Open dfelton opened 3 years ago
Hi @dfelton. Thank you for your report. To help us process this issue please make sure that you provided sufficient information.
Please, add a comment to assign the issue: @magento I am working on this
Not sure how I missed this but the Sftp class has existed for half a decade now.
Reviewing the code however, I do see the Sftp
class is lacking the ability to specify a private SSH key, as the open method always expects a username & password in the $args
array, and doesn't look for any public / private key.
Digging further, I do see that the phpseclib
library Magento is leaning on, does provide support for public / private key authentication. Example provided here: http://web.archive.org/web/20180601233146/http://phpseclib.sourceforge.net:80/ssh/2.0/auth.html
Since phpseclib's SFTP class extends the SSH2 class, these methods are also available.
Last minor note: phpseclib
claims it works "without any PHP extensions", where I know that PHP's ssh2_*
methods require php.ini load the ssh2
PHP extension.
TL;DR: I think it is best Magento stick with the current phpseclib
implementation and just improve upon it to add public / private key pair authentication. Original description updated to reflect this new information.
We currently have a\Magento\Framework\Filesystem\Io\Ftp
class. And this does supportFTPS
connections, but does not appear to supportSFTP
connections.Currently, per the coding standards, direct usage ofssh2_*
functions is discouraged, with no alternatives offered.It would be nice if
\Magento\Framework\Filesystem\Io\Sftp
supported authenticating with public / private key-pairs.While not applicable to my current project, I have worked in projects in the past where the system admins prohibited authentication with username / password authentication between internal systems, and enforced that authentication be done with public / private key-pairs that were then maintained by the system admins and regularly rotated. If this were a requirement in my current project today, my only option would be
to violate Magento coding standardswrite my own class to implement this feature the native Sftp lacks.