I forgot:
0. if provided use key auth ;)
Regards
JB
On 07/06/2016 09:23 PM, Jean-Baptiste Onofré wrote:
By default bin/client tries (in this order):
1. to read etc/users.properties when possible
2. to use karaf/karaf
3. to use -u and prompt for the password
bin/client is a SSH client (written in Java). The host.key is the same
file as for SSH and containing the trusted hosts (you also have
.sshkaraf/known_hosts for that).
Regards
JB
On 07/06/2016 08:50 PM, Elliot Huntington wrote:
This makes sense. So, I gather from this explanation that the container
is secure (in as much as the default password has been changed and the
default private key has been deleted) but the bin/client command will
still use whatever password is specified in the etc/users.properties
file? If so, this would explain why on 4.0.5 bin/client was able to
successfully log into the container without having to explicitly specify
a password. But if this is true, then I'm still curious: what is the
purpose of the etc/host.key file that is created by the container (or
maybe the bin/client command) if the etc/keys.properties file is
missing? What is the point of that file if the bin/client command is
using the password specified in etc/users.properties to connect to the
container?
On Wed, Jul 6, 2016 at 12:43 PM, Jean-Baptiste Onofré <[email protected]
<mailto:[email protected]>> wrote:
Previously, bin/client embedded a default key (as you can see in
etc/keys.properties). It's now disable.
However, bin/client assumes username karaf and password karaf,
that's why you don't have to provide anything.
You can change the default password in etc/users.properties.
Regards
JB
On 07/06/2016 01:16 AM, Kevin Schmidt wrote:
I just followed the instructions to secure the container and
using
bin/client does now require a password and doesn't successfully
connect
to the container. I did this with Karaf 3.0.6. Perhaps
something
changed with Karaf 4?
Kevin
On Tue, Jul 5, 2016 at 3:49 PM, Elliot Huntington
<[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>> wrote:
I wrote a question
(http://stackoverflow.com/questions/38176918/how-to-secure-the-default-apache-karaf-installation)
on stack overflow pertaining to Christian Schneider's blog
post, How
to hack into any default apache karaf installation
<http://www.liquid-reality.de/display/liquid/2014/01/08/How+to+hack+into+any+default+apache+karaf+installation>.
After following his instructions to secure the container the
`bin/client` command, rather than failing, appears to
create a new
file `etc/host.key` and successfully connects to the
container. This
was unexpected according to the blog post.
It would be helpful if someone would answer this question
on stack
overflow.
Thanks,
Elliot
--
Jean-Baptiste Onofré
[email protected] <mailto:[email protected]>
http://blog.nanthrax.net
Talend - http://www.talend.com
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
