This is an automated email from the ASF dual-hosted git repository.
jeremyross pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 8f4b8e6b2da CAMEL-17835: camel-sftp: Update component and migration
docs.
8f4b8e6b2da is described below
commit 8f4b8e6b2da12ab759ba9f3a8c09401ca62d8f43
Author: Jeremy Ross <[email protected]>
AuthorDate: Wed Aug 10 12:31:58 2022 -0500
CAMEL-17835: camel-sftp: Update component and migration docs.
Include tip on restoring ssh-rsa/SHA1 for older SFTP servers.
---
.../camel-ftp/src/main/docs/sftp-component.adoc | 20 ++++++++++++++++++++
.../ROOT/pages/camel-3x-upgrade-guide-3_17.adoc | 6 ++++++
2 files changed, 26 insertions(+)
diff --git a/components/camel-ftp/src/main/docs/sftp-component.adoc
b/components/camel-ftp/src/main/docs/sftp-component.adoc
index a5953a88a96..f0f2c2fdcc7 100644
--- a/components/camel-ftp/src/main/docs/sftp-component.adoc
+++ b/components/camel-ftp/src/main/docs/sftp-component.adoc
@@ -45,6 +45,26 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component headers: END
+== Restoring Deprecated Key Types and Algorithms
+
+As of Camel 3.17.0, key types and algorithms that use SHA1 have been
deprecated. These can be restored, if necessary, by setting JSch configuration
directly. E.g.:
+
+[source,java]
+----
+JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") +
",ssh-rsa");
+JSch.setConfig("PubkeyAcceptedAlgorithms",
JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");
+JSch.setConfig("kex", JSch.getConfig("kex") +
",diffie-hellman-group1-sha1,diffie-hellman-group14-sha1");
+----
+
+Note that the key types and algorithms your server supports may differ than
the above example. You can use the following
+command to inspect your server's configuration:
+
+----
+ssh -vvv <server_address>
+----
+
+As of Camel 3.18.1, these values can also be set on SFTP endpoints by setting
the corresponding URI parameters.
+
== More Information
For more information you can look at xref:ftp-component.adoc[FTP component]
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
index f47296b3975..6bcd3d92793 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide-3_17.adoc
@@ -238,6 +238,12 @@ Notice how we must use `depends-on="VerySimple-context"`
in the `cxf:cxfEndpoint
</osgi:blueprint>
----
+=== camel-sftp
+
+The underlying JSch library has been updated
(https://issues.apache.org/jira/browse/CAMEL-17835[CAMEL-17835]) to a
+more secure and actively maintained fork which has removed key types and
algorithms that rely on SHA1. For
+information on how these can be restored, consult the
xref:components::sftp-component.adoc#_restoring_deprecated_key_types_and_algorithms[documentation
for the SFTP component].
+
=== Deprecated Components
The following components that had been marked as deprecated, were removed in
this release:
