karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars Kiesow (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
Date Mon, 14 Nov 2016 17:11:58 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15664431#comment-15664431

Lars Kiesow commented on KARAF-4809:

Please note that while it might be convenient, this bears a high security risk.
If you just start Karaf, you have an open SSH server everyone can connect *with default credentials*
(karaf/karaf) which will let you start, stop and install new karaf features.
In other words, if a user misses to configure this properly, it means that they run something
everyone can connect to and execute arbitrary code on.

Writing somewhere in the documentation that it's risky is one thing, but we all know that
users will not read through the whole Karaf documentation before starting it for the first
time. In fact, from experience, I tend to say that most will not even do that if they are
using Karaf in production as long as it works somehow.

Limiting the SSHd to by default will dramatically reduce this risk. True, other
users on that particular system can still get access via SSH, but they need a login to that
system already which most potential attackers will not have. Hence this will limit the risk

Another option to fix this issue would be to disable the default login mechanisms, forcing
users to actually configure them. But that might be even more inconvenient.

> SSH should not listen to all hosts
> ----------------------------------
>                 Key: KARAF-4809
>                 URL: https://issues.apache.org/jira/browse/KARAF-4809
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.7
>            Reporter: Lars Kiesow
>            Assignee: Jean-Baptiste Onofré
> The default SSH server configuration will make Karaf listen to all hosts. It is usually
good practice to instead listen to localhost only by default to avoid possible security risks
(e.g. accidentally exposing an unconfigured SSH server).
> This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg`

This message was sent by Atlassian JIRA

View raw message