Using Apache Karaf via its local console provides the user with superb command and control capabilities over their OSGi container. Apache Karaf's remote console extends this experience to remote consoles, and as such, presents systems builders with an opportunity to further harden their systems. In this recipe, we'll change Karaf's default remote connection parameters.
The ingredients of this recipe include the Apache Karaf distribution kit, access to JDK, and a source code editor. The sample configuration for this recipe is available at https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter1/chapter1-recipe6.
The first step is editing the shell configuration. Apache Karaf ships with a default shell configuration file. It's a good practice to edit entries in the
etc/org.apache.karaf.shell.cfgfile to point to the non-default ports as a security precaution. Consider the following code:
# # Via sshPort and sshHost you define the address you can login into Karaf. # sshPort = 8102 sshHost = 192.168.1.110
In the preceding sample configuration, we defined the port for SSH access to
sshHostto an IP address of the host machine (the default value, 0.0.0.0, means the SSHD service is bound to all network interfaces). Restricting access to particular network interfaces can help reduce unwanted access.
ssh –p 8102 [email protected]
Upon connection, you'll be prompted for your password.
Changing the default remote access configuration is a good start. However, system builders should also consider changing the default
karafuser/password combination found in the
You might also decide to generate a server SSH key file to simplify remote access. Information regarding this configuration can be found at http://karaf.apache.org/manual/latest/users-guide/remote.html.