karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hendy Irawan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-32) Support ssh public key authentication and agent forwarding
Date Sat, 28 Jul 2012 20:55:35 GMT

    [ https://issues.apache.org/jira/browse/KARAF-32?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424422#comment-13424422
] 

Hendy Irawan commented on KARAF-32:
-----------------------------------

Hey! It works! Tested with 2.3.0-SNAPSHOT.

For those wondering, create ${karaf.home}/etc/keys.properties with the following format :

{code}
# username=<public key>,<roles...>
admin=AAAAB3NzaC1yc2EA......XLQ==,admin
{code}

I looked up the keys.properties format from karaf trunk (3.0.0-SNAPSHOT)

Now you can just ssh admin@hostname and no password. Wonderful !!! :-)
                
> Support ssh public key authentication and agent forwarding
> ----------------------------------------------------------
>
>                 Key: KARAF-32
>                 URL: https://issues.apache.org/jira/browse/KARAF-32
>             Project: Karaf
>          Issue Type: New Feature
>          Components: karaf-shell
>            Reporter: Guillaume Nodet
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 2.2.6, 3.0.0
>
>         Attachments: org.apache.karaf.shell.ssh-2.2.5-pubkey-barecheck.patch, org.apache.karaf.shell.ssh-2.2.5-pubkey-fileinstall.patch,
org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch, org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch
>
>
> The karaf agent needs to be enhanced to be able to set up an ssh agent and use a public/private
key.
> The ssh server need to be configured with a public key authentication that could delegate
to the KeystoreInstance using certificates.
> The goal would be support the following use cases:
>   * once a user is logged into a given karaf instance, he can connect to any other instance
(provided that the public key is supported)
>   * the stop script could use the ssh agent so that you don't need to launch it with
a password on the command line
> A set of commands to administer the keystores might be interesting (maybe a console plugin
too, but we need to check with what Geronimo provides in this area). 
> Btw,  I wonder if Apache Shiro would help in any way for all the security stuff.
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message