1

I'm trying to connect to an sftp server with a 'new' private key that starts with BEGIN OPENSSH PRIVATE KEY (the 'old' version starts with BEGIN RSA PRIVATE KEY ).

-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

When connecting with Camel SFTP (version 3.10), I get an error

org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://username1@localhost:55040
...
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [B@7c033a39

If I connect on the command line, it works as expected - the key is fine.

I found from this answer the error is caused by an outdated version of Jsch - but this was supposed to be fixed for Camel SSH in 3.10 https://issues.apache.org/jira/browse/CAMEL-16554, but I guess this doesn't affect sftp?

How can I connect?

There's sftp config to set 'ciphers' and 'keyExchangeProtocols' - are these relevant?

Stacktrace
org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://username1@localhost:55040
    at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:158) ~[camel-ftp-3.10.0.jar:3.10.0]
    at org.apache.camel.component.file.remote.RemoteFileConsumer.connectIfNecessary(RemoteFileConsumer.java:235) ~[camel-ftp-3.10.0.jar:3.10.0]
    at org.apache.camel.component.file.remote.RemoteFileConsumer.prePollCheck(RemoteFileConsumer.java:77) ~[camel-ftp-3.10.0.jar:3.10.0]
    at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:128) ~[camel-file-3.10.0.jar:3.10.0]
    at org.apache.camel.support.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:190) [camel-support-3.10.0.jar:3.10.0]
    at org.apache.camel.support.ScheduledPollConsumer.run(ScheduledPollConsumer.java:107) [camel-support-3.10.0.jar:3.10.0]
    at org.apache.camel.pollconsumer.quartz.QuartzScheduledPollConsumerJob.execute(QuartzScheduledPollConsumerJob.java:61) [camel-quartz-3.10.0.jar:3.10.0]
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [B@7c033a39
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:664) ~[jsch-0.1.55.jar:?]
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:46) ~[jsch-0.1.55.jar:?]
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:441) ~[jsch-0.1.55.jar:?]
    at org.apache.camel.component.file.remote.SftpOperations.createSession(SftpOperations.java:233) ~[camel-ftp-3.10.0.jar:3.10.0]
    at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:125) ~[camel-ftp-3.10.0.jar:3.10.0]
    ... 8 more
dependencies

In the project pom I have

  • org.apache.camel.springboot:camel-ftp-starter
  • com.github.mwiede:jsch:0.1.63
mvn dependency:tree -Dincludes=com.jcraft:jsch
[INFO] Scanning for projects...
[INFO] 
[INFO] --------< com.project >---------
[INFO] Building com.project
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ com.project ---
[INFO] com.project:jar:${sha1}
[INFO] \- org.apache.camel.springboot:camel-ftp-starter:jar:3.10.0:compile
[INFO]    \- org.apache.camel:camel-ftp:jar:3.10.0:compile
[INFO]       \- com.jcraft:jsch:jar:0.1.55:compile
aSemy
  • 5,485
  • 2
  • 25
  • 51
  • the tickets you are referring to talk about a different ssh implementation that Jsch, so I am not sure, whether they are related. please check the Jsch package version, you have in your classpath. the original Jsch does not support Openssh key format, only jsch fork from https://github.com/mwiede/jsch – Matthias Wiedemann Jun 11 '21 at 14:20
  • I don't have a direct dependency on jsch. I've added mwiede's version to the pom, but that can't override the version that camel-sftp uses, can it? – aSemy Jun 11 '21 at 18:42
  • yes you can replace artifacts using maven. First take the one you want as a new dependency and second exclude the one from all artifacts it pulls it in (in your case camel-ftp-starter) – Matthias Wiedemann Jun 11 '21 at 21:24

1 Answers1

2

To replace the Jsch library, which is brought in by camel-ftp-starter, you can use the exclude tag like the following:

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>
        <!-- First define the library of jsch fork -->
        <dependency>
            <groupId>com.github.mwiede</groupId>
            <artifactId>jsch</artifactId>
            <version>0.1.63</version>
        </dependency>
        <dependency>
            <groupId>org.apache.camel.springboot</groupId>
            <artifactId>camel-ftp-starter</artifactId>
            <version>3.9.0</version>
            <!-- exclude original jsch -->
            <exclusions>
                <exclusion>
                    <artifactId>jsch</artifactId>
                    <groupId>com.jcraft</groupId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

Make sure, that no other dependency pulls the jcraft.jsch artifact.

Matthias Wiedemann
  • 1,313
  • 12
  • 22
  • Many thanks! This has helped with RSA keys. I can now connect with camel-sftp to a sftp server with both `BEGIN RSA PRIVATE KEY` and `BEGIN OPENSSH PRIVATE KEY` files. But it doesn't work with ed25519 keys - `com.jcraft.jsch.JSchException: Auth cancel`. I'll try and get more info. – aSemy Jun 15 '21 at 07:10
  • 1
    ok, be aware that com.github.mwiede:jsch uses JEP 339 to support ed25519. This means, it is only supported with Java 15 minimum. – Matthias Wiedemann Jun 15 '21 at 09:00
  • Hello @aSemy I have exactely the same issue! did you find a solution for ed25519 keys? many thanks ! – altd Jul 13 '21 at 16:46
  • Hi @altd - Adding manual exclusions for `com.jsch:jsch` and adding mwiede as a replacement resolved some issues. I couldn't upgrade from jdk11 to jdk15+, so I couldn't get ed25519 keys working. I've moved on to another project now. – aSemy Jul 15 '21 at 06:04
  • 1
    Thanks @aSemy for your answer ! – altd Jul 15 '21 at 08:50