Mule
  1. Mule
  2. MULE-6288

SFTP Transport does not restrict access to known hosts only [Jsch StrictHostKeyChecking=yes] option.

    Details

    • Type: Patch submission Patch submission
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.2.1
    • Fix Version/s: None
    • Component/s: Transport: FTP / SFTP
    • Labels:
      None
    • Environment:

      Mule 3.2.1

    • User impact:
      Low
    • Effort points:
      0.5
    • Migration Impact:
      Hide
      None. the configuration only adds new attributes. No current attributes are affected.
      Code wise, JSch already supports this feature.
      Show
      None. the configuration only adds new attributes. No current attributes are affected. Code wise, JSch already supports this feature.
    • Similar Issues:
      MULE-6864SFTP: Jsch issue in java 1.7 and Kerberos
      MULE-5862SFTP-transport: upgrade Jsch dependency to jsch-0.1.45
      MULE-6450SFTP transport does not URL encode attributes
      MULE-8230SFTP connect hangs in pre-authenticated phase
      MULE-5877sftp transport does not honor pollingFrequency
      MULE-7175SFTP Transport should provide Size and Timestamp properties
      MULE-7155Add appending support to the SFTP transport
      MULE-5590UDP transport does not allow request-response endpoints
      MULE-7847Upgrade JSCH to version 0.151
      MULE-6988The jetty transport does not have an option to configure the number of acceptor threads

      Description

      JSch supports concept of StrictHostKeyChecking which is one of ask,yes,no.
      For mule, considering it is a non-interactive mode, atleast yes,no can be supported.
      sftp connector configuration should support something like this:
      <sftp:connector name="sftp-default" strictHostKeyChecking='yes' knownHostsFile='<path-of-known-hosts-file>'/>

      note: other attributes deleted for clarity.

      If strictHostKeyChecking='yes' and knownHostsFile is not set, drop hostChecking with a warning log.

      If strictHostKeyChecking='yes' and knownHostsFile is set,
      file is not accessible, throw IOException.

      If strictHostKeyChecking='yes' and knownHostsFile is set,
      file accessible, set the knownHostsFile to JSch's setHostNames(string fname) and use this during
      SFtpClient.login(...) methods.

      ==
      This can be a security concern.

        Activity

        No workflow transitions have been executed yet.

          People

          • Assignee:
            Unassigned
            Reporter:
            Kalyan vennelakanti
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 1 day
              1d
              Remaining:
              Remaining Estimate - 1 day
              1d
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development