[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

ASF GitHub Bot (Jira)

    [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13109811#comment-13109811 ]

Iqbal Yusuf commented on VFS-283:
---------------------------------

I have a patch or workaround for this bug. I've never committed to ASF so don't know how to submit a patch. Here is the code snippet that will solve this problem.

I'm going to use and Java system environment variable named "vfs.sftp.ssh.privatekeyfile.passphrase".
You will need to set it to the passphrase of your ssh private key file.

I'm pasting re-written code here from package "org.apache.commons.vfs2.provider.sftp" for class named "SftpClientFactory"

Here is the changed code inside method named "SftpClientFactory()" around line number 100

if (identities != null)
        {
            for (int iterIdentities = 0; iterIdentities < identities.length; iterIdentities++)
            {
                final File privateKeyFile = identities[iterIdentities];
                try
                {
                //iyusuf
                String passPhrase;
                passPhrase = System.getProperty("vfs.sftp.ssh.privatekeyfile.passphrase");
                if (passPhrase != null){
                        jsch.addIdentity(privateKeyFile.getAbsolutePath(),passPhrase);
                }else {
                        jsch.addIdentity(privateKeyFile.getAbsolutePath());                
                }
                }
                catch (final JSchException e)
                {
                    throw new FileSystemException("vfs.provider.sftp/load-private-key.error", privateKeyFile, e);
                }
            }
        }
        else
        {
            if (sshDir == null)
            {
                sshDir = findSshDir();
            }

            // Load the private key (rsa-key only)
            final File privateKeyFile = new File(sshDir, "id_rsa");
            if (privateKeyFile.isFile() && privateKeyFile.canRead())
            {
                try
                {
                //iyusuf
                String passPhrase;
                passPhrase = System.getProperty("vfs.sftp.ssh.privatekeyfile.passphrase");
                if (passPhrase != null){
                        jsch.addIdentity(privateKeyFile.getAbsolutePath(),passPhrase);
                }else {
                        jsch.addIdentity(privateKeyFile.getAbsolutePath());                
                }

                }
                catch (final JSchException e)
                {
                    throw new FileSystemException("vfs.provider.sftp/load-private-key.error", privateKeyFile, e);
                }
            }
        }




> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>
>                 Key: VFS-283
>                 URL: https://issues.apache.org/jira/browse/VFS-283
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS Linux.
>            Reporter: Torben Putkonen
>
> It is not possible to authenticate an SFTP connection with public key authentication if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals with pas phrases.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira