karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject karaf git commit: [KARAF-3621]Generate a more secure host key for SSH by default (cherry picked from commit 025c45f69fb6bda202dee13237a527d8ff8c9034)
Date Wed, 13 May 2015 06:42:22 GMT
Repository: karaf
Updated Branches:
  refs/heads/master 261f30a45 -> 4d9551fdd


[KARAF-3621]Generate a more secure host key for SSH by default
(cherry picked from commit 025c45f69fb6bda202dee13237a527d8ff8c9034)

Conflicts:
	shell/ssh/pom.xml
	shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
	tooling/karaf-maven-plugin/pom.xml


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/4d9551fd
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/4d9551fd
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/4d9551fd

Branch: refs/heads/master
Commit: 4d9551fdd5fd3f175f2b6c53c3e61cb7ecfe9649
Parents: 261f30a
Author: Freeman Fang <freeman.fang@gmail.com>
Authored: Tue May 12 16:58:49 2015 +0800
Committer: Freeman Fang <freeman.fang@gmail.com>
Committed: Wed May 13 14:41:42 2015 +0800

----------------------------------------------------------------------
 .../resources/resources/etc/org.apache.karaf.shell.cfg |  8 ++++----
 .../instance/resources/etc/org.apache.karaf.shell.cfg  |  8 ++++----
 manual/src/main/webapp/users-guide/remote.conf         | 10 +++++-----
 pom.xml                                                |  1 +
 shell/ssh/pom.xml                                      |  6 ++++++
 .../java/org/apache/karaf/shell/ssh/Activator.java     |  4 ++--
 .../src/main/resources/OSGI-INF/metatype/metatype.xml  |  4 ++--
 .../apache/karaf/shell/ssh/KnownHostsManagerTest.java  | 13 ++++++++++++-
 .../karaf/shell/ssh/ServerKeyVerifierImplTest.java     | 13 ++++++++++++-
 9 files changed, 48 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
index 62d9072..589380f 100644
--- a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
+++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
@@ -52,14 +52,14 @@ hostKey = ${karaf.etc}/host.key
 
 #
 # Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
 #
-# keySize = 1024
+# keySize = 4096
 
 #
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
 #
-# algorithm = DSA
+# algorithm = RSA
 
 #
 # Specify an additional welcome banner to be displayed when a user logs into the server.

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
----------------------------------------------------------------------
diff --git a/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
b/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
index c8c6e79..2a51580 100644
--- a/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
+++ b/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
@@ -52,14 +52,14 @@ hostKey = ${karaf.etc}/host.key
 
 #
 # Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
 #
-# keySize = 1024
+# keySize = 4096
 
 #
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
 #
-# algorithm = DSA
+# algorithm = RSA
 
 #
 # Specify an additional welcome banner to be displayed when a user logs into the server.

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/manual/src/main/webapp/users-guide/remote.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/users-guide/remote.conf b/manual/src/main/webapp/users-guide/remote.conf
index 260e739..fceda30 100644
--- a/manual/src/main/webapp/users-guide/remote.conf
+++ b/manual/src/main/webapp/users-guide/remote.conf
@@ -75,14 +75,14 @@ hostKey = ${karaf.etc}/host.key
 
 #
 # Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
 #
-# keySize = 1024
+# keySize = 4096
 
 #
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
 #
-# algorithm = DSA
+# algorithm = RSA
 
 #
 # Defines the completion mode on the Karaf shell console. The possible values are:
@@ -406,4 +406,4 @@ Apache Karaf provides a JMX MBeanServer.
 
 This MBeanServer is available remotely, using any JMX client like {{jconsole}}.
 
-You can find details on the [Monitoring section|monitoring] of the user guide.
\ No newline at end of file
+You can find details on the [Monitoring section|monitoring] of the user guide.

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a8b0220..9cb597b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -140,6 +140,7 @@
         <commons-jexl.version>2.1.1</commons-jexl.version>
         <commons-lang.version>2.6</commons-lang.version>
         <commons-pool.version>1.6</commons-pool.version>
+        <commons-io.version>2.4</commons-io.version>
         <dom4j.bundle.version>1.6.1_5</dom4j.bundle.version>
         <jasypt.bundle.version>1.9.2_1</jasypt.bundle.version>
         <jolokia.version>1.3.0</jolokia.version>

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/pom.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/pom.xml b/shell/ssh/pom.xml
index 3e45dde..8b9180f 100644
--- a/shell/ssh/pom.xml
+++ b/shell/ssh/pom.xml
@@ -83,6 +83,12 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>${commons-io.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
index a22f1a3..1b856a8 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
@@ -138,8 +138,8 @@ public class Activator extends BaseActivator implements ManagedService
{
         String sshRealm       = getString("sshRealm", "karaf");
         String hostKey        = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
         String authMethods    = getString("authMethods", "keyboard-interactive,password,publickey");
-        int keySize           = getInt("keySize", 1024);
-        String algorithm      = getString("algorithm", "DSA");
+        int keySize           = getInt("keySize", 4096);
+        String algorithm      = getString("algorithm", "RSA");
         String macs           = getString("macs", "hmac-sha1");
         String ciphers        = getString("ciphers", "aes256-ctr,aes192-ctr,aes128-ctr,arcfour256");
         String welcomeBanner  = getString("welcomeBanner", null);

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml b/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
index 79b2f63..d8b46fb 100644
--- a/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -23,8 +23,8 @@
         <AD id="sshHost" type="String" default="0.0.0.0" name="%sshHost.name" description="%sshHost.description"/>
         <AD id="sshRealm" type="String" default="karaf" name="%sshRealm.name" description="%sshRealm.description"/>
         <AD id="hostKey" type="String" default="${karaf.etc}/host.key" name="%hostKey.name"
description="%hostKey.description"/>
-        <AD id="keySize" type="Integer" default="1024" name="%keySize.name" description="%keySize.description"/>
-        <AD id="algorithm" type="String" default="DSA" name="%algorithm.name" description="%algorithm.description"/>
+        <AD id="keySize" type="Integer" default="4096" name="%keySize.name" description="%keySize.description"/>
+        <AD id="algorithm" type="String" default="RSA" name="%algorithm.name" description="%algorithm.description"/>
     </OCD>
     <Designate pid="org.apache.karaf.shell">
         <Object ocdref="org.apache.karaf.shell"/>

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
index a4a939a..31ffa7a 100644
--- a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
+++ b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
@@ -29,13 +29,24 @@ import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
 
 import org.junit.Assert;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class KnownHostsManagerTest {
-	private static final String ALGORITHM = "DSA";
+
+	private static String ALGORITHM;
+	private static int KEY_SIZE;
+
+	@BeforeClass
+	public static void init() throws IOException {
+		// test key algorithm and size as configured...
+		ALGORITHM = "RSA";
+		KEY_SIZE = 4096;
+	}
 
 	private PublicKey createPubKey() throws NoSuchAlgorithmException {
 		KeyPairGenerator gen = KeyPairGenerator.getInstance(ALGORITHM);
+		gen.initialize(KEY_SIZE);
 		KeyPair keyPair = gen.generateKeyPair();
 		return keyPair.getPublic();
 	}

http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
index 63f8ac2..83f52ff 100644
--- a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
+++ b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.karaf.shell.ssh;
 
+import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.KeyPair;
@@ -28,15 +29,25 @@ import java.security.spec.InvalidKeySpecException;
 
 import org.easymock.EasyMock;
 import org.junit.Assert;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class ServerKeyVerifierImplTest {
 
 	private static final InetSocketAddress LOCALHOST = new InetSocketAddress("localhost", 1001);
-	private static final String ALGORITHM = "DSA";
+	private static String ALGORITHM;
+	private static int KEY_SIZE;
+
+	@BeforeClass
+	public static void init() throws IOException {
+		// test key algorithm and size as configured...
+		ALGORITHM = "RSA";
+		KEY_SIZE = 4096;
+	}
 
 	private PublicKey createPubKey() throws NoSuchAlgorithmException {
 		KeyPairGenerator gen = KeyPairGenerator.getInstance(ALGORITHM);
+		gen.initialize(KEY_SIZE);
 		KeyPair keyPair = gen.generateKeyPair();
 		return keyPair.getPublic();
 	}


Mime
View raw message