[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

Gary D. Gregory (Jira)

    [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13277886#comment-13277886 ]

Gary D. Gregory commented on VFS-283:

Hello again,

I looked at the proposed patch and this seems like the wrong approach. We should never store passwords. Instead the VFS user authenticator framework should be used.

What I am not sure about yet is if we should enhance the UA framework with private key and public key fields like this:

Index: src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java
--- src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java (revision 1339616)
+++ src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java (working copy)
@@ -100,6 +100,12 @@
     /** The user's domain. */
     public static final Type DOMAIN = new Type("domain");
+    /** The user's private key. */
+    public static final Type PRIVATE_KEY = new Type("privateKey");
+    /** The user's public key. */
+    public static final Type PUBLIC_KEY = new Type("publicKey");
     /** The authentication data. */
     private final Map<Type, char[]> authenticationData = new TreeMap<Type, char[]>();

And change the way the SFTP provider works to make it use UA for the key files instead of saving a java.io.File reference in the config object.

It seems to me like the best security would use UA for all of this, private key file path AND password.

To be continued...


> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>                 Key: VFS-283
>                 URL: https://issues.apache.org/jira/browse/VFS-283
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS Linux.
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch
> It is not possible to authenticate an SFTP connection with public key authentication if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals with pas phrases.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira