I've created an example showing camel-ssh deployed in Karaf using classpath and file based public key security.
https://github.com/scranton/example-security-camel-ssh I'll try to clean it up shortly, and submit to camel either updating existing camel-ssh example, or adding as a new example... Then look to update the doc... On Fri, Feb 15, 2013 at 6:53 AM, Scott Cranton <sc...@cranton.com> wrote: > Excellent! thanks for the QA ;-) > > The camel-ssh doc clearly needs help, so any thoughts you have on how > to update based on your recent experience would be most appreciated... > > On Fri, Feb 15, 2013 at 6:48 AM, Martin Stiborský > <martin.stibor...@gmail.com> wrote: >> Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical >> thing. >> >> ResourceKeyPairProvider keyPairProvider = new ResourceKeyPairProvider( >> new String[]{pathToTheKey}, null, >> this.getClass().getClassLoader()); >> >> And camel-crypto, as new dependency, because org.bouncycastle.openssl ... >> >> Thanks a lot guys. >> >> >> On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <sc...@cranton.com> wrote: >> >>> Have you tried setting the keyPairProvider to an instance of >>> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That >>> should work better in OSGi, though I haven't tried it recently... >>> >>> Re mulitple ids: you can add multiple component instances with >>> different ids (e.g. sshGit) and reference them from Camel by those >>> ids. >>> >>> addComponent("sshGit", sshGitComponent) >>> >>> .to("sshGit:git@localhost) >>> >>> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský >>> <martin.stibor...@gmail.com> wrote: >>> > Often I found solution for a problem in few minutes after posting to >>> > mailing list, so let's try the luck now :) >>> > >>> > Currently I'm digging in the camel-ssh, because definitely there is >>> problem >>> > with referencing the key file from resources. >>> > The very first thing I should do was enabling debug for camel-ssh >>> component >>> > (surprise surprise...), because this: >>> > >>> > 2013-02-15 10:21:46,261 | INFO | qtp724367630-92 | FileKeyPairProvider >>> > | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key >>> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (No >>> > such file or directory) >>> > >>> > I'll follow advice from Claus Ibsen and check ResourceHelper and how it >>> > could be used in camel-ssh... >>> > >>> > >>> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský < >>> > martin.stibor...@gmail.com> wrote: >>> > >>> >> One more weird thing, from the log file: >>> >> >>> >> 2013-02-15 08:58:22,582 | INFO | NioProcessor-21 | ClientSessionImpl >>> >> | 24 - org.apache.sshd.core - 0.8.0 | Session >>> >> n...@my-git.server.com/10.xx.xx.xx:22 closed >>> >> >>> >> The "null"…I assume there should be username :) >>> >> >>> >> >>> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský < >>> >> martin.stibor...@gmail.com> wrote: >>> >> >>> >>> So, maybe the problem is really in the camel-ssh component, because, >>> it's >>> >>> possible to get the key from resources, like that: >>> >>> >>> >>> from("cxfrs:bean:gitServer") >>> >>> .routeId("GitRoutes") >>> >>> .choice() >>> >>> >>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories")) >>> >>> .setBody(constant("info")) >>> >>> .process(new Processor() { >>> >>> @Override >>> >>> public void process(Exchange exchange) throws >>> >>> Exception { >>> >>> InputStream is = >>> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem"); >>> >>> String myString = IOUtils.toString(is, >>> "UTF-8"); >>> >>> >>> >>> exchange.getOut().setBody(myString); >>> >>> } >>> >>> }); >>> >>> >>> >>> So, no OSGi trouble here I guess… >>> >>> >>> >>> >>> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský < >>> >>> martin.stibor...@gmail.com> wrote: >>> >>> >>> >>>> Ok, so camel-ssh needs some love, to make it better…ok. >>> >>>> But without modifications in camel-ssh, I'm just not able to use it >>> with >>> >>>> my SSH key, I tried like all possible combinations now. >>> >>>> >>> >>>> SshComponent sshGitComponent = new SshComponent(); >>> >>>> sshGitComponent.setHost("localhost"); >>> >>>> sshGitComponent.setPort(22); >>> >>>> sshGitComponent.setUsername("git"); >>> >>>> sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new >>> >>>> String[]{"gitkeys/mykey.pem"})); >>> >>>> sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA); >>> >>>> >>> >>>> getContext().removeComponent("ssh"); >>> >>>> getContext().addComponent("ssh", sshGitComponent); >>> >>>> >>> >>>> from("cxfrs:bean:gitServer") >>> >>>> .routeId("GitRoutes") >>> >>>> .choice() >>> >>>> >>> >>>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories")) >>> >>>> .setBody(constant("info")) >>> >>>> .to("ssh:git@localhost"); >>> >>>> >>> >>>> Why the removeComponent and the addComponent? I'd like to add new >>> >>>> instance of SshComponent, under different id, but when I do that, >>> >>>> Camel stucks on start, trying to find this new component…so I'm doing >>> >>>> something wrong there probably… >>> >>>> >>> >>>> In src/main/resources/gitkeys/mykey.pem is the key…but as I said, it >>> >>>> doesn't work for me, or I missed the correct combination…I tried also >>> >>>> classpath and file prefix, but no luck. >>> >>>> >>> >>>> The unit test works fine…problem is in the OSGi I guess…some classpath >>> >>>> issue? I don't know, I have quite a headache from this already, need a >>> >>>> break. >>> >>>> >>> >>>> >>> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ib...@gmail.com >>> >wrote: >>> >>>> >>> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský >>> >>>>> <martin.stibor...@gmail.com> wrote: >>> >>>>> > Still one problem…the unit test was fine, but now in OSGi >>> environment, >>> >>>>> > there are more troubles… >>> >>>>> > Is there some trick how to get resource from a bundle? I can't get >>> a >>> >>>>> > reference to the key file stored in src/main/resources :( >>> >>>>> > >>> >>>>> >>> >>>>> I guess maybe camel-ssh should load the cert file like we do in other >>> >>>>> components using ResourceHelper. >>> >>>>> Then we can load from classpath (osgi and the rest of the world), >>> files >>> >>>>> etc. >>> >>>>> >>> >>>>> eg prefix with classpath: or file: >>> >>>>> >>> >>>>> >>> >>>>> > >>> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský < >>> >>>>> > martin.stibor...@gmail.com> wrote: >>> >>>>> > >>> >>>>> >> I can try help there as well. I was looking for a chance to make >>> my >>> >>>>> "first >>> >>>>> >> camel commit" anyway :) >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton < >>> sc...@cranton.com> >>> >>>>> wrote: >>> >>>>> >> >>> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does need some >>> >>>>> >>> attention. Thanks for the feedback, and I look forward to seeing >>> >>>>> your >>> >>>>> >>> suggested updates to the doc. >>> >>>>> >>> >>> >>>>> >>> The certFilename is just a shorthand for creating a >>> >>>>> >>> FileKeyPairProvider, which is identical to what the >>> >>>>> >>> SshComponentSecurityTest is doing >>> >>>>> >>> >>> >>>>> >>> sshComponent.setKeyPairProvider(new FileKeyPairProvider(new >>> >>>>> >>> String[]{"src/test/resources/hostkey.pem"})); >>> >>>>> >>> >>> >>>>> >>> but I see in the tests, I'm using the same resource for both >>> >>>>> producer >>> >>>>> >>> and consumer, so to your point about when public key, when >>> private, >>> >>>>> I >>> >>>>> >>> should check that, update the tests, and most importantly update >>> the >>> >>>>> >>> docs as it isn't clear... >>> >>>>> >>> >>> >>>>> >>> Thanks, >>> >>>>> >>> Scott >>> >>>>> >>> >>> >>>>> >>> >>> >>>>> >>> >>> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborský >>> >>>>> >>> <martin.stibor...@gmail.com> wrote: >>> >>>>> >>> > As usually, problem solved few minutes after I posted this >>> "call >>> >>>>> for >>> >>>>> >>> help >>> >>>>> >>> > message". >>> >>>>> >>> > Really there was a problem with loading the private key from >>> >>>>> resources. >>> >>>>> >>> > >>> >>>>> >>> > Now it works...my next message will be about updating the >>> >>>>> camel-ssh >>> >>>>> >>> wiki :) >>> >>>>> >>> > >>> >>>>> >>> > >>> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborský < >>> >>>>> >>> > martin.stibor...@gmail.com> wrote: >>> >>>>> >>> > >>> >>>>> >>> >> Hello guys, >>> >>>>> >>> >> I need to use camel-ssh in my route, also, I need >>> authentication >>> >>>>> with >>> >>>>> >>> SSH >>> >>>>> >>> >> keys to the remote server. >>> >>>>> >>> >> I can't figure out how to configure the SSH producer in Camel. >>> >>>>> >>> >> >>> >>>>> >>> >> Now I started digging in camel-ssh source codes, but that is a >>> >>>>> long >>> >>>>> >>> trip >>> >>>>> >>> >> for me right now :( >>> >>>>> >>> >> >>> >>>>> >>> >> First of all, I'm not sure, what is difference between >>> >>>>> "certFilename" >>> >>>>> >>> and >>> >>>>> >>> >> "keyPairProvider" options for the ssh endpoint? >>> >>>>> >>> >> >>> >>>>> >>> >> Then, the private key have to be provided for the ssh >>> endpoint, >>> >>>>> right? >>> >>>>> >>> The >>> >>>>> >>> >> public key is configured on the remote server account... >>> >>>>> >>> >> Also, in which format the SSH private key should be? PEM? >>> >>>>> >>> >> Like this? >>> >>>>> >>> >> >>> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem >>> >>>>> >>> >> >>> >>>>> >>> >> I guess so, because it's like this here: >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem >>> >>>>> >>> >> >>> >>>>> >>> >> I'm not even sure if the key is loaded properly in the Java >>> code >>> >>>>> from >>> >>>>> >>> >> resources directory, because the exception I see there is: >>> >>>>> >>> >> >>> >>>>> >>> >> ========== >>> >>>>> >>> >> Caused by: java.io.IOException: Error performing public key >>> >>>>> >>> authentication >>> >>>>> >>> >> at >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86) >>> >>>>> >>> >> at >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146) >>> >>>>> >>> >> at >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113) >>> >>>>> >>> >> at >>> >>>>> >>> >> >>> >>>>> >>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38) >>> >>>>> >>> >> ... 72 more >>> >>>>> >>> >> Caused by: java.lang.NullPointerException >>> >>>>> >>> >> at >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59) >>> >>>>> >>> >> ... 75 more >>> >>>>> >>> >> ========== >>> >>>>> >>> >> >>> >>>>> >>> >> Note the NullPointerException ... >>> >>>>> >>> >> >>> >>>>> >>> >> But I tried to follow this ( >>> >>>>> >>> >> >>> >>>>> >>> >>> >>>>> >>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java >>> >>>>> ) >>> >>>>> >>> test, >>> >>>>> >>> >> so I guess it should work... >>> >>>>> >>> >> >>> >>>>> >>> >> Could you give me at least some hint? >>> >>>>> >>> >> I promise I'll extend Camel wiki related to this topic >>> >>>>> definitely :P >>> >>>>> >>> >> >>> >>>>> >>> >> -- >>> >>>>> >>> >> S pozdravem / Best regards >>> >>>>> >>> >> Martin Stiborský >>> >>>>> >>> >> >>> >>>>> >>> >> Jabber: st...@njs.netlab.cz >>> >>>>> >>> >> Twitter: http://www.twitter.com/stibi >>> >>>>> >>> >> >>> >>>>> >>> > >>> >>>>> >>> > >>> >>>>> >>> > >>> >>>>> >>> > -- >>> >>>>> >>> > S pozdravem / Best regards >>> >>>>> >>> > Martin Stiborský >>> >>>>> >>> > >>> >>>>> >>> > Jabber: st...@njs.netlab.cz >>> >>>>> >>> > Twitter: http://www.twitter.com/stibi >>> >>>>> >>> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> -- >>> >>>>> >> S pozdravem / Best regards >>> >>>>> >> Martin Stiborský >>> >>>>> >> >>> >>>>> >> Jabber: st...@njs.netlab.cz >>> >>>>> >> Twitter: http://www.twitter.com/stibi >>> >>>>> >> >>> >>>>> > >>> >>>>> > >>> >>>>> > >>> >>>>> > -- >>> >>>>> > S pozdravem / Best regards >>> >>>>> > Martin Stiborský >>> >>>>> > >>> >>>>> > Jabber: st...@njs.netlab.cz >>> >>>>> > Twitter: http://www.twitter.com/stibi >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> -- >>> >>>>> Claus Ibsen >>> >>>>> ----------------- >>> >>>>> Red Hat, Inc. >>> >>>>> FuseSource is now part of Red Hat >>> >>>>> Email: cib...@redhat.com >>> >>>>> Web: http://fusesource.com >>> >>>>> Twitter: davsclaus >>> >>>>> Blog: http://davsclaus.com >>> >>>>> Author of Camel in Action: http://www.manning.com/ibsen >>> >>>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>> -- >>> >>>> S pozdravem / Best regards >>> >>>> Martin Stiborský >>> >>>> >>> >>>> Jabber: st...@njs.netlab.cz >>> >>>> Twitter: http://www.twitter.com/stibi >>> >>>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> S pozdravem / Best regards >>> >>> Martin Stiborský >>> >>> >>> >>> Jabber: st...@njs.netlab.cz >>> >>> Twitter: http://www.twitter.com/stibi >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> S pozdravem / Best regards >>> >> Martin Stiborský >>> >> >>> >> Jabber: st...@njs.netlab.cz >>> >> Twitter: http://www.twitter.com/stibi >>> >> >>> > >>> > >>> > >>> > -- >>> > S pozdravem / Best regards >>> > Martin Stiborský >>> > >>> > Jabber: st...@njs.netlab.cz >>> > Twitter: http://www.twitter.com/stibi >>> >> >> >> >> -- >> S pozdravem / Best regards >> Martin Stiborský >> >> Jabber: st...@njs.netlab.cz >> Twitter: http://www.twitter.com/stibi
