SFTP wagon host key requires user input

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SFTP wagon host key requires user input

fhomasp
Hey,


I've been asked to use SFTP to upload artifacts to our webservers using Maven2.  I've gotten this to work like this:

<profile>
            <id>copyDppuwebo01</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.codehaus.mojo</groupId>
                        <artifactId>wagon-maven-plugin</artifactId>
                        <configuration>
                            <fromDir>${build.directory}</fromDir>
                            <includes>${package}</includes>
                            <url>sftp://<servername></url>
                            <toDir>${exportDir}</toDir>
                            <serverId>ontw</serverId>
                        </configuration>
                    </plugin>
                </plugins>
            </build>
            <properties>
                <package>*.ear</package>
            </properties>
        </profile>

This works well on my local machine, however I need to get this to work on the continuous build server Hudson.  The problem is that the SFTP target machine asks to store a host key on the connecting server.  I'd need Hudson to answer "yes" to the question however I can't seem to do this, as it's automated.
Does anyone know how I can store such a key in advance or use a specific tag for this?

I know I can define the target server in the settings.xml with an extra property <privateKey>, so would something similar work as well?  i'm thinking about something like <publicKey>, and/or store the host key on the Hudson server?

Or any other way to resolve this?

Thanks
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SFTP wagon host key requires user input

brettporter
Administrator
Sample configuration for disabling the checking is here:
http://s.apache.org/6En

Alternatively, you can use ssh on the host to ensure the known_host is recorded. It uses the default ~/.ssh/known_hosts file.

- Brett

On 09/09/2010, at 5:57 PM, fhomasp wrote:

>
> Hey,
>
>
> I've been asked to use SFTP to upload artifacts to our webservers using
> Maven2.  I've gotten this to work like this:
>
> <profile>
>            <id>copyDppuwebo01</id>
>            <build>
>                <plugins>
>                    <plugin>
>                        <groupId>org.codehaus.mojo</groupId>
>                        <artifactId>wagon-maven-plugin</artifactId>
>                        <configuration>
>                            <fromDir>${build.directory}</fromDir>
>                            <includes>${package}</includes>
>                            <url>sftp://<servername></url>
>                            <toDir>${exportDir}</toDir>
>                            <serverId>ontw</serverId>
>                        </configuration>
>                    </plugin>
>                </plugins>
>            </build>
>            <properties>
>                <package>*.ear</package>
>            </properties>
>        </profile>
>
> This works well on my local machine, however I need to get this to work on
> the continuous build server Hudson.  The problem is that the SFTP target
> machine asks to store a host key on the connecting server.  I'd need Hudson
> to answer "yes" to the question however I can't seem to do this, as it's
> automated.
> Does anyone know how I can store such a key in advance or use a specific tag
> for this?
>
> I know I can define the target server in the settings.xml with an extra
> property <privateKey>, so would something similar work as well?  i'm
> thinking about something like <publicKey>, and/or store the host key on the
> Hudson server?
>
> Or any other way to resolve this?
>
> Thanks
> --
> View this message in context: http://maven.40175.n5.nabble.com/SFTP-wagon-host-key-requires-user-input-tp2827087p2827087.html
> Sent from the Wagon - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

--
Brett Porter
[hidden email]
http://brettporter.wordpress.com/





---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SFTP wagon host key requires user input

fhomasp
Thanks for the answer,

a quick question about that though before I try.  Won't this deny access to my buildserver?  
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SFTP wagon host key requires user input

fhomasp
Hmm..  So I set this to yes, how do I record the key?

If I do, i get the message that the key is rejected

Tx

[INFO] Unable to create a Wagon instance for scp://dppuwebt01

Embedded error: The host was not known and was not accepted by the configuration
: dppuwebt01
reject HostKey: dppuwebt01
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SFTP wagon host key requires user input

brettporter
Administrator
In reply to this post by fhomasp

On 09/09/2010, at 10:46 PM, fhomasp wrote:

>
> Thanks for the answer,
>
> a quick question about that though before I try.  Won't this deny access to
> my buildserver?  

No... you're on the build server, modifying known_hosts which is outgoing.

On 09/09/2010, at 11:06 PM, fhomasp wrote:

>
> Hmm..  So I set this to yes, how do I record the key?


'Yes' was the default, so no need to set it if you still want to check the known hosts. You can record the key by performing a command line sftp operation on the build host to the target host and accepting the prompt so that it is recorded in ~/.ssh/known_hosts for the build server user. Then Maven will find it in future.

But if you trust the connection, you can safely set the option to 'no' as described and Maven won't ask regardless.

- Brett

--
Brett Porter
[hidden email]
http://brettporter.wordpress.com/





---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...