I wanted to close the loop here...we did finally get this to work. First, in debugging the Session that was using UserAuthNone.
What ultimately fixed this was setting preferredAuthentications=keyboard-interactive in the production environment. What is odd is that in our dev/test environment having no setting for this worked fine as it used the JSCH options of privatekey,keyboard-interactive,password. It connects on the keyboard-interactive option. However with no setting in production Camel tries forever on the connection (it hangs). Once we explicitly set it to keyboard-interactive it connected. In both dev & production systems if we set preferredAuthentications=password then it failed (did not hang). We have no idea why the JSCH defaults work in one case but not in the other. -Dave On Wed, Mar 8, 2017 at 7:01 AM, finx <[email protected]> wrote: > Hey Dave, > > Try to take a look in which UserAuth implementation you are using. In my > case, I was using com.jcraft.jsch.UserAuthPassword and I could debug and > see that my password changed because I was not using the RAW() function. > > You can see the implementation in your Session class, line 380: > > UserAuth ua=null; > try{ > Class c=Class.forName(getConfig("userauth.none")); > ua=(UserAuth)(c.newInstance()); > } > catch(Exception e){ > throw new JSchException(e.toString(), e); > > } > > > Good luck! > > Abraços, > Luis Felipe - Finx > > On Wed, Mar 8, 2017 at 4:59 AM, Claus Ibsen <[email protected]> wrote: > > > There is camel-exec to call executables such as .exe files. > > http://camel.apache.org/exec > > > > You can also build your own components if you fancy > > > > On Wed, Mar 8, 2017 at 1:16 AM, David Hoffer <[email protected]> wrote: > > > The password does contain @ and # characters. However we are able to > > > connect with those no problem in our test enviornment, no need for the > > > RAW() function. Also it turns out the username contains a '.' > character > > > but here too no problem in our test/dev environment. But in production > > > where we have no control over the remote server it fails to connect. > > Here > > > is a close approximation of the Debug stack trace. > > > > > > Failed delivery for (MesasgeId: ID-xxxxxx) using exchange (Message:bbb) > > > > > > Message exchange has failed so breaking out of pipeline for exchange: > > > Exchange [Message:bbb] Exception: > > > org.apache.camel.component.file.GenericFileOperationFailedException: > > cannot > > > connect to sftp://jms.sftp@ip > > > > > > Done processing file: GenericFile [E:\gangplank\work\filepathhere.txt] > > > > > > Renaming file: GenericFile [E:\filepath] to GenericFile [E:\filepathto > > > .error dir] > > > > > > Caused by: com.jcraft.jsch.JSchException: Auth Fail > > > > > > Caused by com.jcraft.jsch.Session.connect (Session.java: 512) > > > > > > Org.apache.camel.component.file.GenericFileOperationFailedException > > > > > > Org.apache.camel.component.file.remote.sftpOperations.connect > > > (sftpOperations.java: 146) > > > > > > > > > Also the production environment is locked down so that SSH is not > > > accessible for this user but SFTP is. However in production we did > > > temporarily allow SSH and that did not help and also in test/dev we > > > disabled SSH and Camel/JSCH can connect fine. > > > > > > So everything works as expected everywhere expect production where it > > > matters. But in production psftp.exe can connect fine. > > > > > > Does anyone have any ideas how to fix? > > > > > > Does Camel support any other SFTP clients other than JSCH? > > > > > > How about a Camel component that bridges to psftp.exe since that can > > > connect? > > > > > > -Dave > > > > > > On Mon, Mar 6, 2017 at 5:56 AM, finx <[email protected]> wrote: > > > > > >> Yeah... I thought the same, until I got a password with special chars > > and I > > >> spent like two days investigating why the connection fails! > > >> > > >> Not sure if RAW() can be used for other parameters... I think that is > > >> possible, but I never tried. Only can be sure testing it. > > >> > > >> Good luck! > > >> > > >> Abraços, > > >> Luis Felipe - Finx > > >> > > >> On Mon, Mar 6, 2017 at 12:40 AM, David Hoffer <[email protected]> > > wrote: > > >> > > >> > Thanks for the tip I did not know about this. I would think Camel > > would > > >> > want to treat all passwords as raw...can never tolerate those > > changing. > > >> > Once we get back on site (Monday I think) we will give this a > try...I > > >> hope > > >> > this fixes the connection with Camel. > > >> > > > >> > Btw, what if the username or folder had a special character? Can > > RAW() > > >> be > > >> > used for any parameter? > > >> > > > >> > -Dave > > >> > > > >> > On Sat, Mar 4, 2017 at 9:19 AM, finx <[email protected]> > wrote: > > >> > > > >> > > Hi Dave. > > >> > > > > >> > > Does the password have special characters? I faced a similar > > situation, > > >> > and > > >> > > the solution was to use the RAW function ( > > >> > > http://camel.apache.org/how-do-i-configure-password- > > >> > > options-on-camel-endpoints-without-the-value-being-encoded.html) > > >> > > in the password. > > >> > > > > >> > > Abraços, > > >> > > Luis Felipe - Finx > > >> > > > > >> > > On Fri, Mar 3, 2017 at 11:52 PM, David Hoffer <[email protected] > > > > >> > wrote: > > >> > > > > >> > > > We are using password authentication > > >> > > > > > >> > > > We have log4j configured but aren't seeing any connection > > handshake > > >> log > > >> > > > messages with debug enabled but I'm not sure what JSCH (the > actual > > >> > > > connection library) has for logging. > > >> > > > > > >> > > > Our situation is we have an SFTP server that we have no control > > over > > >> > that > > >> > > > is refusing to connect with Camel. However we can connect with > > fsftp > > >> > > > fine. SSH is disabled so cannot connect with putty. However > > when we > > >> > > setup > > >> > > > a similar linux server locally camel connects to it just fine. > We > > >> are > > >> > > > trying to figure out why it fails for this one connection we > have > > no > > >> > > > control or system information of (e.g. we can't get on the box > > that > > >> is > > >> > > > failing to accept our connection and check logs/etc). > > >> > > > > > >> > > > -Dave > > >> > > > > > >> > > > On Fri, Mar 3, 2017 at 5:41 PM, S AR <[email protected]> > > >> wrote: > > >> > > > > > >> > > > > What errors do you receive? > > >> > > > > > > >> > > > > Are you using password authentication or privateKey > > authentication? > > >> > > > > > > >> > > > > If you are using privateKey, Have you generated a private key > > file? > > >> > > > > > > >> > > > > Regarding logging, since camel uses log4j2, you can configure > an > > >> > > appender > > >> > > > > for the classes in the package: org.apache.camel.component. > file > > >> > > > > > > >> > > > > In log4j2, that means, you should have something like this: > > >> > > > > > > >> > > > > appender.mylogger.type = Console > > >> > > > > appender.mylogger.name = MYLOGGER > > >> > > > > appender.mylogger.layout.type = PatternLayout > > >> > > > > appender.mylogger.layout.pattern = %d %p %C{1.} [%t] %m%n > > >> > > > > > > >> > > > > logger.mylogger.name = org.apache.camel.component.file > > >> > > > > logger.mylogger.level = debug > > >> > > > > logger.mylogger.additivity = false > > >> > > > > logger.mylogger.appenderRef.mylogger.ref = MYLOGGER > > >> > > > > > > >> > > > > Regards. > > >> > > > > > > >> > > > > On 03.03.2017 18:16, David Hoffer wrote: > > >> > > > > > > >> > > > > Is there a way to turn on low level logging so we can see why > > Camel > > >> > is > > >> > > > > failing to connect? We can connect to the same server with > > >> puttyftp > > >> > > and > > >> > > > > put files but not with camel...and the errors are not very > > >> detailed. > > >> > > > > > > >> > > > > -Dave > > >> > > > > > > >> > > > > On Fri, Mar 3, 2017 at 9:54 AM, S AR <[email protected] > >< > > >> > mailto: > > >> > > > > [email protected]> wrote: > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > Hello David, > > >> > > > > > > >> > > > > When I work with camel-sftp, The first thing I do is to > manually > > >> > > connect > > >> > > > > to the remote machine via ssh, so that my knownHosts > > >> > > > > (System.getProperty(user.home)/.ssh/known_hosts) file is > > written. > > >> On > > >> > > > > windows, I use cygwin for that. I assume you can do the same > > with > > >> > > putty. > > >> > > > > > > >> > > > > > > >> > > > > You specify the certificate file as an option, as described in > > the > > >> > > > > documentation: http://camel.apache.org/ftp2.html > > >> > > > > > > >> > > > > knownHostFile: path to your known_hosts > > >> > > > > > > >> > > > > privateKeyFile: path to your id_rsa > > >> > > > > > > >> > > > > > > >> > > > > privateKeyFilePassphrase: passphrase of you id_rsa > > >> > > > > > > >> > > > > > > >> > > > > Hope it gives you an idea about where to look at. > > >> > > > > > > >> > > > > > > >> > > > > Good luck. > > >> > > > > > > >> > > > > > > >> > > > > On 03.03.2017 17:32, David Hoffer wrote: > > >> > > > > > > >> > > > > How does Camel handle the SSH cert when connecting to SFTP > > servers? > > >> > > > > Somehow it has to accept the cert provided by the server how > > does > > >> it > > >> > do > > >> > > > > that? > > >> > > > > > > >> > > > > The docs say the default is: > > >> > > > > strictHostKeyChecking=no > > >> > > > > > > >> > > > > What does this mean? Does this mean it will accept every > cert? > > >> > > > > > > >> > > > > What does strictHostKeyChecking=yes mean? > > >> > > > > > > >> > > > > Where does Camel store the cert that it accepted? Can we > > preempt > > >> > this > > >> > > > hole > > >> > > > > process by manually accepting the cert with a different tool, > > eg. > > >> > > > > puttyftp? In this case there would have to be a shared > location > > >> for > > >> > > the > > >> > > > > cert...we are running camel on Windows so I think puttyftp > > stores > > >> the > > >> > > > cert > > >> > > > > in the registry. Where does Camel/JSCH look for certs? > > >> > > > > > > >> > > > > -Dave > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > > > > > > > -- > > Claus Ibsen > > ----------------- > > http://davsclaus.com @davsclaus > > Camel in Action 2: https://www.manning.com/ibsen2 > > >
