[jira] [Commented] (KARAF-32) Support ssh public key authentication and agent forwarding

Sat, 28 Jul 2012 13:55:36 -0700 

    [ 
https://issues.apache.org/jira/browse/KARAF-32?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424422#comment-13424422
 ] 

Hendy Irawan commented on KARAF-32:
-----------------------------------

Hey! It works! Tested with 2.3.0-SNAPSHOT.

For those wondering, create ${karaf.home}/etc/keys.properties with the 
following format :

{code}
# username=<public key>,<roles...>
admin=AAAAB3NzaC1yc2EA......XLQ==,admin
{code}

I looked up the keys.properties format from karaf trunk (3.0.0-SNAPSHOT)

Now you can just ssh admin@hostname and no password. Wonderful !!! :-)
                
> Support ssh public key authentication and agent forwarding
> ----------------------------------------------------------
>
>                 Key: KARAF-32
>                 URL: https://issues.apache.org/jira/browse/KARAF-32
>             Project: Karaf
>          Issue Type: New Feature
>          Components: karaf-shell
>            Reporter: Guillaume Nodet
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 2.2.6, 3.0.0
>
>         Attachments: org.apache.karaf.shell.ssh-2.2.5-pubkey-barecheck.patch, 
> org.apache.karaf.shell.ssh-2.2.5-pubkey-fileinstall.patch, 
> org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch, 
> org.apache.karaf.shell.ssh-2.2.5-pubkey-userauthfactories.patch
>
>
> The karaf agent needs to be enhanced to be able to set up an ssh agent and 
> use a public/private key.
> The ssh server need to be configured with a public key authentication that 
> could delegate to the KeystoreInstance using certificates.
> The goal would be support the following use cases:
>   * once a user is logged into a given karaf instance, he can connect to any 
> other instance (provided that the public key is supported)
>   * the stop script could use the ssh agent so that you don't need to launch 
> it with a password on the command line
> A set of commands to administer the keystores might be interesting (maybe a 
> console plugin too, but we need to check with what Geronimo provides in this 
> area). 
> Btw,  I wonder if Apache Shiro would help in any way for all the security 
> stuff.
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to