SFTP connection with apache vfs fails but is successful with WinSCP - sftp

I can successfully connect with WinSCP, using given credentials, to SFTP server. But when doing it from java using apache vfs I get error:
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "sftp://username:***#server_addres/".
at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:170)
at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:97)
... 22 more
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:512)
at com.jcraft.jsch.Session.connect(Session.java:183)
at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:166)
I have checked credentials and they are exactly same as those when I try to connect with WinSCP. WinSCP can connect successfully, but my java code gets the above error (Auth fail).
Does anybody has some clue what could be the issue?
Public IP range of the machine I am connecting from has been added to firewall exceptions as trusted IP on the other side.
Please help, any ideas are very much appreciated.
Kind regards,
misamas

The problem was in the password. It contained % sign which is a special character when passed in URI (like pass%word).
So the solution was doing UriParser.encode(sftpUri) before passing it to manager.resolveFile() method like this (in order to replace % sign of password in URI with its hex code %25):
import org.apache.commons.vfs2.provider.UriParser;
...
String sftpUri = String.format("sftp://%s:%s#%s/%s/%s", configData.getUserId(), configData.getPassword(), configData.getServerAddress(),
configData.getRemoteDirectory(), configData.getFileName());
String sftpUriEncoded = UriParser.encode(sftpUri);
FileObject remoteFile = manager.resolveFile(sftpUriEncoded, options);

Related

How to connect R to Clickhouse?

I am new to Clickhouse and am experiencing difficulties connecting R to Clickhouse.
con <- DBI::dbConnect(RClickhouse::clickhouse(),host="srv-clickhouse",username="user",
password="pw")
This returns the error
Error in connect(config[["host"]], strtoi(config[["port"]]), config[["db"]], :
DB::Exception: default: Authentication failed: password is incorrect or there is no user with such name
There definitely has to be a user by that name and password which leads me to believe that I've done something wrong while at the same time I'm not sure what I have to put into the host part of the address, nor the port nor in the beginning. Should I add the full URL to the host part? Right now I'm using RClickhouse but my database uses the port 8123. Is there any kind of proper documentation and how to solve this issue?
Thanks

Not able to connect to snowflake from powerbi using odbc driver

Getting this error.
Details: "ODBC: ERROR [HY000] [Snowflake][Snowflake] (4)
REST request for URL https://jaa09657:443/session/v1/login-request?requestId=5bcbbadc-39d9-4271-9bf3-52393e2539af&request_guid=e145e6e8-502b-40c3-b7f2-4164dfbe6fea&warehouse=COMPUTE_WH failed: CURLerror (curl_easy_perform() failed) - code=5 msg='Couldn't resolve proxy name' osCode=2 osMsg='No such file or directory'.
I think the issue is with your server property, you just have your account name, but you really need the Fully Qualified Domain there. IE:
server=jaa09657..snowflakecomputing.com
Base that on the URL you connect with.
If that does not work, could you provide your entire ODBC config?

RDJDBC::dbConnect failing to connect to HiveServer2 (kerberos +sasl)

I am trying to connect to Hive2 using RJDBC but it failing with "GSS initiate failed". However same things working fine using beeline client. Any idea what may have caused different behavior when running both on same node with same credentials?
drv <- RJDBC::JDBC("org.apache.hive.jdbc.HiveDriver", cp, "`")
following is just for illustrative purpose as I wanted to show what all parameter I am using as JDBC url.
conn <- RJDBC::dbConnect(drv, "jdbc:hive2://node1:10000/default;principal=hive/hive_node#REALM;ssl=true;sslTrustStore=store_path;trustStorePassword=store_password", "user", "password")
log4j:WARN No appenders could be found for logger (org.apache.hive.jdbc.Utils).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Error in .jcall(drv#jdrv, "Ljava/sql/Connection;", "connect", as.character(url)[1], :
java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://:10000/default;principal=hive/hive_node#REALM;ssl=true;sslTrustStore=store_path;trustStorePassword=store_password: GSS initiate failed
A bit late for you, but... look at that post about the details of configuring Kerberos authentication for Hive/Impala JDBC (note also that "user" and "password" connection args are ignored by Kerberos auth)
The post assumes that you have the password stored in a "keytab" file, and use it to create a private Kerberos ticket. If you want to use the default, public ticket instead, then change the JAAS conf accordingly (i.e. useTicketCache=true useKeyTab=false and no keyTab entry)
And to pass the configuration to Java from your R code, the easiest way is to set the JAVA_TOOL_OPTIONS env variable before anything else bootstraps the RJava initialization
Sys.setenv("JAVA_TOOL_OPTIONS"="-Djava.security.auth.login.config=/Path/To/jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false")
PS: on Windows the path would look like C:/Path/To/jaas.conf (Java converts slashes to backslashes automatically; that's easier that escaping each and every backslash because of the way R Strings interpret \)
Final note: if any jerk tags this with "answers should not rely on links", since the aforementioned link points to another post of mine in S.O., then he/she is really a jerk, and I will gladly tell him/her to his/her face, loudly and with exotic words.

SFTP doesn't work with encoded password

We use SFTP in our project to transfer files over an SSH connection. This is done through java code. Assuming that if for characters like ?, ! etc we need to give the encoded value in the sftp command, we encoded the password in the code and generated the command. But SFTP isn't working with these encoded password now, it accepts the password directly. What could be the issue. Please help.
Example username: xyz password: abc!
We use URLEncoder to encode the username and password.
String username= URLEncoder.encode(username, "UTF-8");
String password = URLEncoder.encode(password, "UTF-8");
After encoding Our code would generate SFTP command as : sftp://xyz:abc%21#10.9.10.9/home/documents/xyz.txt
But this isn't working, Authentication fails with wrong password. Where as manually if we give command sftp://xyz:abc!#10.9.10.9/home/documents/xyz.txt it works.
Please let us know if we are going wrong.
Thanks in advance.
That's not actually an issue. SFTP is a subsystem of SSH, and SSH creates a secure channel upon client connection (similarly to what SSL does but at layer 7): once the secure and encrypted connection is established, your username and password will be sent to the SSH server inside such connection, therefore there is no need to encode them nor to encrypt them.
The SSH server expects to receive your username/password as they are, not pre-processed nor encoded. And you can do that safely with SFTP for the reason explained here above. So no reason to be worried.

Calling https process from ASP Net

I have an ASP NET web server application that calls another process running on the same box that creates a pdf file and returns it. The second process requires a secure connection via SSL.
The second process has issued my ASP NET application with a digital certificate but I still cannot authenticate, getting a 403 error.
The code is a little hard to show but here's a simplified method ...
X509Certificate cert = X509Certificate.CreateFromCertFile("path\to\cert.cer");
string URL = "https://urltoservice?params=value";
HttpWebRequest req = HttpWebRequest.Create(URL) as HttpWebRequest;
req.ClientCertificates.Add(cert);
req.Credentials = CredentialCache.DefaultCredentials;
req.PreAuthenticate = true;
/// error happens here
WebResponse resp = req.GetResponse();
Stream input = resp.GetResponseStream();
The error text is "The remote server returned an error: (403) Forbidden."
Any pointers are welcome.
Finally fixed (wasted 6 hours on this *&%$##&)
I needed to grant access to the private keys on the digi cert to the account that the calling ASP.NET application runs under. This account is NETWORK SERVICE by default although you may want to run under a more restricted account.
Access is granted with the winhttpcertcfg tool, here's what got it working for me:
winhttpcertcfg -g -s "cert name" -c "LOCAL_MACHINE\MY" -a "NETWORK SERVICE"
where "cert name" is the CN of the digi cert.
More info at http://support.microsoft.com/kb/901183
Thanks to all who helped out with pointers on how to get this working :)
A 403 sounds like an authorization problem, not an authentication problem. It might be caused by the NTFS security settings on the files and folders accessed by your PDF service. Maybe it doesn't have permission to create the PDF file in the output folder?
Can you install the client certificate into your browser, and then access your PDF service through the browser? When you do that, do you still get a 403 or does it work?
Can you temporarily configure the PDF service to allow unencrypted HTTP connections? Does that make the problem go away?
From Windows Explorer, can you grant the "Network Service" account full control over the physical folder corresponding to the root of the PDF service site? Also grant it full control over any other directories it accesses. You should lock things down later after you've figured things out.
Or you can change the application pool to run under a different account - e.g. your own account.
Finally: if you're running IIS 7, you can turn on failed request tracing, which should give you a lot more info about why it failed.

Resources