[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (VFS-283) SFTP can not use private keys protected by pass phrase

Gary D. Gregory (Jira)

    [ https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13277886#comment-13277886 ]

Gary D. Gregory commented on VFS-283:
-------------------------------------

Hello again,

I looked at the proposed patch and this seems like the wrong approach. We should never store passwords. Instead the VFS user authenticator framework should be used.

What I am not sure about yet is if we should enhance the UA framework with private key and public key fields like this:

{code}
Index: src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java
===================================================================
--- src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java (revision 1339616)
+++ src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java (working copy)
@@ -100,6 +100,12 @@
     /** The user's domain. */
     public static final Type DOMAIN = new Type("domain");
 
+    /** The user's private key. */
+    public static final Type PRIVATE_KEY = new Type("privateKey");
+
+    /** The user's public key. */
+    public static final Type PUBLIC_KEY = new Type("publicKey");
+
     /** The authentication data. */
     private final Map<Type, char[]> authenticationData = new TreeMap<Type, char[]>();
 {code}

And change the way the SFTP provider works to make it use UA for the key files instead of saving a java.io.File reference in the config object.

It seems to me like the best security would use UA for all of this, private key file path AND password.

To be continued...

feedback?
               

> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>
>                 Key: VFS-283
>                 URL: https://issues.apache.org/jira/browse/VFS-283
>             Project: Commons VFS
>          Issue Type: Improvement
>    Affects Versions: 1.0
>         Environment: Java client running on Windows XP. OpenSSH server running on CentOS Linux.
>            Reporter: Torben Putkonen
>         Attachments: vfs-283.patch
>
>
> It is not possible to authenticate an SFTP connection with public key authentication if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory that deals with pas phrases.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira