[jira] [Updated] (KARAF-4809) SSHd should not listen to all hosts
[ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lars Kiesow updated KARAF-4809: --- Summary: SSHd should not listen to all hosts (was: SSH should not listen to all hosts) > SSHd should not listen to all hosts > --- > > Key: KARAF-4809 > URL: https://issues.apache.org/jira/browse/KARAF-4809 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.7 >Reporter: Lars Kiesow >Assignee: Jean-Baptiste Onofré > > The default SSH server configuration will make Karaf listen to all hosts. It > is usually good practice to instead listen to localhost only by default to > avoid possible security risks (e.g. accidentally exposing an unconfigured SSH > server). > This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
[ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15664431#comment-15664431 ] Lars Kiesow commented on KARAF-4809: Please note that while it might be convenient, this bears a high security risk. If you just start Karaf, you have an open SSH server everyone can connect *with default credentials* (karaf/karaf) which will let you start, stop and install new karaf features. In other words, if a user misses to configure this properly, it means that they run something everyone can connect to and execute arbitrary code on. Writing somewhere in the documentation that it's risky is one thing, but we all know that users will not read through the whole Karaf documentation before starting it for the first time. In fact, from experience, I tend to say that most will not even do that if they are using Karaf in production as long as it works somehow. Limiting the SSHd to 127.0.0.1 by default will dramatically reduce this risk. True, other users on that particular system can still get access via SSH, but they need a login to that system already which most potential attackers will not have. Hence this will limit the risk dramatically. Another option to fix this issue would be to disable the default login mechanisms, forcing users to actually configure them. But that might be even more inconvenient. > SSH should not listen to all hosts > -- > > Key: KARAF-4809 > URL: https://issues.apache.org/jira/browse/KARAF-4809 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.7 >Reporter: Lars Kiesow >Assignee: Jean-Baptiste Onofré > > The default SSH server configuration will make Karaf listen to all hosts. It > is usually good practice to instead listen to localhost only by default to > avoid possible security risks (e.g. accidentally exposing an unconfigured SSH > server). > This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
[ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15663356#comment-15663356 ] Andrea Cosentino commented on KARAF-4809: - I guess we need emphasizing this security setting in the documentation, but I think the default can stay as it is now. -1 to this change. Docs need to be reviewed in relation to this. > SSH should not listen to all hosts > -- > > Key: KARAF-4809 > URL: https://issues.apache.org/jira/browse/KARAF-4809 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.7 >Reporter: Lars Kiesow >Assignee: Jean-Baptiste Onofré > > The default SSH server configuration will make Karaf listen to all hosts. It > is usually good practice to instead listen to localhost only by default to > avoid possible security risks (e.g. accidentally exposing an unconfigured SSH > server). > This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
[ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15663325#comment-15663325 ] Achim Nierbeck commented on KARAF-4809: --- I see this more to be a documentation issue on how to secure your instance, per default I'd rather have SSH handled the way it is before. Therefore a -1 on this change > SSH should not listen to all hosts > -- > > Key: KARAF-4809 > URL: https://issues.apache.org/jira/browse/KARAF-4809 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.7 >Reporter: Lars Kiesow >Assignee: Jean-Baptiste Onofré > > The default SSH server configuration will make Karaf listen to all hosts. It > is usually good practice to instead listen to localhost only by default to > avoid possible security risks (e.g. accidentally exposing an unconfigured SSH > server). > This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4809) SSH should not listen to all hosts
[ https://issues.apache.org/jira/browse/KARAF-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15663317#comment-15663317 ] Lars Kiesow commented on KARAF-4809: It is definitely a convenient way to connect remotely to Karaf. But you need to configure Karaf properly before using it. If only, you need to set a proper user and an SSH key. That is done easily but it means that you need to modify the configuration anyway and setting `sshHost` as well is then no big deal. On the other hand, if SSH listens globally and you do not configure your Karaf properly–which from my experience, likely a lot of users will not do–everyone can just log into the system and install and run arbitrary software on that host. That is a major security problem. In fact, this might happen already if you just try out Karaf and start it up once. I do not believe that is a good idea. > SSH should not listen to all hosts > -- > > Key: KARAF-4809 > URL: https://issues.apache.org/jira/browse/KARAF-4809 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.7 >Reporter: Lars Kiesow >Assignee: Jean-Baptiste Onofré > > The default SSH server configuration will make Karaf listen to all hosts. It > is usually good practice to instead listen to localhost only by default to > avoid possible security risks (e.g. accidentally exposing an unconfigured SSH > server). > This can be fixed by adjusting `sshHost` in `org.apache.karaf.shell.cfg` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4804) Package org.apache.felix.metatype do not deploy properly
[ https://issues.apache.org/jira/browse/KARAF-4804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15663286#comment-15663286 ] Frédérik ROULEAU commented on KARAF-4804: - I mean the bundle coming from Karaf. I am just deploying a kar using CXF, nothing tricky and restart. I then realized that Karaf's RMI server was not working and then I found that error in Karaf's log. > Package org.apache.felix.metatype do not deploy properly > > > Key: KARAF-4804 > URL: https://issues.apache.org/jira/browse/KARAF-4804 > Project: Karaf > Issue Type: Bug > Components: karaf-core >Affects Versions: 4.0.5, 4.0.7 > Environment: Linux EL6, java 1.8.0u101 >Reporter: Frédérik ROULEAU > > I can unfortunatly randomly reproduce the error and only on a quite slow > mono-core linux VM; When it occure, the bundle org.apache.felix.metatype does > not deploy due to an unknown mvn protocol error. Then karaf is not listening > on its RMI port. > Here is log : > INFO | jvm 1| 2016/10/25 12:10:08 | > org.apache.karaf.features.internal.util.MultiException: Error restarting > bundles > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:848) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.karaf.features.internal.service.FeaturesServiceImpl.doProvision(FeaturesServiceImpl.java:1152) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.karaf.features.internal.service.FeaturesServiceImpl$1.call(FeaturesServiceImpl.java:1048) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.util.concurrent.FutureTask.run(FutureTask.java:266) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.lang.Thread.run(Thread.java:745) > INFO | jvm 1| 2016/10/25 12:10:08 | Suppressed: > org.osgi.framework.BundleException: Activator start error in bundle > org.apache.felix.metatype [34]. > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.Felix.activateBundle(Felix.java:2276) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.Felix.startBundle(Felix.java:2144) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleImpl.start(BundleImpl.java:998) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleImpl.start(BundleImpl.java:984) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.karaf.features.internal.service.FeaturesServiceImpl.startBundle(FeaturesServiceImpl.java:126 > 2) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:840) > INFO | jvm 1| 2016/10/25 12:10:08 | ... 6 more > INFO | jvm 1| 2016/10/25 12:10:08 | Caused by: > java.lang.IllegalStateException: Unknown protocol: mvn > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.j > ava:482) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.j > ava:474) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.net.URL.toExternalForm(URL.java:929) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.net.URL.toString(URL.java:915) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.lang.ClassLoader.defineClassSourceLocation(ClassLoader.java:678) > INFO | jvm 1| 2016/10/25 12:10:08 | at > java.lang.ClassLoader.defineClass(ClassLoader.java:762) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2370) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2154) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1542) > INFO | jvm 1| 2016/10/25 12:10:08 | at > org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:79) > INFO | jvm 1| 2016/10/25 12:10:08 | at >