The Apache Camel camel-sftp component currently relies on the JSch library, which does not support OpenSSH CA-signed certificates (CertificateFile). As a result, authentication to modern SFTP servers that enforce certificate-based authentication fails with errors such as:

rsa-sha2-512 preauth failure
rsa-sha2-256 preauth failure
ssh-rsa preauth failure

Impact:

Customers cannot use Camel SFTP to connect to SFTP servers that require OpenSSH certificate-based authentication.

This limits adoption in security-sensitive environments, particularly enterprises and financial institutions that mandate CA-signed SSH certificates for compliance.

Workarounds, such as replacing JSch with Apache MINA SSHD, require significant custom code changes and are not supported within the Camel ecosystem.

Proposed Solution:

Enhance camel-sftp to support OpenSSH certificate-based authentication, either by:

Extending JSch to support CA-signed certificates, or

Providing an alternative implementation of camel-sftp based on Apache MINA SSHD, which already supports OpenSSH certificates.

Business Justification:

Aligns Camel SFTP with modern SSH/SFTP server security requirements.

Reduces customer reliance on unsupported workarounds.

Improves the overall security posture of Camel applications by supporting CA-signed certificates out of the box.