Book Image

Apache Karaf Cookbook

By : Jamie Goodyear, Johan Edstorm, Achim Nierbeck, Heath J Kesler
Book Image

Apache Karaf Cookbook

By: Jamie Goodyear, Johan Edstorm, Achim Nierbeck, Heath J Kesler

Overview of this book

Table of Contents (17 chapters)
Apache Karaf Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Reconfiguring SSH access to Apache Karaf


Using Apache Karaf via its local console provides the user with superb command and control capabilities over their OSGi container. Apache Karaf's remote console extends this experience to remote consoles, and as such, presents systems builders with an opportunity to further harden their systems. In this recipe, we'll change Karaf's default remote connection parameters.

Getting ready

The ingredients of this recipe include the Apache Karaf distribution kit, access to JDK, and a source code editor. The sample configuration for this recipe is available at https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter1/chapter1-recipe6.

How to do it…

  1. The first step is editing the shell configuration. Apache Karaf ships with a default shell configuration file. It's a good practice to edit entries in the etc/org.apache.karaf.shell.cfg file to point to the non-default ports as a security precaution. Consider the following code:

    #
    # Via sshPort and sshHost you define the address you can login into Karaf.
    #
    sshPort = 8102
    sshHost = 192.168.1.110

    In the preceding sample configuration, we defined the port for SSH access to 8102 and set sshHost to an IP address of the host machine (the default value, 0.0.0.0, means the SSHD service is bound to all network interfaces). Restricting access to particular network interfaces can help reduce unwanted access.

  2. The next step is restarting Karaf. After editing the configuration, we must restart Karaf. Once restarted, you'll be able to connect to Karaf using an SSH client command as follows:

    ssh –p 8102 [email protected]
    

    Upon connection, you'll be prompted for your password.

There's more…

Changing the default remote access configuration is a good start. However, system builders should also consider changing the default karafuser/password combination found in the users.properties file.

You might also decide to generate a server SSH key file to simplify remote access. Information regarding this configuration can be found at http://karaf.apache.org/manual/latest/users-guide/remote.html.