You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Edson Cimionatto (JIRA)" <ji...@apache.org> on 2009/12/21 15:39:53 UTC
[jira] Created: (CAMEL-2308) StrictHostKeyChecking Url Option
StrictHostKeyChecking Url Option
--------------------------------
Key: CAMEL-2308
URL: https://issues.apache.org/activemq/browse/CAMEL-2308
Project: Apache Camel
Issue Type: Improvement
Components: camel-ftp
Affects Versions: Future
Reporter: Edson Cimionatto
Fix For: Future
Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56577#action_56577 ]
Claus Ibsen commented on CAMEL-2308:
------------------------------------
Thanks.
I can see the default is {{ask}} which I dont believe is much use for Camel as it cannot reply to that questions. So I wonder if we should set the default to {{no}} when using Camel?
Any opinion on that?
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.2.0
> Reporter: Edson Cimionatto
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen resolved CAMEL-2308.
--------------------------------
Resolution: Fixed
Fix Version/s: (was: Future)
2.2.0
trunk: 893075.
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Edson Cimionatto
> Assignee: Claus Ibsen
> Fix For: 2.2.0
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Edson Cimionatto (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56622#action_56622 ]
Edson Cimionatto commented on CAMEL-2308:
-----------------------------------------
Claus,
JSch does not validate the known_hosts if StrictHostKeyChecking is no.
I prepared a integration test case...
import java.util.Properties;
import org.junit.Test;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
public class JSchTest {
private void createConnectionAndCheckHostKey(String strictHostKeyChecking)
throws JSchException {
Session session;
JSch jsch = new JSch();
jsch.setKnownHosts("c:\\known_hosts");
session = jsch.getSession("user", "hostname", 223);
session.setPassword("password");
Properties config = new Properties();
config.setProperty("StrictHostKeyChecking", strictHostKeyChecking);
session.setConfig(config);
session.connect();
}
@Test
public void testJSchTestStrictKeyCheckingNo() throws JSchException {
createConnectionAndCheckHostKey("no");
}
@Test(expected = JSchException.class)
public void testJSchTestStrictKeyCheckingYes() throws JSchException {
createConnectionAndCheckHostKey("yes");
}
}
I hope I helped!
--
Edson Cimionatto
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Edson Cimionatto
> Assignee: Claus Ibsen
> Fix For: 2.2.0
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-2308:
-------------------------------
Affects Version/s: (was: 2.2.0)
2.0.0
2.1.0
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Edson Cimionatto
> Assignee: Claus Ibsen
> Fix For: 2.2.0
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56590#action_56590 ]
Claus Ibsen commented on CAMEL-2308:
------------------------------------
Edson I wonder if it makes sense to use *both* knownHostFile and StrictHostKeyChecking?
Lets say StrictHostKeyChecking is no, and you have configured a knownHostFile. I wonder if JSCH will then still enforce host key verification?
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Edson Cimionatto
> Assignee: Claus Ibsen
> Fix For: 2.2.0
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-2308:
-------------------------------
Affects Version/s: (was: Future)
2.2.0
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.2.0
> Reporter: Edson Cimionatto
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Edson Cimionatto (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56576#action_56576 ]
Edson Cimionatto commented on CAMEL-2308:
-----------------------------------------
I fixed my problem with a bad hardcoding adding the following setting
after line 82 on SftpOpeartions:
session.setConfig("StrictHostKeyChecking", "no");
;) Thanks!
--
Edson Cimionatto
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: Future
> Reporter: Edson Cimionatto
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen reassigned CAMEL-2308:
----------------------------------
Assignee: Claus Ibsen
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.2.0
> Reporter: Edson Cimionatto
> Assignee: Claus Ibsen
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56571#action_56571 ]
Claus Ibsen commented on CAMEL-2308:
------------------------------------
Edson can you paste the code you used to fix it? Just to be sure we do that same in camel-ftp as the JSCH API is a bit cumbersome to work with.
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: Future
> Reporter: Edson Cimionatto
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2308) StrictHostKeyChecking Url Option
Posted by "Edson Cimionatto (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=56578#action_56578 ]
Edson Cimionatto commented on CAMEL-2308:
-----------------------------------------
I vote for setting default to "no".
For those who want to enforce key authentication, they still have the
option of using knownHosts, privateKeyFile, and
privateKeyFilePassphrase.
Thanks.
--
Edson Cimionatto
> StrictHostKeyChecking Url Option
> --------------------------------
>
> Key: CAMEL-2308
> URL: https://issues.apache.org/activemq/browse/CAMEL-2308
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-ftp
> Affects Versions: 2.2.0
> Reporter: Edson Cimionatto
> Fix For: Future
>
>
> Camel users will appreciate a new url option that sets JSch Session StrictHostKeyChecking to "no" . Preferably, this new option will work just like URI Options knownHosts. This improvement will facilitate bypass sftp/ssh key authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.