This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch worktree-fix+CAMEL-23404 in repository https://gitbox.apache.org/repos/asf/camel.git
commit 85f720f3d2637e2d16c6ffe11454a283b3b7d9e2 Author: Claus Ibsen <[email protected]> AuthorDate: Tue May 12 11:48:59 2026 +0200 CAMEL-23404: Improve SFTP security documentation and add strictHostKeyChecking policy enforcement - Added security="insecure:ssl" annotation to strictHostKeyChecking parameter - Enhanced parameter description to warn about MITM vulnerability when disabled - Added comprehensive Security Best Practices section to sftp-component.adoc - Documented recommended secure configuration patterns with examples - Generated metadata now includes security policy enforcement for strictHostKeyChecking Signed-off-by: Claus Ibsen <[email protected]> --- .../file/remote/BaseSftpConfiguration.java | 6 ++- .../apache/camel/component/file/remote/sftp.json | 2 +- .../camel-ftp/src/main/docs/sftp-component.adoc | 46 ++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/components/camel-ftp-common/src/main/java/org/apache/camel/component/file/remote/BaseSftpConfiguration.java b/components/camel-ftp-common/src/main/java/org/apache/camel/component/file/remote/BaseSftpConfiguration.java index 3bda3e50da4f..1042f63776c1 100644 --- a/components/camel-ftp-common/src/main/java/org/apache/camel/component/file/remote/BaseSftpConfiguration.java +++ b/components/camel-ftp-common/src/main/java/org/apache/camel/component/file/remote/BaseSftpConfiguration.java @@ -47,8 +47,10 @@ public abstract class BaseSftpConfiguration extends RemoteFileConfiguration { @UriParam(label = "security", security = "secret", description = "Sets the known_hosts from the byte array, so that the SFTP endpoint can do host key verification.") private byte[] knownHosts; - @UriParam(defaultValue = "no", enums = "no,yes", label = "security", - description = "Sets whether to use strict host key checking.") + @UriParam(defaultValue = "no", enums = "no,yes", label = "security", security = "insecure:ssl", + description = "Sets whether to use strict host key checking. " + + "Setting this to 'no' (the default) disables host key verification and makes SFTP connections " + + "vulnerable to man-in-the-middle attacks. Use 'yes' in production environments.") private String strictHostKeyChecking = "no"; @UriParam(label = "security", security = "secret", description = "Set the private key file so that the SFTP endpoint can do private key verification.") diff --git a/components/camel-ftp/src/generated/resources/META-INF/org/apache/camel/component/file/remote/sftp.json b/components/camel-ftp/src/generated/resources/META-INF/org/apache/camel/component/file/remote/sftp.json index 5fa1b2c54a38..cf9fd7ee7220 100644 --- a/components/camel-ftp/src/generated/resources/META-INF/org/apache/camel/component/file/remote/sftp.json +++ b/components/camel-ftp/src/generated/resources/META-INF/org/apache/camel/component/file/remote/sftp.json @@ -183,7 +183,7 @@ "privateKeyUri": { "index": 130, "kind": "parameter", "displayName": "Private Key Uri", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": true, "security": "secret", "supportFileReference": true, "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Set the private key [...] "publicKeyAcceptedAlgorithms": { "index": 131, "kind": "parameter", "displayName": "Public Key Accepted Algorithms", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Set a comma separated list of public key accepted algorithms. If [...] "serverHostKeys": { "index": 132, "kind": "parameter", "displayName": "Server Host Keys", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Set a comma separated list of algorithms supported for the server host key. Some examples in [...] - "strictHostKeyChecking": { "index": 133, "kind": "parameter", "displayName": "Strict Host Key Checking", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "java.lang.String", "enum": [ "no", "yes" ], "deprecated": false, "autowired": false, "secret": false, "defaultValue": "no", "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Sets whether to use strict host [...] + "strictHostKeyChecking": { "index": 133, "kind": "parameter", "displayName": "Strict Host Key Checking", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "java.lang.String", "enum": [ "no", "yes" ], "deprecated": false, "autowired": false, "secret": false, "security": "insecure:ssl", "defaultValue": "no", "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Sets [...] "username": { "index": 134, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "Username to use for login" }, "useUserKnownHostsFile": { "index": 135, "kind": "parameter", "displayName": "Use User Known Hosts File", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "configurationClass": "org.apache.camel.component.file.remote.SftpConfiguration", "configurationField": "configuration", "description": "If knownHostFile has not been explicit configured then use the [...] "shuffle": { "index": 136, "kind": "parameter", "displayName": "Shuffle", "group": "sort", "label": "consumer,sort", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "To shuffle the list of files (sort in random order)" }, diff --git a/components/camel-ftp/src/main/docs/sftp-component.adoc b/components/camel-ftp/src/main/docs/sftp-component.adoc index fc11e1728a56..7c99234e85cb 100644 --- a/components/camel-ftp/src/main/docs/sftp-component.adoc +++ b/components/camel-ftp/src/main/docs/sftp-component.adoc @@ -38,6 +38,52 @@ include::partial$component-endpoint-headers.adoc[] == Usage +=== Security Best Practices: Host Key Verification + +WARNING: By default, the SFTP component has `strictHostKeyChecking=no`, which disables host key verification and makes connections vulnerable to man-in-the-middle (MITM) attacks. For production environments, you should enable strict host key checking to ensure you are connecting to the expected server. + +Host key verification prevents MITM attacks by verifying the server's host key against a known list of trusted keys. When `strictHostKeyChecking=yes` is enabled, the SFTP client will reject connections to servers whose host key is not in the known hosts file. + +==== Recommended Secure Configuration + +To enable strict host key checking, set `strictHostKeyChecking=yes` and provide a known hosts file: + +[source,java] +---- +from("sftp://host:22/path"; + + "?username=myuser" + + "&password=secret" + + "&knownHostsFile=/path/to/known_hosts" + + "&strictHostKeyChecking=yes") + .to("direct:result"); +---- + +Alternatively, load the known hosts from the classpath: + +[source,java] +---- +from("sftp://host:22/path"; + + "?username=myuser" + + "&privateKeyFile=/path/to/id_rsa" + + "&knownHostsUri=classpath:known_hosts" + + "&strictHostKeyChecking=yes") + .to("direct:result"); +---- + +If you do not have a known hosts file, you can create one by connecting to the server using the `ssh` command, which will add the host key to `~/.ssh/known_hosts`. By default, the SFTP component will use this file if `useUserKnownHostsFile=true` (which is the default). + +[source,java] +---- +// Uses ~/.ssh/known_hosts by default +from("sftp://host:22/path"; + + "?username=myuser" + + "&privateKeyFile=/path/to/id_rsa" + + "&strictHostKeyChecking=yes") + .to("direct:result"); +---- + +NOTE: When `strictHostKeyChecking=yes` is enabled, Camel's security policy enforcement framework will not flag this as a security violation. The default `strictHostKeyChecking=no` may trigger warnings or failures depending on your configured security policy (see xref:manual::security-policy.adoc[Security Policy] for details). + === OpenSSH Certificate Authentication Camel supports OpenSSH certificate-based authentication for SFTP connections, where a user's public key is signed by a Certificate Authority (CA) rather than being individually authorized on the server. This is common in enterprise environments using tools like HashiCorp Vault or custom CA infrastructure.
