Skip to end of metadata
Go to start of metadata

Summary

JOE Profile Window

Using the JOE menu options File->FTP/SFTP->Open Directory opens the profile window.

 

In the profile window select the protocol SFTP from the list box with the same name.

Using the SFTP protocol suggests to specify authentication methods with the SFTP tab of this window.

JOE SFTP Authentication Methods Window

Using the SFTP tab from the Profile Window shows the following tab window:

 

A user name has to be specified independently from the authentication methods to be used.

 

Keep in mind that all authentication methods have to be enabled accordingly with the SSH server in use.

If in doubt contact your system administrator to check respective settings in sshd_config and related files.

Two-factor Authentication

if the respective checkbox is checked then the following behavior applies:

  • You have to specify both Public / Private Key and one of the Password related authentication methods.
  • JOE will forward the private key and the password to the SSH server and both authentication methods have to match.

Which password related authentication method has to be be used (Password or Keyboard Interactive) depends on the SSH server settings.

  • The following SSH setting would force both Public / Private Key and Password or Keyboard Interactive authentication:
    • AuthenticationMethods publickey,password publickey,keyboard-interactive

No two-factor Authentication

If the respective checkbox is unchecked then the following behavior applies:

  • You can specify any of the authentication methods Public / Private Key, Password or Keyboard Interactive provided that the authentication method is enabled with the SSH server.
  • Should the SSH server be configured to allow a number of alternative authentication methods then the following behavior applies:
    • JOE will try to use Private / Public Key authentication and then Password authentication.
    • If the private key matches then authentication is completed and no Password authentication is performed.
    • Should Public / Private Key authentication fail but subsequent Password authentication be successful then the user is authenticated.
  • You can specify none of the authentication methods Public / Private KeyPassword or Keyboard Interactive. This configuration is used if the user account does not make use of a password, e.g. for anonymous access.

Public / Private Key related Authentication Methods

Use Key Agent

This method makes use of Public / Private Key authentication and retrieves the private key and optionally its passphrase from an SSH Key Agent

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Typically an SSH Key Agent is implemented on top of a credential store or a password manager and would forward credentials if requested by JOE.

  • The password manager KeePass offers installation of an SSH Key Agent plugin that suggests a good match for a secure credential store with SSH Key Agent support.
  • SOS performs regular tests for use of JobScheduler components with KeePass and Key Agent.
  • Other SSH Key Agent products can be used provided that they are compliant with the SSH Key Agent standard.

Use Private Key File

This method makes use of Public / Private Key authentication and retrieves the private key from the file system location that you specify with JOE.

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Passphrase Interactive

This setting can be used if the private key file is protected by a passphrase.

JOE forces interactive user input to enter the password.

Use Passphrase stored with JOE

This setting can be used if the private key file is protected by a passphrase.

The passphrase is stored with the JOE configuration and is obfuscated but is not encrypted. JOE will automatically use the passphrase, i.e. no  user interaction is required.

This method is not considered a secure way to handle passphrases, however, for uncritical environments you might consider this a viable approach.

Password related Authentication Methods

Keyboard Interactive

This method indicates that the password has to be typed from the keyboard, it cannot be stored with JOE.

  • The SSH server has to be configured like this:
    • ChallengeResponseAuthentication yes

Password Interactive

This method indicates that Password authentication is used, however, the password is not stored with JOE but has to be typed interactively.

  • The SSH server has to be configured like this:
    • PasswordAuthentication yes

Password stored with JOE

This method makes use of Password authentication.

  • The SSH server has to be configured like this:
    • PasswordAuthentication yes

The password is stored with the JOE configuration and is obfuscated but is not encrypted. JOE will automatically use the password, i.e. no  user interaction is required.

This method is not considered a secure way to handle passwords, however, for uncritical environments you might consider this a viable approach.

Logging

Starting from  FEATURE AVAILABILITY STARTING FROM RELEASE 1.12.10  JOE ships with the ./lib/JOE-log4j.properties configuration file that looks like this, see  SET-177 - Getting issue details... STATUS

JOE-log4j.properties
log4j.rootLogger=error, stdout, joe
 
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%5p] (%F:%L) - %m%n

log4j.appender.joe=org.apache.log4j.FileAppender
log4j.appender.joe.Append=false
log4j.appender.joe.layout=org.apache.log4j.EnhancedPatternLayout
log4j.appender.joe.layout.ConversionPattern=%d{ISO8601}{Europe/Berlin} %c [%-5p] - %m%n
log4j.appender.joe.File=${SCHEDULER_DATA}/logs/JOE.log

Explanations:

  • Line 1: by default exclusively errors and output to stdout is logged.
    • Modify this setting to "debug, stdout, joe" to receive detailed debug information about SSH key exchange.
  • Line 11: the location of the log file is the ./logs folder of the JOE configuration directory.

 

 

 

 

 

  • No labels
Write a comment…