Can Maven Wagon plugin use a private key for scp?

Question

Can Maven Wagon plugin be configured to use a private key for ssh/scp? Everything I've tried still leaves maven to ask me for a password when it gets to the point of scp-ing.

Answer 1

I found the necessary info here: http://maven.apache.org/plugins/maven-deploy-plugin/examples/deploy-ssh-external.html

Answer 2

You should be able to specify the path to the private key in the server element in your settings.xml:

The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml.

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd"&gt;
  ...
  <servers>
    <server>
      <id>server001</id>
      <username>my_login</username>
      <password>my_password</password>
      <privateKey>${user.home}/.ssh/id_dsa</privateKey>
      <passphrase>some_passphrase</passphrase>
      <filePermissions>664</filePermissions>
      <directoryPermissions>775</directoryPermissions>
      <configuration></configuration>
    </server>
  </servers>
  ...
</settings>

• id: This is the ID of the server (not of the user to login as) that matches the id element of the repository/mirror that Maven tries to connect to.
• username, password: These elements appear as a pair denoting the login and password required to authenticate to this server.
• privateKey, passphrase: Like the previous two elements, this pair specifies a path to a private key (default is ${user.home}/.ssh/id_dsa) and a passphrase, if required. The passphrase and password elements may be externalized in the future, but for now they must be set plain-text in the settings.xml file.
• filePermissions, directoryPermissions: When a repository file or directory is created on deployment, these are the permissions to use. The legal values of each is a three digit number corresponding to *nix file permissions, ie. 664, or 775.

Note: If you use a private key to login to the server, make sure you omit the <password> element. Otherwise, the key will be ignored.

Password Encryption

A new feature - server password and passphrase encryption has been added to 2.1.x and 3.0 trunks. See details on this page.

Pay a special attention to the "note": If you use a private key to login to the server, make sure you omit the <password> element. Otherwise, the key will be ignored. So the final configuration will be close to:

<settings>
  ...
  <servers>
    <server>
      <id>ssh-repository</id>
      <username>your username in the remote system</username>
      <privateKey>/path/to/your/private/key</privateKey>
      <passphrase>sUp3rStr0ngP4s5wOrD</passphrase><!-- if required --> 
      <configuration>
        ...
      </configuration>
    </server>
  </servers>
  ...
</settings>