I had a colleague who was having issues with public key authentication with SFTP, so I wanted to be able to set this situation up on my minishift/crc environment in order to figure out how to do this.

In effect, this meant:

  1. Creating an FTP container
  2. Creating new keys
  3. Configuring that container to use key authentication
  4. Testing out that configuration
  5. Creating a new Camel/Fuse application to talk to the FTP server
  6. Configuring the Camel/Fuse application to talk to the FTP server

Create the SFTP container

Thankfully there is already an SFTP container available on dockerhub. We will be able to use this to run an SFTP service with ssh key authentication: https://hub.docker.com/r/atmoz/sftp/

First we need to import the image into Openshift from dockerhub so we can use it:

Now let’s create the container in a new openshift project:

Create the authentication keys

Please note the naming, and that we have chosen to write the file to a local location rather than /home/user/.ssh/id_rsa. The public key will be added into the SFTP container, and clients will use the private key in order to authenticate. I also have an empty passphrase for this, and ensure the keytype is rsa, and that it is output as a PEM.

Configure the SFTP container

Create a user foo in users.conf, and configure the container to use key authentication

Add the users.conf file as a volume for the container to consume

And add the public key as a volume/file for the container to consume

The SFTP container should now be running and configured for key auth.

Test the SFTP Container

We can test connectivity to the SFTP pod by port-forwarding:

By providing the private key, we should be able to connect to the FTP server

Create a new Camel application

Generate these application.properties:

Create a configmap and secret for the application.properties and private key respectively.

Mount the configmap and secret as volumes to the camel application

Getting the latest camel pod log should now reveal that the application is able to connect and poll the SFTP site.

It is worth noting that the camel route ignores the host keys useUserKnownHostsFile=false. And the main camel route is: from("sftp://?preferredAuthentications=publickey&username=&password=&privateKeyFile=&passiveMode=true&disconnect=true&binary=true&useUserKnownHostsFile=false").to("log:hello");