SFTP Transport does not restrict access to known hosts only [Jsch StrictHostKeyChecking=yes] option.

Details

Type: Patch submission
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.2.1
Fix Version/s: None
Component/s: Transport: FTP / SFTP
Labels:
None
Environment:

Mule 3.2.1

User impact:
Low
Effort points:
0.5
Migration Impact:

Hide
None. the configuration only adds new attributes. No current attributes are affected.
Code wise, JSch already supports this feature.

Show
None. the configuration only adds new attributes. No current attributes are affected. Code wise, JSch already supports this feature.
Similar Issues:
None

Description

JSch supports concept of StrictHostKeyChecking which is one of ask,yes,no.
For mule, considering it is a non-interactive mode, atleast yes,no can be supported.
sftp connector configuration should support something like this:
<sftp:connector name="sftp-default" strictHostKeyChecking='yes' knownHostsFile='<path-of-known-hosts-file>'/>

note: other attributes deleted for clarity.

If strictHostKeyChecking='yes' and knownHostsFile is not set, drop hostChecking with a warning log.

If strictHostKeyChecking='yes' and knownHostsFile is set,
file is not accessible, throw IOException.

If strictHostKeyChecking='yes' and knownHostsFile is set,
file accessible, set the knownHostsFile to JSch's setHostNames(string fname) and use this during
SFtpClient.login(...) methods.

==
This can be a security concern.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Hide
src.zip

08/Jun/12 08:53 AM

6 kB

Kalyan vennelakanti
src/main/java/.../sftp/SftpClient.java.diff 3 kB

src/main/.../SftpConnectionFactory.java.diff 2 kB

src/main/.../sftp/SftpConnector.java.diff 2 kB

src/main/java/.../sftp/SftpUtil.java.diff 2 kB

src/main/.../META-INF/mule-sftp.xsd.diff 2 kB

Download Zip
Show

src.zip

08/Jun/12 08:53 AM

6 kB

Kalyan vennelakanti

Activity

Hide

Permalink

Kalyan vennelakanti added a comment - 08/Jun/12 08:53 AM

attached zip of diff patches for the resolution of the bug

Show

Kalyan vennelakanti added a comment - 08/Jun/12 08:53 AM attached zip of diff patches for the resolution of the bug

People

Assignee:

Unassigned

Reporter:

Kalyan vennelakanti

Vote (0)

Watch (1)

Dates

Created:

08/Jun/12 07:30 AM

Updated:

12/Jun/12 01:05 PM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified

Agile

View on Board