Return-Path: 
 <dev-return-7575-apmail-karaf-dev-archive=karaf.apache.org@karaf.apache.org>
X-Original-To: apmail-karaf-dev-archive@minotaur.apache.org
Delivered-To: apmail-karaf-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 76D3611A67
	for <apmail-karaf-dev-archive@minotaur.apache.org>;
 Fri, 18 Jul 2014 00:39:25 +0000 (UTC)
Received: (qmail 52086 invoked by uid 500); 18 Jul 2014 00:39:25 -0000
Delivered-To: apmail-karaf-dev-archive@karaf.apache.org
Received: (qmail 52045 invoked by uid 500); 18 Jul 2014 00:39:25 -0000
Mailing-List: contact dev-help@karaf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@karaf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@karaf.apache.org>
List-Post: <mailto:dev@karaf.apache.org>
List-Id: <dev.karaf.apache.org>
Reply-To: dev@karaf.apache.org
Delivered-To: mailing list dev@karaf.apache.org
Received: (qmail 52033 invoked by uid 99); 18 Jul 2014 00:39:24 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jul 2014 00:39:24 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of freeman.fang@gmail.com
 designates 209.85.220.50 as permitted sender)
Received: from [209.85.220.50] (HELO mail-pa0-f50.google.com) (209.85.220.50)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jul 2014 00:39:22 +0000
Received: by mail-pa0-f50.google.com with SMTP id et14so4316729pad.37
        for <dev@karaf.apache.org>; Thu, 17 Jul 2014 17:38:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:mime-version:content-type:subject:date:in-reply-to:to
         :references:message-id;
        bh=GgVVA+5dFbFe128NDg0oesUYfAG1pztCwCr5C7gFj3k=;
        b=BBVC7akNKFxnSXNDnz60C7Q1bfBxdElgBoj5d0hF/vlHtmLSRaezb2T1GKaPDEvyEq
         Le2Xb4mlBjdA0mNJsjTQCaWMYsS2yhGbQmw4pDDNeWqhnghnUW34nTEG8T8BqM0OnRoY
         3xtCRFEaRGpUjoJBkhuvixff614w7v/fQTeVguITFYeKu8DNRhR27XUu45/DzOttZFG8
         033N0xW1uSqnbvfKVDk98Da3iFzxd2hAyFb1q04yEZ4fk7MLqviHUZsqFf9x3O1Y2Yfb
         zZDTmhdmkOf1NqmgQUMH+YluTxXdFZZnTUDn4iyqqK5hsAwxhGF2Byu7XkBI6SjEaivo
         mUFQ==
X-Received: by 10.70.88.105 with SMTP id bf9mr935904pdb.54.1405643936440;
        Thu, 17 Jul 2014 17:38:56 -0700 (PDT)
Received: from [192.168.1.100] ([123.119.237.144])
        by mx.google.com with ESMTPSA id q6sm5057039pdp.5.2014.07.17.17.38.53
        for <dev@karaf.apache.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Thu, 17 Jul 2014 17:38:55 -0700 (PDT)
From: Freeman Fang <freeman.fang@gmail.com>
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: multipart/alternative;
 boundary="Apple-Mail=_E0875ED6-2C34-43F3-A417-A70FCAEF505D"
Subject: Re: [PROPOSAL] Remove default ssh key
Date: Fri, 18 Jul 2014 08:38:50 +0800
In-Reply-To: <53C82787.2000009@nanthrax.net>
To: dev@karaf.apache.org
References: <53C82787.2000009@nanthrax.net>
Message-Id: <4E273821-4739-4CC1-88CA-0F35859E9BF4@gmail.com>
X-Mailer: Apple Mail (2.1280)
X-Virus-Checked: Checked by ClamAV on apache.org

--Apple-Mail=_E0875ED6-2C34-43F3-A417-A70FCAEF505D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

+1 to comment out the default public key in keys.properties, it's really =
a security hole.

And about specify the key to bin/client, I just added it weeks ago, =
please see KARAF-3059[1]

[1]https://issues.apache.org/jira/browse/KARAF-3059


=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=
=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D=EF=BC=8D
Freeman(Yue) Fang

Red Hat, Inc.=20
FuseSource is now part of Red Hat



On 2014-7-18, at =E4=B8=8A=E5=8D=883:44, Jean-Baptiste Onofr=C3=A9 =
wrote:

> Hi all,
>=20
> Following a discussion that we had with Christian, I would like to =
raise a concern.
>=20
> Now, on Karaf 2.x/3.x/4.x, the JMX layer is secure using RBAC. The =
MBeanServerBuilder is enabled by default, meaning that it's not possible =
to locally connect to the MBean server.
> I think it's good and secure.
>=20
> However, on the other hand, we have a key enabled by default (in =
etc/keys.properties) and used by default by bin/client.
> So it means that any user that download a Karaf distribution can =
connect to any Karaf runtimes by default.
> On one hand we have a very secure JMX layer (even for local =
connection), but on the other hand, bin/client can connect to any Karaf =
running instance (so not very secure).
>=20
> I would like to propose the following:
> - in etc/keys.properties, we should comment out the default key. We =
can document how to enable it and how to change the keys.
> - in bin/client, we should be able to specify a key that we want to =
use.
>=20
> WDYT ?
>=20
> I already created some Jira about the keys:
> - KARAF-2786: I would change this one by comment out the default key
> - KARAF-2836 to allow to specify multiple keys for an user in =
etc/keys.properties
> - KARAF-2787 to allow to specify the key to bin/client
>=20
> Thanks,
> Regards
> JB
> --=20
> Jean-Baptiste Onofr=C3=A9
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com


--Apple-Mail=_E0875ED6-2C34-43F3-A417-A70FCAEF505D--