You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Martin Lichtin <li...@yahoo.com> on 2018/12/22 16:02:13 UTC
Karaf 4.1.7 - how to do password-less login using public/private
key-pair?
Hi Karaf Users
Can someone confirm password-less login using a public/private key-pair works with Karaf 4.1.7?
It's documented at: http://karaf.apache.org/manual/latest/#_managing_authentication_by_key
I cannot get it work and wondering if I'm doing something wrong. Steps I did to test the feature:
ssh-keygen -t dsa -f karaf.id_dsa # enter nothing for the passphrase
# add a "karaf" entry with the generated public key
vi apache-karaf-4.1.7/etc/keys.properties
# start Karaf
apache-karaf-4.1.7/bin/karaf server
# try to connect without providing a password
ssh -p 8101 -i ./karaf.id_dsa karaf@localhost
Password authentication
Password:
So it still prompts for a password... the public/private key-pair approach doesn't work in Karaf 4.1.7 :-(
I tried 4.1.5, 4.1.6, it also does not work. However, same approach works fine in 4.0.10.
- Martin
Re: Karaf 4.1.7 - how to do password-less login using public/private
key-pair?
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Thanks for the update.
I'm fixing that.
Regards
JB
On 23/12/2018 09:38, Martin Lichtin wrote:
> This issue is caused by KARAF-5330.
> A new role "ssh" was introduced, and that new role was not added to
> keys.properties.
> Once done
>
> _g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
>
> the key based login also works again. This seems to be broken in 4.1 and
> 4.2.
>
> - Martin
>
>
> On 22.12.2018 17:02, Martin Lichtin wrote:
>> Hi Karaf Users
>>
>> Can someone confirm password-less login using a public/private
>> key-pair works with Karaf 4.1.7?
>> It's documented at:
>> http://karaf.apache.org/manual/latest/#_managing_authentication_by_key
>>
>> I cannot get it work and wondering if I'm doing something wrong. Steps
>> I did to test the feature:
>>
>> ssh-keygen -t dsa -f karaf.id_dsa # enter nothing for the passphrase
>>
>> # add a "karaf" entry with the generated public key
>> vi apache-karaf-4.1.7/etc/keys.properties
>>
>> # start Karaf
>> apache-karaf-4.1.7/bin/karaf server
>>
>> # try to connect without providing a password
>> ssh -p 8101 -i ./karaf.id_dsa karaf@localhost
>> Password authentication
>> Password:
>>
>> So it still prompts for a password... the public/private key-pair
>> approach doesn't work in Karaf 4.1.7 :-(
>>
>> I tried 4.1.5, 4.1.6, it also does not work. However, same approach
>> works fine in 4.0.10.
>>
>> - Martin
>>
>>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 4.1.7 - how to do password-less login using public/private
key-pair?
Posted by Martin Lichtin <li...@yahoo.com>.
This issue is caused by KARAF-5330.
A new role "ssh" was introduced, and that new role was not added to keys.properties.
Once done
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
the key based login also works again. This seems to be broken in 4.1 and 4.2.
- Martin
On 22.12.2018 17:02, Martin Lichtin wrote:
> Hi Karaf Users
>
> Can someone confirm password-less login using a public/private key-pair works with Karaf 4.1.7?
> It's documented at: http://karaf.apache.org/manual/latest/#_managing_authentication_by_key
>
> I cannot get it work and wondering if I'm doing something wrong. Steps I did to test the feature:
>
> ssh-keygen -t dsa -f karaf.id_dsa # enter nothing for the passphrase
>
> # add a "karaf" entry with the generated public key
> vi apache-karaf-4.1.7/etc/keys.properties
>
> # start Karaf
> apache-karaf-4.1.7/bin/karaf server
>
> # try to connect without providing a password
> ssh -p 8101 -i ./karaf.id_dsa karaf@localhost
> Password authentication
> Password:
>
> So it still prompts for a password... the public/private key-pair approach doesn't work in Karaf 4.1.7 :-(
>
> I tried 4.1.5, 4.1.6, it also does not work. However, same approach works fine in 4.0.10.
>
> - Martin
>
>
Re: Karaf 4.1.7 - how to do password-less login using public/private
key-pair?
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Martin,
Thanks for the report. I created KARAF-6058 as it should work out of the
box (bouncy castle is not required for this part).
I keep you posted.
Regards
JB
On 22/12/2018 17:02, Martin Lichtin wrote:
> Hi Karaf Users
>
> Can someone confirm password-less login using a public/private key-pair
> works with Karaf 4.1.7?
> It's documented at:
> http://karaf.apache.org/manual/latest/#_managing_authentication_by_key
>
> I cannot get it work and wondering if I'm doing something wrong. Steps I
> did to test the feature:
>
> ssh-keygen -t dsa -f karaf.id_dsa # enter nothing for the passphrase
>
> # add a "karaf" entry with the generated public key
> vi apache-karaf-4.1.7/etc/keys.properties
>
> # start Karaf
> apache-karaf-4.1.7/bin/karaf server
>
> # try to connect without providing a password
> ssh -p 8101 -i ./karaf.id_dsa karaf@localhost
> Password authentication
> Password:
>
> So it still prompts for a password... the public/private key-pair
> approach doesn't work in Karaf 4.1.7 :-(
>
> I tried 4.1.5, 4.1.6, it also does not work. However, same approach
> works fine in 4.0.10.
>
> - Martin
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com