Repository: karaf
Updated Branches:
refs/heads/master 261f30a45 -> 4d9551fdd
[KARAF-3621]Generate a more secure host key for SSH by default
(cherry picked from commit 025c45f69fb6bda202dee13237a527d8ff8c9034)
Conflicts:
shell/ssh/pom.xml
shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
tooling/karaf-maven-plugin/pom.xml
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/4d9551fd
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/4d9551fd
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/4d9551fd
Branch: refs/heads/master
Commit: 4d9551fdd5fd3f175f2b6c53c3e61cb7ecfe9649
Parents: 261f30a
Author: Freeman Fang <[email protected]>
Authored: Tue May 12 16:58:49 2015 +0800
Committer: Freeman Fang <[email protected]>
Committed: Wed May 13 14:41:42 2015 +0800
----------------------------------------------------------------------
.../resources/resources/etc/org.apache.karaf.shell.cfg | 8 ++++----
.../instance/resources/etc/org.apache.karaf.shell.cfg | 8 ++++----
manual/src/main/webapp/users-guide/remote.conf | 10 +++++-----
pom.xml | 1 +
shell/ssh/pom.xml | 6 ++++++
.../java/org/apache/karaf/shell/ssh/Activator.java | 4 ++--
.../src/main/resources/OSGI-INF/metatype/metatype.xml | 4 ++--
.../apache/karaf/shell/ssh/KnownHostsManagerTest.java | 13 ++++++++++++-
.../karaf/shell/ssh/ServerKeyVerifierImplTest.java | 13 ++++++++++++-
9 files changed, 48 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
----------------------------------------------------------------------
diff --git
a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
index 62d9072..589380f 100644
---
a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
+++
b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.shell.cfg
@@ -52,14 +52,14 @@ hostKey = ${karaf.etc}/host.key
#
# Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
#
-# keySize = 1024
+# keySize = 4096
#
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
#
-# algorithm = DSA
+# algorithm = RSA
#
# Specify an additional welcome banner to be displayed when a user logs into
the server.
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
----------------------------------------------------------------------
diff --git
a/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
b/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
index c8c6e79..2a51580 100644
---
a/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
+++
b/instance/src/main/resources/org/apache/karaf/instance/resources/etc/org.apache.karaf.shell.cfg
@@ -52,14 +52,14 @@ hostKey = ${karaf.etc}/host.key
#
# Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
#
-# keySize = 1024
+# keySize = 4096
#
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
#
-# algorithm = DSA
+# algorithm = RSA
#
# Specify an additional welcome banner to be displayed when a user logs into
the server.
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/manual/src/main/webapp/users-guide/remote.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/users-guide/remote.conf
b/manual/src/main/webapp/users-guide/remote.conf
index 260e739..fceda30 100644
--- a/manual/src/main/webapp/users-guide/remote.conf
+++ b/manual/src/main/webapp/users-guide/remote.conf
@@ -75,14 +75,14 @@ hostKey = ${karaf.etc}/host.key
#
# Self defined key size in 1024, 2048, 3072, or 4096
-# If not set, this defaults to 1024.
+# If not set, this defaults to 4096.
#
-# keySize = 1024
+# keySize = 4096
#
-# Specify host key algorithm, defaults to DSA
+# Specify host key algorithm, defaults to RSA
#
-# algorithm = DSA
+# algorithm = RSA
#
# Defines the completion mode on the Karaf shell console. The possible values
are:
@@ -406,4 +406,4 @@ Apache Karaf provides a JMX MBeanServer.
This MBeanServer is available remotely, using any JMX client like {{jconsole}}.
-You can find details on the [Monitoring section|monitoring] of the user guide.
\ No newline at end of file
+You can find details on the [Monitoring section|monitoring] of the user guide.
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a8b0220..9cb597b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -140,6 +140,7 @@
<commons-jexl.version>2.1.1</commons-jexl.version>
<commons-lang.version>2.6</commons-lang.version>
<commons-pool.version>1.6</commons-pool.version>
+ <commons-io.version>2.4</commons-io.version>
<dom4j.bundle.version>1.6.1_5</dom4j.bundle.version>
<jasypt.bundle.version>1.9.2_1</jasypt.bundle.version>
<jolokia.version>1.3.0</jolokia.version>
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/pom.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/pom.xml b/shell/ssh/pom.xml
index 3e45dde..8b9180f 100644
--- a/shell/ssh/pom.xml
+++ b/shell/ssh/pom.xml
@@ -83,6 +83,12 @@
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>${commons-io.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
index a22f1a3..1b856a8 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
@@ -138,8 +138,8 @@ public class Activator extends BaseActivator implements
ManagedService {
String sshRealm = getString("sshRealm", "karaf");
String hostKey = getString("hostKey",
System.getProperty("karaf.etc") + "/host.key");
String authMethods = getString("authMethods",
"keyboard-interactive,password,publickey");
- int keySize = getInt("keySize", 1024);
- String algorithm = getString("algorithm", "DSA");
+ int keySize = getInt("keySize", 4096);
+ String algorithm = getString("algorithm", "RSA");
String macs = getString("macs", "hmac-sha1");
String ciphers = getString("ciphers",
"aes256-ctr,aes192-ctr,aes128-ctr,arcfour256");
String welcomeBanner = getString("welcomeBanner", null);
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
b/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
index 79b2f63..d8b46fb 100644
--- a/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/shell/ssh/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -23,8 +23,8 @@
<AD id="sshHost" type="String" default="0.0.0.0" name="%sshHost.name"
description="%sshHost.description"/>
<AD id="sshRealm" type="String" default="karaf" name="%sshRealm.name"
description="%sshRealm.description"/>
<AD id="hostKey" type="String" default="${karaf.etc}/host.key"
name="%hostKey.name" description="%hostKey.description"/>
- <AD id="keySize" type="Integer" default="1024" name="%keySize.name"
description="%keySize.description"/>
- <AD id="algorithm" type="String" default="DSA" name="%algorithm.name"
description="%algorithm.description"/>
+ <AD id="keySize" type="Integer" default="4096" name="%keySize.name"
description="%keySize.description"/>
+ <AD id="algorithm" type="String" default="RSA" name="%algorithm.name"
description="%algorithm.description"/>
</OCD>
<Designate pid="org.apache.karaf.shell">
<Object ocdref="org.apache.karaf.shell"/>
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
----------------------------------------------------------------------
diff --git
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
index a4a939a..31ffa7a 100644
---
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
+++
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KnownHostsManagerTest.java
@@ -29,13 +29,24 @@ import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import org.junit.Assert;
+import org.junit.BeforeClass;
import org.junit.Test;
public class KnownHostsManagerTest {
- private static final String ALGORITHM = "DSA";
+
+ private static String ALGORITHM;
+ private static int KEY_SIZE;
+
+ @BeforeClass
+ public static void init() throws IOException {
+ // test key algorithm and size as configured...
+ ALGORITHM = "RSA";
+ KEY_SIZE = 4096;
+ }
private PublicKey createPubKey() throws NoSuchAlgorithmException {
KeyPairGenerator gen = KeyPairGenerator.getInstance(ALGORITHM);
+ gen.initialize(KEY_SIZE);
KeyPair keyPair = gen.generateKeyPair();
return keyPair.getPublic();
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/4d9551fd/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
----------------------------------------------------------------------
diff --git
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
index 63f8ac2..83f52ff 100644
---
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
+++
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImplTest.java
@@ -18,6 +18,7 @@
*/
package org.apache.karaf.shell.ssh;
+import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.KeyPair;
@@ -28,15 +29,25 @@ import java.security.spec.InvalidKeySpecException;
import org.easymock.EasyMock;
import org.junit.Assert;
+import org.junit.BeforeClass;
import org.junit.Test;
public class ServerKeyVerifierImplTest {
private static final InetSocketAddress LOCALHOST = new
InetSocketAddress("localhost", 1001);
- private static final String ALGORITHM = "DSA";
+ private static String ALGORITHM;
+ private static int KEY_SIZE;
+
+ @BeforeClass
+ public static void init() throws IOException {
+ // test key algorithm and size as configured...
+ ALGORITHM = "RSA";
+ KEY_SIZE = 4096;
+ }
private PublicKey createPubKey() throws NoSuchAlgorithmException {
KeyPairGenerator gen = KeyPairGenerator.getInstance(ALGORITHM);
+ gen.initialize(KEY_SIZE);
KeyPair keyPair = gen.generateKeyPair();
return keyPair.getPublic();
}
