[
https://issues.apache.org/jira/browse/VFS-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156793#comment-13156793
]
Mevlut Evren Tekin edited comment on VFS-283 at 11/24/11 4:26 PM:
------------------------------------------------------------------
I have just submitted a patch. I tried to make sure it remained backward
compatible by leaving the existing method names and interfaces unchanged. There
are two new methods in SftpFileSystemConfigBuilder class(see below for further
details) to allow added passphrase support.
I have changed the datatype for identities from File[] to
LinkedHashMap<File,String> to allow storing and retrieving
privateKeyFile-passphrase pairings.
Two new methods - setIdentityPairs and getIdentityPairs - have been added to
the SftpFileSystemConfigBuilder class to allow passphrase support for publickey
authentication. Existing setIdentity and getIdentity methods still accepts and
returns File[] datatype as before. However their implementations have been
updated to do the conversion between File[] and the new
LinkedHashMap<File,String> datatypes within the method bodies.
identities variable in createConnection method in SftpClientFactory class is
now defined as Map<File,String> datatype instead of File[] datatype for the
added passphrase support. If an identity is setup without a passphrase as
existing applications would do using the old
SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[]
identities) method, then the method would call jsch.addIdentity(String prvkey)
as before. If there is a passphrase attached to the key file using the new
SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions opts,
LinkedHashMap<File, String> pairs) method, then jsch.addIdentity(String
prvkey,String passphrase) will be appropriately called.
was (Author: evrentekin):
I have just submitted a patch. I tried to make sure it remained backward
compatible by leaving the existing method names and interfaces unchanged. There
are two new methods in SftpFileSystemConfigBuilder class(see below for further
details) to allow added passphrase support.
I have changed the datatype for identities from File[] to
LinkedHashMap<File,String> to allow storing and retrieving
privateKeyFile-passphrase pairings.
Two new methods -setIdentityPairs and getIdentityPairs- have been added to the
SftpFileSystemConfigBuilder class to allow passphrase support for publickey
authentication. Existing setIdentity and getIdentity methods still accepts and
returns File[] datatype as before. However their implementations have been
updated to do the conversion between File[] and the new
LinkedHashMap<File,String> datatypes within the method bodies.
identities variable in createConnection method in SftpClientFactory class is
now defined as Map<File,String> datatype instead of File[] datatype for the
added passphrase support. If an identity is setup without a passphrase as
existing applications would do using the old
SftpFileSystemConfigBuilder.setIdentities(FileSystemOptions opts, File[]
identities) method, then the method would call jsch.addIdentity(String prvkey)
as before. If there is a passphrase attached to the key file using the new
SftpFileSystemConfigBuilder.setIdentityPairs(FileSystemOptions opts,
LinkedHashMap<File, String> pairs) method, then jsch.addIdentity(String
prvkey,String passphrase) will be appropriately called.
> SFTP can not use private keys protected by pass phrase
> ------------------------------------------------------
>
> Key: VFS-283
> URL: https://issues.apache.org/jira/browse/VFS-283
> Project: Commons VFS
> Issue Type: Improvement
> Affects Versions: 1.0
> Environment: Java client running on Windows XP. OpenSSH server
> running on CentOS Linux.
> Reporter: Torben Putkonen
> Attachments: vfs-283.patch
>
>
> It is not possible to authenticate an SFTP connection with public key
> authentication if the private key is protected by a pass phrase.
> There is no code in org.apache.commons.vfs.provider.sftp.SftpClientFactory
> that deals with pas phrases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
