Hi I logged a ticket to make this easier out of the box https://issues.apache.org/jira/browse/CAMEL-6120
On Fri, Feb 15, 2013 at 9:33 PM, Scott Cranton <sc...@cranton.com> wrote: > I've created an example showing camel-ssh deployed in Karaf using > classpath and file based public key security. > > https://github.com/scranton/example-security-camel-ssh > > I'll try to clean it up shortly, and submit to camel either updating > existing camel-ssh example, or adding as a new example... > > Then look to update the doc... > > On Fri, Feb 15, 2013 at 6:53 AM, Scott Cranton <sc...@cranton.com> wrote: >> Excellent! thanks for the QA ;-) >> >> The camel-ssh doc clearly needs help, so any thoughts you have on how >> to update based on your recent experience would be most appreciated... >> >> On Fri, Feb 15, 2013 at 6:48 AM, Martin Stiborský >> <martin.stibor...@gmail.com> wrote: >>> Woohoo, victory, thanks for the hint, Scott. ClassLoader was the magical >>> thing. >>> >>> ResourceKeyPairProvider keyPairProvider = new ResourceKeyPairProvider( >>> new String[]{pathToTheKey}, null, >>> this.getClass().getClassLoader()); >>> >>> And camel-crypto, as new dependency, because org.bouncycastle.openssl ... >>> >>> Thanks a lot guys. >>> >>> >>> On Fri, Feb 15, 2013 at 11:34 AM, Scott Cranton <sc...@cranton.com> wrote: >>> >>>> Have you tried setting the keyPairProvider to an instance of >>>> org.apache.sshd.common.keyprovider.ResourceKeyPairProvider? That >>>> should work better in OSGi, though I haven't tried it recently... >>>> >>>> Re mulitple ids: you can add multiple component instances with >>>> different ids (e.g. sshGit) and reference them from Camel by those >>>> ids. >>>> >>>> addComponent("sshGit", sshGitComponent) >>>> >>>> .to("sshGit:git@localhost) >>>> >>>> On Fri, Feb 15, 2013 at 4:26 AM, Martin Stiborský >>>> <martin.stibor...@gmail.com> wrote: >>>> > Often I found solution for a problem in few minutes after posting to >>>> > mailing list, so let's try the luck now :) >>>> > >>>> > Currently I'm digging in the camel-ssh, because definitely there is >>>> problem >>>> > with referencing the key file from resources. >>>> > The very first thing I should do was enabling debug for camel-ssh >>>> component >>>> > (surprise surprise...), because this: >>>> > >>>> > 2013-02-15 10:21:46,261 | INFO | qtp724367630-92 | FileKeyPairProvider >>>> > | 24 - org.apache.sshd.core - 0.8.0 | Unable to read key >>>> > /gitkeys/mykey.pem: java.io.FileNotFoundException: /gitkeys/mykey.pem (No >>>> > such file or directory) >>>> > >>>> > I'll follow advice from Claus Ibsen and check ResourceHelper and how it >>>> > could be used in camel-ssh... >>>> > >>>> > >>>> > On Fri, Feb 15, 2013 at 9:01 AM, Martin Stiborský < >>>> > martin.stibor...@gmail.com> wrote: >>>> > >>>> >> One more weird thing, from the log file: >>>> >> >>>> >> 2013-02-15 08:58:22,582 | INFO | NioProcessor-21 | ClientSessionImpl >>>> >> | 24 - org.apache.sshd.core - 0.8.0 | Session >>>> >> n...@my-git.server.com/10.xx.xx.xx:22 closed >>>> >> >>>> >> The "null"…I assume there should be username :) >>>> >> >>>> >> >>>> >> On Fri, Feb 15, 2013 at 8:40 AM, Martin Stiborský < >>>> >> martin.stibor...@gmail.com> wrote: >>>> >> >>>> >>> So, maybe the problem is really in the camel-ssh component, because, >>>> it's >>>> >>> possible to get the key from resources, like that: >>>> >>> >>>> >>> from("cxfrs:bean:gitServer") >>>> >>> .routeId("GitRoutes") >>>> >>> .choice() >>>> >>> >>>> >>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories")) >>>> >>> .setBody(constant("info")) >>>> >>> .process(new Processor() { >>>> >>> @Override >>>> >>> public void process(Exchange exchange) throws >>>> >>> Exception { >>>> >>> InputStream is = >>>> >>> getClass().getResourceAsStream("/gitkeys/mykey.pem"); >>>> >>> String myString = IOUtils.toString(is, >>>> "UTF-8"); >>>> >>> >>>> >>> exchange.getOut().setBody(myString); >>>> >>> } >>>> >>> }); >>>> >>> >>>> >>> So, no OSGi trouble here I guess… >>>> >>> >>>> >>> >>>> >>> On Thu, Feb 14, 2013 at 9:06 PM, Martin Stiborský < >>>> >>> martin.stibor...@gmail.com> wrote: >>>> >>> >>>> >>>> Ok, so camel-ssh needs some love, to make it better…ok. >>>> >>>> But without modifications in camel-ssh, I'm just not able to use it >>>> with >>>> >>>> my SSH key, I tried like all possible combinations now. >>>> >>>> >>>> >>>> SshComponent sshGitComponent = new SshComponent(); >>>> >>>> sshGitComponent.setHost("localhost"); >>>> >>>> sshGitComponent.setPort(22); >>>> >>>> sshGitComponent.setUsername("git"); >>>> >>>> sshGitComponent.setKeyPairProvider(new FileKeyPairProvider(new >>>> >>>> String[]{"gitkeys/mykey.pem"})); >>>> >>>> sshGitComponent.setKeyType(KeyPairProvider.SSH_RSA); >>>> >>>> >>>> >>>> getContext().removeComponent("ssh"); >>>> >>>> getContext().addComponent("ssh", sshGitComponent); >>>> >>>> >>>> >>>> from("cxfrs:bean:gitServer") >>>> >>>> .routeId("GitRoutes") >>>> >>>> .choice() >>>> >>>> >>>> >>>> >>>> .when(header(CxfConstants.OPERATION_NAME).isEqualTo("getRepositories")) >>>> >>>> .setBody(constant("info")) >>>> >>>> .to("ssh:git@localhost"); >>>> >>>> >>>> >>>> Why the removeComponent and the addComponent? I'd like to add new >>>> >>>> instance of SshComponent, under different id, but when I do that, >>>> >>>> Camel stucks on start, trying to find this new component…so I'm doing >>>> >>>> something wrong there probably… >>>> >>>> >>>> >>>> In src/main/resources/gitkeys/mykey.pem is the key…but as I said, it >>>> >>>> doesn't work for me, or I missed the correct combination…I tried also >>>> >>>> classpath and file prefix, but no luck. >>>> >>>> >>>> >>>> The unit test works fine…problem is in the OSGi I guess…some classpath >>>> >>>> issue? I don't know, I have quite a headache from this already, need a >>>> >>>> break. >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Feb 14, 2013 at 3:13 PM, Claus Ibsen <claus.ib...@gmail.com >>>> >wrote: >>>> >>>> >>>> >>>>> On Thu, Feb 14, 2013 at 2:57 PM, Martin Stiborský >>>> >>>>> <martin.stibor...@gmail.com> wrote: >>>> >>>>> > Still one problem…the unit test was fine, but now in OSGi >>>> environment, >>>> >>>>> > there are more troubles… >>>> >>>>> > Is there some trick how to get resource from a bundle? I can't get >>>> a >>>> >>>>> > reference to the key file stored in src/main/resources :( >>>> >>>>> > >>>> >>>>> >>>> >>>>> I guess maybe camel-ssh should load the cert file like we do in other >>>> >>>>> components using ResourceHelper. >>>> >>>>> Then we can load from classpath (osgi and the rest of the world), >>>> files >>>> >>>>> etc. >>>> >>>>> >>>> >>>>> eg prefix with classpath: or file: >>>> >>>>> >>>> >>>>> >>>> >>>>> > >>>> >>>>> > On Thu, Feb 14, 2013 at 12:25 PM, Martin Stiborský < >>>> >>>>> > martin.stibor...@gmail.com> wrote: >>>> >>>>> > >>>> >>>>> >> I can try help there as well. I was looking for a chance to make >>>> my >>>> >>>>> "first >>>> >>>>> >> camel commit" anyway :) >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> On Thu, Feb 14, 2013 at 12:00 PM, Scott Cranton < >>>> sc...@cranton.com> >>>> >>>>> wrote: >>>> >>>>> >> >>>> >>>>> >>> Glad you figured it out. Yeah, the camel-ssh page does need some >>>> >>>>> >>> attention. Thanks for the feedback, and I look forward to seeing >>>> >>>>> your >>>> >>>>> >>> suggested updates to the doc. >>>> >>>>> >>> >>>> >>>>> >>> The certFilename is just a shorthand for creating a >>>> >>>>> >>> FileKeyPairProvider, which is identical to what the >>>> >>>>> >>> SshComponentSecurityTest is doing >>>> >>>>> >>> >>>> >>>>> >>> sshComponent.setKeyPairProvider(new FileKeyPairProvider(new >>>> >>>>> >>> String[]{"src/test/resources/hostkey.pem"})); >>>> >>>>> >>> >>>> >>>>> >>> but I see in the tests, I'm using the same resource for both >>>> >>>>> producer >>>> >>>>> >>> and consumer, so to your point about when public key, when >>>> private, >>>> >>>>> I >>>> >>>>> >>> should check that, update the tests, and most importantly update >>>> the >>>> >>>>> >>> docs as it isn't clear... >>>> >>>>> >>> >>>> >>>>> >>> Thanks, >>>> >>>>> >>> Scott >>>> >>>>> >>> >>>> >>>>> >>> >>>> >>>>> >>> >>>> >>>>> >>> On Thu, Feb 14, 2013 at 5:48 AM, Martin Stiborský >>>> >>>>> >>> <martin.stibor...@gmail.com> wrote: >>>> >>>>> >>> > As usually, problem solved few minutes after I posted this >>>> "call >>>> >>>>> for >>>> >>>>> >>> help >>>> >>>>> >>> > message". >>>> >>>>> >>> > Really there was a problem with loading the private key from >>>> >>>>> resources. >>>> >>>>> >>> > >>>> >>>>> >>> > Now it works...my next message will be about updating the >>>> >>>>> camel-ssh >>>> >>>>> >>> wiki :) >>>> >>>>> >>> > >>>> >>>>> >>> > >>>> >>>>> >>> > On Thu, Feb 14, 2013 at 10:37 AM, Martin Stiborský < >>>> >>>>> >>> > martin.stibor...@gmail.com> wrote: >>>> >>>>> >>> > >>>> >>>>> >>> >> Hello guys, >>>> >>>>> >>> >> I need to use camel-ssh in my route, also, I need >>>> authentication >>>> >>>>> with >>>> >>>>> >>> SSH >>>> >>>>> >>> >> keys to the remote server. >>>> >>>>> >>> >> I can't figure out how to configure the SSH producer in Camel. >>>> >>>>> >>> >> >>>> >>>>> >>> >> Now I started digging in camel-ssh source codes, but that is a >>>> >>>>> long >>>> >>>>> >>> trip >>>> >>>>> >>> >> for me right now :( >>>> >>>>> >>> >> >>>> >>>>> >>> >> First of all, I'm not sure, what is difference between >>>> >>>>> "certFilename" >>>> >>>>> >>> and >>>> >>>>> >>> >> "keyPairProvider" options for the ssh endpoint? >>>> >>>>> >>> >> >>>> >>>>> >>> >> Then, the private key have to be provided for the ssh >>>> endpoint, >>>> >>>>> right? >>>> >>>>> >>> The >>>> >>>>> >>> >> public key is configured on the remote server account... >>>> >>>>> >>> >> Also, in which format the SSH private key should be? PEM? >>>> >>>>> >>> >> Like this? >>>> >>>>> >>> >> >>>> >>>>> >>> >> openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem >>>> >>>>> >>> >> >>>> >>>>> >>> >> I guess so, because it's like this here: >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/resources/hostkey.pem >>>> >>>>> >>> >> >>>> >>>>> >>> >> I'm not even sure if the key is loaded properly in the Java >>>> code >>>> >>>>> from >>>> >>>>> >>> >> resources directory, because the exception I see there is: >>>> >>>>> >>> >> >>>> >>>>> >>> >> ========== >>>> >>>>> >>> >> Caused by: java.io.IOException: Error performing public key >>>> >>>>> >>> authentication >>>> >>>>> >>> >> at >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:86) >>>> >>>>> >>> >> at >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> org.apache.sshd.client.session.ClientSessionImpl.authPublicKey(ClientSessionImpl.java:146) >>>> >>>>> >>> >> at >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> org.apache.camel.component.ssh.SshEndpoint.sendExecCommand(SshEndpoint.java:113) >>>> >>>>> >>> >> at >>>> >>>>> >>> >> >>>> >>>>> >>>> org.apache.camel.component.ssh.SshProducer.process(SshProducer.java:38) >>>> >>>>> >>> >> ... 72 more >>>> >>>>> >>> >> Caused by: java.lang.NullPointerException >>>> >>>>> >>> >> at >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> org.apache.sshd.client.auth.UserAuthPublicKey.<init>(UserAuthPublicKey.java:59) >>>> >>>>> >>> >> ... 75 more >>>> >>>>> >>> >> ========== >>>> >>>>> >>> >> >>>> >>>>> >>> >> Note the NullPointerException ... >>>> >>>>> >>> >> >>>> >>>>> >>> >> But I tried to follow this ( >>>> >>>>> >>> >> >>>> >>>>> >>> >>>> >>>>> >>>> https://github.com/apache/camel/blob/trunk/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java >>>> >>>>> ) >>>> >>>>> >>> test, >>>> >>>>> >>> >> so I guess it should work... >>>> >>>>> >>> >> >>>> >>>>> >>> >> Could you give me at least some hint? >>>> >>>>> >>> >> I promise I'll extend Camel wiki related to this topic >>>> >>>>> definitely :P >>>> >>>>> >>> >> >>>> >>>>> >>> >> -- >>>> >>>>> >>> >> S pozdravem / Best regards >>>> >>>>> >>> >> Martin Stiborský >>>> >>>>> >>> >> >>>> >>>>> >>> >> Jabber: st...@njs.netlab.cz >>>> >>>>> >>> >> Twitter: http://www.twitter.com/stibi >>>> >>>>> >>> >> >>>> >>>>> >>> > >>>> >>>>> >>> > >>>> >>>>> >>> > >>>> >>>>> >>> > -- >>>> >>>>> >>> > S pozdravem / Best regards >>>> >>>>> >>> > Martin Stiborský >>>> >>>>> >>> > >>>> >>>>> >>> > Jabber: st...@njs.netlab.cz >>>> >>>>> >>> > Twitter: http://www.twitter.com/stibi >>>> >>>>> >>> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> -- >>>> >>>>> >> S pozdravem / Best regards >>>> >>>>> >> Martin Stiborský >>>> >>>>> >> >>>> >>>>> >> Jabber: st...@njs.netlab.cz >>>> >>>>> >> Twitter: http://www.twitter.com/stibi >>>> >>>>> >> >>>> >>>>> > >>>> >>>>> > >>>> >>>>> > >>>> >>>>> > -- >>>> >>>>> > S pozdravem / Best regards >>>> >>>>> > Martin Stiborský >>>> >>>>> > >>>> >>>>> > Jabber: st...@njs.netlab.cz >>>> >>>>> > Twitter: http://www.twitter.com/stibi >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> -- >>>> >>>>> Claus Ibsen >>>> >>>>> ----------------- >>>> >>>>> Red Hat, Inc. >>>> >>>>> FuseSource is now part of Red Hat >>>> >>>>> Email: cib...@redhat.com >>>> >>>>> Web: http://fusesource.com >>>> >>>>> Twitter: davsclaus >>>> >>>>> Blog: http://davsclaus.com >>>> >>>>> Author of Camel in Action: http://www.manning.com/ibsen >>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> S pozdravem / Best regards >>>> >>>> Martin Stiborský >>>> >>>> >>>> >>>> Jabber: st...@njs.netlab.cz >>>> >>>> Twitter: http://www.twitter.com/stibi >>>> >>>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> -- >>>> >>> S pozdravem / Best regards >>>> >>> Martin Stiborský >>>> >>> >>>> >>> Jabber: st...@njs.netlab.cz >>>> >>> Twitter: http://www.twitter.com/stibi >>>> >>> >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> S pozdravem / Best regards >>>> >> Martin Stiborský >>>> >> >>>> >> Jabber: st...@njs.netlab.cz >>>> >> Twitter: http://www.twitter.com/stibi >>>> >> >>>> > >>>> > >>>> > >>>> > -- >>>> > S pozdravem / Best regards >>>> > Martin Stiborský >>>> > >>>> > Jabber: st...@njs.netlab.cz >>>> > Twitter: http://www.twitter.com/stibi >>>> >>> >>> >>> >>> -- >>> S pozdravem / Best regards >>> Martin Stiborský >>> >>> Jabber: st...@njs.netlab.cz >>> Twitter: http://www.twitter.com/stibi -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: cib...@redhat.com Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
