Public key auth for sftp


(James Ring) #1

Currently the SFTP resource resolver currently doesn’t support public key authentication. For whatever reason, our team would like to authenticate the people who are downloading artifacts from our Maven repository (we don’t need authenticated publishing, we have rsync and ssh for that).

Are there plans to support SFTP public key authentication for Maven repositories?

If not, would such a contribution be welcome? How long might it take to get into a widely-available Gradle release?

Thanks,
James


(Mark Vieira) #2

There are no plans at the moment to support this. Overall we’d like to develop a better framework for supporting different types of credentials. If this is something you’d like to contribute the best way to begin would be to start a discussion on the mailing list. That said, we are a bit backed up at the moment with regards to pull requests so it might take some time before we get a chance to review and merge anything.


(James Ring) #3

We ended up going with a HTTPS client certificate requirement. It’s a little bit of a hassle for the client to set up, because it involves adding a new signing CA to their JVM cacerts, but it will do for now.

Thanks,
James


(Martin Vysny) #4

Good day, is there please perhaps any progress on this? This discussion is quite old and the SFTP public key auth has perhaps been implemented?
Thank you