karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars Kiesow (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
Date Mon, 14 Nov 2016 09:47:58 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15663317#comment-15663317

Lars Kiesow commented on KARAF-4809:

It is definitely a convenient way to connect remotely to Karaf. But you need to configure
Karaf properly before using it. If only, you need to set a proper user and an SSH key. That
is done easily but it means that you need to modify the configuration anyway and setting `sshHost`
as well is then no big deal.

On the other hand, if SSH listens globally and you do not configure your Karaf properly–which
from my experience, likely a lot of users will not do–everyone can just log into the system
and install and run arbitrary software on that host. That is a major security problem. In
fact, this might happen already if you just try out Karaf and start it up once.  I do not
believe that is a good idea.

> SSH should not listen to all hosts
> ----------------------------------
>                 Key: KARAF-4809
>                 URL: https://issues.apache.org/jira/browse/KARAF-4809
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.7
>            Reporter: Lars Kiesow
>            Assignee: Jean-Baptiste Onofré
> The default SSH server configuration will make Karaf listen to all hosts. It is usually
good practice to instead listen to localhost only by default to avoid possible security risks
(e.g. accidentally exposing an unconfigured SSH server).
> This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg`

This message was sent by Atlassian JIRA

View raw message