Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.13.2
-
None
Description
The SFTPTransfer class, which is used for SSH communications by the four secure ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a java library called net.schmizz.sshj. This library allows one to restrict what algorithms, ciphers and message authentication codes are used by the ssh client created by that library. However SFTPTransfer is hardcoded to use the DefaultConfig which uses all available options.
I believe it would be beneficial to expose this as a matter of configuration via PropertyDescriptors so that if an operator chose to they could eliminate options that did not fit within their desired security posture.
Attachments
Issue Links
- fixes
-
NIFI-7709 Enable options for sftp connections (the "-o" parameter for sftp command line)
-
- Resolved
-
- links to
