Geek Answers Handbook

What is the correct way to configure SCP route with public authentication in Camel?

I am currently using Apache Camel (version 2.20.2 at the time of writing) as part of a larger ETL stream to copy processed files from the Camel box to another machine.

However, I have a damn time related to the configuration of SCP. The goal is to make sure that I don’t have to provide much outside of where the private key lives and where famous hosts live.

The following is an example route. The test route is for conversation purposes only; this may not be accurate, but the intention here is not to display the upstream part as a “working” one. I am sure that part of the file generation works because of the tests I wrote for it.

What works :

If I provide my username and password and disable strict host key verification, my route will work.

from("direct:init")
    .to("file:///tmp")
    .to("scp://my.server.local?username=makoto&password=XXXXXX" + 
                              "&preferredAuthentications=password" +
                              "&strictHostKeyChecking=no");

Of course, the lack of strict host control is absolutely not a starter due to policy.

What does not work :

  • If I provide my username and password and do not disable strict host key verification, I get this error:

    com.jcraft.jsch.JSchException: reject HostKey: my.server.local
    at com.jcraft.jsch.Session.checkHost(Session.java:789) ~[jsch-0.1.54.jar:na]
    at com.jcraft.jsch.Session.connect(Session.java:345) ~[jsch-0.1.54.jar:na]
    at org.apache.camel.component.scp.ScpOperations.createSession(ScpOperations.java:284) [camel-jsch-2.20.2.jar:2.20.2]
    at org.apache.camel.component.scp.ScpOperations.connect(ScpOperations.java:179) [camel-jsch-2.20.2.jar:2.20.2]

  • If I provide my username and password, do not turn off strict host key verification and do not specify my preferred authentication type as “password”, I get the same error as above.

  • , , , :

    com.jcraft.jsch.JSchException: Auth cancel
    at com.jcraft.jsch.Session.connect(Session.java:518) ~[jsch-0.1.54.jar:na]
    at org.apache.camel.component.scp.ScpOperations.createSession(ScpOperations.java:284) [camel-jsch-2.20.2.jar:2.20.2]

  • , , :

    com.jcraft.jsch.JSchException: Auth fail
    at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.54.jar:na]
    at org.apache.camel.component.scp.ScpOperations.createSession(ScpOperations.java:284) [camel-jsch-2.20.2.jar:2.20.2]
    at org.apache.camel.component.scp.ScpOperations.connect(ScpOperations.java:179) [camel-jsch-2.20.2.jar:2.20.2]

    , Camel :

    2018-02-19 10:46:15.142 DEBUG 23940 --- [obfuscated-route] o.a.camel.component.scp.ScpOperations    : Passphrase for camel-jsch
2018-02-19 10:46:15.142  WARN 23940 --- [obfuscated-route] o.a.camel.component.scp.ScpOperations    : Private Key authentication not supported
2018-02-19 10:46:15.142 DEBUG 23940 --- [obfuscated-route] o.a.camel.component.scp.ScpOperations    : Passphrase for camel-jsch
2018-02-19 10:46:15.142  WARN 23940 --- [obfuscated-route] o.a.camel.component.scp.ScpOperations    : Private Key authentication not supported

, , :

  • ; -

, ? Camel , SCP .

, :

  • "" , Camel, , .
  • , authorized_keys -.
  • known_hosts /.
+6
1

, , .

:

  • JSch .
  • , " ".
  • "", , .

:

  • ( ssh-keyscan -t rsa -H <hostname>. .
  • , .

, , Camel, , , . .

, , , , JSch . , , , , JSch .

, , , .

, , :

  • ssh-keyscan -t rsa -H my.server.local
  • RSA- (, 3 ) known_hosts

, - . , , JSch .

, , , , , , SSH .

, :

from("direct:init")
    .to("file:///tmp")
    .to("scp://my.server.local?username=makoto&privateKeyFilePassphrase=XXXXXX" + 
                          "&preferredAuthentications=publickey" +
                          "&privateKeyFile=/path/to/.ssh/id_rsa");
+3

More articles:


All Articles