adoc[]
 // component headers: END
 
+== Restoring Deprecated Key Types and Algorithms
+
+As of Camel 3.17.0, key types and algorithms that use SHA1 have been deprecated. These can be restored, if necessary, by setting JSch configuration directly. E.g.:
+
+[source,java]
+----
+JSch.setConfig("server_host_key",  JSch.getConfig("server_host_key") + ",ssh-rsa");
+JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");
+JSch.setConfig("kex", JSch.getConfig("kex") + ",diffie-hellman-group1-sha1,diffie-hellman-group14-sha1");
+----
+
+Note that the key types and algorithms your server supports may differ than the above example. You can use the following
+command to inspect your server's configuration:
+
+----
+ssh -vvv <server_address>
+----
+
+As of Camel 3.18.1, these values can also be set on SFTP endpoints by setting the corresponding URI parameters.
+
 == More Information
 
 For more information you can look at xref:ftp-component.adoc[FTP component]
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
index f47296b3975..6bcd3d92793 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
@@ -238,6 +238,12 @@ Notice how we must use `depends-on="VerySimple-context"` in the `cxf:cxfEndpoint
 </osgi:blueprint>
 ----
 
+=== camel-sftp
+
+The underlying JSch library has been updated (https://issues.apache.org/jira/browse/CAMEL-17835[CAMEL-17835]) to a
+more secure and actively maintained fork which has removed key types and algorithms that rely on SHA1. For
+information on how these can be restored, consult the xref:components::sftp-component.adoc#_restoring_deprecated_key_types_and_algorithms[documentation for the SFTP component].
+
 === Deprecated Components
 
 The following components that had been marked as deprecated, were removed in this release: