[esb-issues] [JBoss JIRA] Updated: (JBESB-3474) Support Dual Authentication (username/pass and private key) for SFTP listener

Support Dual Authentication (username/pass and private key) for SFTP listener ----------------------------------------------------------------------------- Key: JBESB-3474 URL: https://jira.jboss.org/browse/JBESB-3474 Project: JBoss ESB Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Transports Affects Versions: 4.7 Reporter: Dustin Johnson When creating an SFTP listener, and specifying both a username/password combination and a private key, only the username/password credentials are passed to the FTP server. This can be a problem when an FTP server requires both forms of authentication. The problem appears to occur in org.jboss.internal.soa.esb.util.SecureFtpImpl.java, in initialize(bConnect). It performs the following check: if (m_sPasswd != null) { final UserInfo ui = new SecureFtpUserInfo(null, m_sPasswd) ; session.setUserInfo(ui) ; session.setConfig("PreferredAuthentications", "password,keyboard-interactive") ; } else if (m_oCertificate != null) { // Setup ssh key stuff session.setConfig("PreferredAuthentications", "publickey") ; } The solution may be as simple as removing the else portion, so it always checks for the certificate to be present and adds the credentials regardless of whether a username/password was also presented.