[jira] [Commented] (KARAF-3492) Can't connect to Karaf sshd using key authentication
[ https://issues.apache.org/jira/browse/KARAF-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14300922#comment-14300922 ] Jens Offenbach commented on KARAF-3492: --- {code:borderStyle=solid} ./client -h localhost -a 8101 -u karaf instance:connect test {code} This command makes a lot of sense! In our cloud environment, each port that must be accessible from the outside must be added to a security group. Having a dynamic number of child instances requires that each ssh port is put into that security group. The redirection over the root instance is a way that all child instances can be managed from the outside without any further additions to the security group. Can't connect to Karaf sshd using key authentication Key: KARAF-3492 URL: https://issues.apache.org/jira/browse/KARAF-3492 Project: Karaf Issue Type: Bug Components: karaf-shell Affects Versions: 4.0.0, 3.0.2 Reporter: Jean-Baptiste Onofré Assignee: Jean-Baptiste Onofré Fix For: 4.0.0, 3.0.4 The following doesn't work with Apache Karaf 3.0.2, whereas it worked with 3.0.1. {code} su - karaf -c client -h localhost -a 8101 -u karaf -r 50 -d 2 \ instance:connect -u karaf -p karaf test1 \\\ feature:repo-list \\\ \ Logging in as karaf 455 [sshd-SshClient[bea319b]-nio2-thread-1] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at [localhost/127.0.0.1:8101, DSA, b6:f6:d6:3f:8b:2f:ad:a4:0f:3f:3d:c3:7b:96:fd:ae] presented unverified {} key: {} Connecting to host localhost on port 8103 Connecting to unknown server. Automatically adding to known hosts. Storing the server key in known_hosts. Error executing command: Authentication failed {code} Increasing the verbose level: {code} client -v -h localhost -a 8101 -u karaf -r 50 -d 2 instance:connect -u karaf test1 \ feature:repo-list \ 39 [main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle not registered, using the default JCE provider Logging in as karaf 367 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Client session created 380 [main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start flagging packets as pending until key exchange is done 383 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Server version string: SSH-2.0-SSHD-CORE-0.12.0 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Kex: server-client [aes128-ctr, hmac-sha1, none] {} {} 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Kex: client-server [aes128-ctr, hmac-sha1, none] {} {} 444 [sshd-SshClient[bea319b]-nio2-thread-1] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at [localhost/127.0.0.1:8101, DSA, 22:8b:f8:9d:bc:c6:40:d8:fe:52:aa:90:c0:f2:70:ec] presented unverified {} key: {} 457 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets 524 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientUserAuthServiceNew - Received SSH_MSG_USERAUTH_FAILURE 568 [sshd-SshClient[bea319b]-nio2-thread-2] INFO org.apache.sshd.client.session.ClientUserAuthServiceNew - Received SSH_MSG_USERAUTH_SUCCESS Connecting to host localhost on port 8102 Error executing command: Authentication failed {code} Switching to DEBUG: {code} 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientSessionImpl | 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_SERVICE_ACCEPT 2015-01-15 11:28:48,920 | INFO | 5]-nio2-thread-1 | ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_USERAUTH_FAILURE 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 | Authentications that can continue: keyboard-interactive, password, publickey 2015-01-15 11:28:48,922 | DEBUG | 5]-nio2-thread-1 | Nio2Session | 28 - org.apache.sshd.core - 0.12.0 | Caught exception, now calling handler 2015-01-15 11:28:48,922 | WARN | 5]-nio2-thread-1 | ClientSessionImpl | 28 - org.apache.sshd.core - 0.12.0 | Exception caught java.lang.IllegalStateException: No SSH_AUTH_SOCK environment variable set at org.apache.karaf.shell.ssh.KarafAgentFactory.createClient(KarafAgentFactory.java:71) at org.apache.sshd.client.auth.UserAuthPublicKey.init(UserAuthPublicKey.java:78) at org.apache.sshd.client.session.ClientUserAuthServiceNew.tryNext(ClientUserAuthServiceNew.java:212) at
[jira] [Commented] (KARAF-3492) Can't connect to Karaf sshd using key authentication
[ https://issues.apache.org/jira/browse/KARAF-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14300099#comment-14300099 ] Jean-Baptiste Onofré commented on KARAF-3492: - On Karaf 3.0.2, I uncommented the key in etc/keys.properties, and I did: {code} ./client -h localhost -a 8101 -u karaf la {code} It works without problem. I created an instance (instance:create), updated the etc/keys.properties of the instance to uncomment the key, started the instance, and tried: {code} ./client -h localhost -a 8102 -u karaf la {code} It works without problem. I tried: {code} ./client -h localhost -a 8101 -u karaf instance:connect test Logging in as karaf 299 [sshd-SshClient[231c0dc6]-nio2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at [localhost/127.0.0.1:8101, DSA, a5:29:4b:e5:f7:58:2a:f8:8f:46:7a:54:92:ef:16:3e] presented unverified {} key: {} Connecting to host localhost on port 8102 Error executing command: Authentication failed Server key for host localhost/127.0.0.1:8102 does not match the stored key !! Terminating session. {code} it doesn't work (and actually it doesn't make sense, externally, you should use directly client or ssh). From the root instance, I tried: {code} karaf@root() instance:connect test Connecting to host localhost on port 8102 Server key for host localhost/127.0.0.1:8102 does not match the stored key !! Terminating session. Error executing command: Authentication failed {code} It doesn't work: I already created a Jira about that (I gonna linked both). Can't connect to Karaf sshd using key authentication Key: KARAF-3492 URL: https://issues.apache.org/jira/browse/KARAF-3492 Project: Karaf Issue Type: Bug Components: karaf-shell Affects Versions: 3.0.2 Reporter: Jean-Baptiste Onofré Assignee: Jean-Baptiste Onofré The following doesn't work with Apache Karaf 3.0.2, whereas it worked with 3.0.1. {code} su - karaf -c client -h localhost -a 8101 -u karaf -r 50 -d 2 \ instance:connect -u karaf -p karaf test1 \\\ feature:repo-list \\\ \ Logging in as karaf 455 [sshd-SshClient[bea319b]-nio2-thread-1] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at [localhost/127.0.0.1:8101, DSA, b6:f6:d6:3f:8b:2f:ad:a4:0f:3f:3d:c3:7b:96:fd:ae] presented unverified {} key: {} Connecting to host localhost on port 8103 Connecting to unknown server. Automatically adding to known hosts. Storing the server key in known_hosts. Error executing command: Authentication failed {code} Increasing the verbose level: {code} client -v -h localhost -a 8101 -u karaf -r 50 -d 2 instance:connect -u karaf test1 \ feature:repo-list \ 39 [main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle not registered, using the default JCE provider Logging in as karaf 367 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Client session created 380 [main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start flagging packets as pending until key exchange is done 383 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Server version string: SSH-2.0-SSHD-CORE-0.12.0 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Kex: server-client [aes128-ctr, hmac-sha1, none] {} {} 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Kex: client-server [aes128-ctr, hmac-sha1, none] {} {} 444 [sshd-SshClient[bea319b]-nio2-thread-1] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at [localhost/127.0.0.1:8101, DSA, 22:8b:f8:9d:bc:c6:40:d8:fe:52:aa:90:c0:f2:70:ec] presented unverified {} key: {} 457 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets 524 [sshd-SshClient[bea319b]-nio2-thread-1] INFO org.apache.sshd.client.session.ClientUserAuthServiceNew - Received SSH_MSG_USERAUTH_FAILURE 568 [sshd-SshClient[bea319b]-nio2-thread-2] INFO org.apache.sshd.client.session.ClientUserAuthServiceNew - Received SSH_MSG_USERAUTH_SUCCESS Connecting to host localhost on port 8102 Error executing command: Authentication failed {code} Switching to DEBUG: {code} 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientSessionImpl | 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_SERVICE_ACCEPT 2015-01-15 11:28:48,920 | INFO | 5]-nio2-thread-1 | ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_USERAUTH_FAILURE 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientUserAuthServiceNew | 28 - org.apache.sshd.core