search

magento / community-features

Magento Features Development is an Initiative to Allows Community Memebers Join to Development of Magento Features
46 stars 18 forks source link

\Magento\Framework\Filesystem\Io\Sftp #308

Open dfelton opened 3 years ago

dfelton commented 3 years ago

We currently have a \Magento\Framework\Filesystem\Io\Ftp class. And this does support FTPS connections, but does not appear to support SFTP connections.

Currently, per the coding standards, direct usage of ssh2_* functions is discouraged, with no alternatives offered.

It would be nice if \Magento\Framework\Filesystem\Io\Sftp supported authenticating with public / private key-pairs.

While not applicable to my current project, I have worked in projects in the past where the system admins prohibited authentication with username / password authentication between internal systems, and enforced that authentication be done with public / private key-pairs that were then maintained by the system admins and regularly rotated. If this were a requirement in my current project today, my only option would be to violate Magento coding standards write my own class to implement this feature the native Sftp lacks.

m2-assistant[bot] commented 3 years ago

Hi @dfelton. Thank you for your report. To help us process this issue please make sure that you provided sufficient information.

Please, add a comment to assign the issue: @magento I am working on this

dfelton commented 3 years ago

Not sure how I missed this but the Sftp class has existed for half a decade now.

Reviewing the code however, I do see the Sftp class is lacking the ability to specify a private SSH key, as the open method always expects a username & password in the $args array, and doesn't look for any public / private key.

Digging further, I do see that the phpseclib library Magento is leaning on, does provide support for public / private key authentication. Example provided here: http://web.archive.org/web/20180601233146/http://phpseclib.sourceforge.net:80/ssh/2.0/auth.html

Since phpseclib's SFTP class extends the SSH2 class, these methods are also available.

Last minor note: phpseclib claims it works "without any PHP extensions", where I know that PHP's ssh2_* methods require php.ini load the ssh2 PHP extension.

TL;DR: I think it is best Magento stick with the current phpseclib implementation and just improve upon it to add public / private key pair authentication. Original description updated to reflect this new information.