Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Summary

  • Since the earliest releases JOE offers to use an SFTP connection to read and write job-related files on a remote server with JobScheduler Master, for details see  However, such authentication methods were restricted to use of public/private keys and to use of a password.
  • Starting from 
    Display feature availability
    StartingFromRelease1.12.10
     JOE offers use of an increased number of authentication methods and , their combination and supports use of an SSH Key Agent.
    • Jira
      serverSOS JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId6dc67751-9d67-34cd-985b-194a8cdc9602
      keyJOE-286

JOE Profile Window

Using the JOE menu options File->FTP/SFTP->Open Directory opens the profile window.

...

Using the SFTP protocol suggests to specify authentication methods with the SFTP tab of this window.

JOE SFTP Authentication Methods Window

Using the SFTP tab from the Profile Window shows the following tab window:

 

A user name has to be specified independently from the authentication methods to be used.

 

Note

Keep in mind that all authentication methods have to be enabled accordingly with the SSH server in use.

If in doubt contact your system administrator to check respective settings in sshd_config and related files.

Two-factor Authentication

if the respective checkbox is checked then the following behavior applies:

  • You have to specify both Public / Private Key and Password  one of the Password related authentication methods.
  • JOE will send forward the private key and the password to the SSH server and both authentication methods have to match.

Which password related authentication method has to be be used (Password,  or Keyboard Interactive) depends on the SSH server settings.

  • The following SSH setting would force both Public / Private Key and Password or Keyboard Interactive authentication:
    • AuthenticationMethods publickey,password publickey,keyboard-interactive

No two-factor Authentication

If the respective checkbox is unchecked then the following behavior applies:

  • You can specify any of the authentication methods Public / Private Key, Password and or Keyboard Interactive provided that the authentication method is enabled with the SSH server.
  • Should the SSH server be configured for to allow a number of alternative authentication methods then the following behavior applies:
    • JOE will try to use Private / Public Key authentication and then Password authentication.
    • If the private key matches then authentication is completed and no Password authentication is performed.
    • Should Public / Private Key authentication fail but subsequent Password authentication be successful then the user is authenticated.
  • You can specify none of the authentication methods Public / Private KeyPassword or Keyboard Interactive. This configuration is used if the user account does not make use of a password, e.g. for anonymous access.

Public / Private Key related Authentication Methods

Use Key Agent

This method makes use of Public / Private Key authentication and retrieves the private key and optionally its passphrase from an SSH Key Agent

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Typically an SSH Key Agent is implemented on top of a credential store or a password manager and would forward credentials if requested by JOE.

  • The password manager KeePass offers installation of an SSH Key Agent plugin that suggests a good match for a secure credential store with SSH Key Agent support.
  • SOS performs regular tests for use of JobScheduler components with KeePass and Key Agent.
  • Other SSH Key Agent products can be used provided that they are compliant with the SSH Key Agent standard.

Use Private Key File

This method makes use of Public / Private Key authentication and retrieves the private key from the file system location that you specify with JOE.

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Passphrase Interactive

This setting can be used if the private key file is protected by a passphrase.

JOE forces interactive user input to type enter the password.

Use Passphrase stored with JOE

This setting can be used if the private key file is protected by a passphrase.

...

This method is not considered a secure way to handle passphrases, however, for uncritical environments you might consider this a viable approach.

Password related Authentication Methods

Keyboard Interactive

...

This method indicates that the password has to be typed from the keyboard, it cannot be stored with JOE.

  • The SSH server has to be configured like this:
    • ChallengeResponseAuthentication yes

Password Interactive

This method indicates that Password authentication is used, however, the password is not stored with JOE but has to be typed interactively.

  • The SSH server has to be configured like this:
    • PasswordAuthentication yes

Password stored with JOE

This method makes use of Password authentication.

...

This method is not considered a secure way to handle passwords, however, for uncritical environments you might consider this a viable approach.

Logging

Starting from 

Display feature availability
StartingFromRelease1.12.10
 JOE ships with the ./lib/JOE-log4j.properties configuration file that looks like this, see 
Jira
serverSOS JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId6dc67751-9d67-34cd-985b-194a8cdc9602
keySET-177

Code Block
titleJOE-log4j.properties
linenumberstrue
collapsetrue
log4j.rootLogger=error, stdout, joe
 
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%5p] (%F:%L) - %m%n

log4j.appender.joe=org.apache.log4j.FileAppender
log4j.appender.joe.Append=false
log4j.appender.joe.layout=org.apache.log4j.EnhancedPatternLayout
log4j.appender.joe.layout.ConversionPattern=%d{ISO8601}{Europe/Berlin} %c [%-5p] - %m%n
log4j.appender.joe.File=${SCHEDULER_DATA}/logs/JOE.log

Explanations:

  • Line 1: by default exclusively errors and output to stdout is logged.
    • Modify this setting to "debug, stdout, joe" to receive detailed debug information about SSH key exchange.
  • Line 11: the location of the log file is the ./logs folder of the JOE configuration directory.