You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Wolfgang Glas (Updated) (JIRA)" <ji...@apache.org> on 2012/01/29 18:31:10 UTC

[jira] [Updated] (KARAF-32) Support ssh public key authentication and agent forwarding

     [ https://issues.apache.org/jira/browse/KARAF-32?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wolfgang Glas updated KARAF-32:
-------------------------------

    Attachment: org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch

This patch against karaf-2.2.5 introduces public key authentication to org.apache.karaf.shell.ssh. Unfortunately, it triggers an erro inside the blueprint implementation of aries-0.3.1 when cconverting a doubly-nested generic of type java.util.List<org.apache.sshd.common.NamedFactory<org.apache.sshd.server.UserAuth>>.

Commenting out the setter of userAuthFactories makes the thing work, but the server announces password authentication even when is has been tuned of by the new config option 'authMethods'.

Please help me to further work out this stuff.

TIA and best regards, Wolfgang
                
> Support ssh public key authentication and agent forwarding
> ----------------------------------------------------------
>
>                 Key: KARAF-32
>                 URL: https://issues.apache.org/jira/browse/KARAF-32
>             Project: Karaf
>          Issue Type: New Feature
>            Reporter: Guillaume Nodet
>         Attachments: org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch
>
>
> The karaf agent needs to be enhanced to be able to set up an ssh agent and use a public/private key.
> The ssh server need to be configured with a public key authentication that could delegate to the KeystoreInstance using certificates.
> The goal would be support the following use cases:
>   * once a user is logged into a given karaf instance, he can connect to any other instance (provided that the public key is supported)
>   * the stop script could use the ssh agent so that you don't need to launch it with a password on the command line
> A set of commands to administer the keystores might be interesting (maybe a console plugin too, but we need to check with what Geronimo provides in this area). 
> Btw,  I wonder if Apache Shiro would help in any way for all the security stuff.
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira