I had a colleague who was having issues with public key authentication with SFTP, so I wanted to be able to set this situation up on my minishift/crc environment in order to figure out how to do this.
In effect, this meant:
- Creating an FTP container
- Creating new keys
- Configuring that container to use key authentication
- Testing out that configuration
- Creating a new Camel/Fuse application to talk to the FTP server
- Configuring the Camel/Fuse application to talk to the FTP server
Create the SFTP container
Thankfully there is already an SFTP container available on dockerhub. We will be able to use this to run an SFTP service with ssh key authentication: https://hub.docker.com/r/atmoz/sftp/
First we need to import the image into Openshift from dockerhub so we can use it:
Now let’s create the container in a new openshift project:
Create the authentication keys
Please note the naming, and that we have chosen to write the file to a local location rather than /home/user/.ssh/id_rsa. The public key will be added into the SFTP container, and clients will use the private key in order to authenticate. I also have an empty passphrase for this, and ensure the keytype is rsa, and that it is output as a PEM.
Configure the SFTP container
Create a user foo in users.conf, and configure the container to use key authentication
Add the users.conf file as a volume for the container to consume
And add the public key as a volume/file for the container to consume
The SFTP container should now be running and configured for key auth.
Test the SFTP Container
We can test connectivity to the SFTP pod by port-forwarding:
By providing the private key, we should be able to connect to the FTP server
Create a new Camel application
Generate these application.properties:
Create a configmap and secret for the application.properties and private key respectively.
Mount the configmap and secret as volumes to the camel application
Getting the latest camel pod log should now reveal that the application is able to connect and poll the SFTP site.
It is worth noting that the camel route ignores the host keys useUserKnownHostsFile=false. And the main camel route is:
from("sftp://?preferredAuthentications=publickey&username=&password=&privateKeyFile=&passiveMode=true&disconnect=true&binary=true&useUserKnownHostsFile=false").to("log:hello");
