You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by je...@apache.org on 2022/08/10 19:46:07 UTC
[camel] branch main updated: CAMEL-17835: camel-sftp: Update component and migration docs.
This is an automated email from the ASF dual-hosted git repository.
jeremyross pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 8f4b8e6b2da CAMEL-17835: camel-sftp: Update component and migration docs.
8f4b8e6b2da is described below
commit 8f4b8e6b2da12ab759ba9f3a8c09401ca62d8f43
Author: Jeremy Ross <je...@gmail.com>
AuthorDate: Wed Aug 10 12:31:58 2022 -0500
CAMEL-17835: camel-sftp: Update component and migration docs.
Include tip on restoring ssh-rsa/SHA1 for older SFTP servers.
---
.../camel-ftp/src/main/docs/sftp-component.adoc | 20 ++++++++++++++++++++
.../ROOT/pages/camel-3x-upgrade-guide-3_17.adoc | 6 ++++++
2 files changed, 26 insertions(+)
diff --git a/components/camel-ftp/src/main/docs/sftp-component.adoc b/components/camel-ftp/src/main/docs/sftp-component.adoc
index a5953a88a96..f0f2c2fdcc7 100644
--- a/components/camel-ftp/src/main/docs/sftp-component.adoc
+++ b/components/camel-ftp/src/main/docs/sftp-component.adoc
@@ -45,6 +45,26 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component headers: END
+== Restoring Deprecated Key Types and Algorithms
+
+As of Camel 3.17.0, key types and algorithms that use SHA1 have been deprecated. These can be restored, if necessary, by setting JSch configuration directly. E.g.:
+
+[source,java]
+----
+JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa");
+JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");
+JSch.setConfig("kex", JSch.getConfig("kex") + ",diffie-hellman-group1-sha1,diffie-hellman-group14-sha1");
+----
+
+Note that the key types and algorithms your server supports may differ than the above example. You can use the following
+command to inspect your server's configuration:
+
+----
+ssh -vvv <server_address>
+----
+
+As of Camel 3.18.1, these values can also be set on SFTP endpoints by setting the corresponding URI parameters.
+
== More Information
For more information you can look at xref:ftp-component.adoc[FTP component]
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
index f47296b3975..6bcd3d92793 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
@@ -238,6 +238,12 @@ Notice how we must use `depends-on="VerySimple-context"` in the `cxf:cxfEndpoint
</osgi:blueprint>
----
+=== camel-sftp
+
+The underlying JSch library has been updated (https://issues.apache.org/jira/browse/CAMEL-17835[CAMEL-17835]) to a
+more secure and actively maintained fork which has removed key types and algorithms that rely on SHA1. For
+information on how these can be restored, consult the xref:components::sftp-component.adoc#_restoring_deprecated_key_types_and_algorithms[documentation for the SFTP component].
+
=== Deprecated Components
The following components that had been marked as deprecated, were removed in this release: