HowTo: Change SSH port on openHAB2

To change the SSH port in openhab2 you must edit the following file

org.apache.karaf.shell.cfg

You need to update the following entry.

sshPort = 8101

The port is 8101 by default but can be changed to any available port of your choosing.

org.apache.karaf.shell.cfg can be found in the following locations.

Linux Package Install - /var/lib/openhab2/etc/org.apache.karaf.shell.cfg
Linux Manual Install - /opt/openhab2/userdata/etc/org.apache.karaf.shell.cfg
Synology NAS - /volume1/@appstore/openHAB2/userdata/etc/org.apache.karaf.shell.cfg

I hope this helps as a starting reference point,
Chris

2 Likes

Hey Chris,
thanks for contributing to the Tutorials&Examples category.
Two things I need to mention. 1) this file is not safe to change as it might be overwritten at a later point while upgrading. There is an extra file for this kind of things. 2) This was already documented here: http://docs.openhab.org/installation/security.html#webserver-ports - I guess you didn’t find it there!? Where would you’ve expected this information in the structure of the openhab docs? There was already a discussion around this topic: https://github.com/openhab/openhab-docs/issues/175

Best! Thomas

Hi Thomas,

I understand that may be overwritten during an upgrade.

The links you have provided are for https ports. I cannot see on that page reference to the ssh port.

Regards
Chris

This file is also edited to change the sshHost attribute. This is from the docs on the console.

sudo sed -i -e “s/sshHost = 127.0.0.1/sshHost = 0.0.0.0/g” /var/lib/openhab2/etc/org.apache.karaf.shell.cfg
sudo sed -i -e “s/openhab = habopen/openhab = securePassword/g” /var/lib/openhab2/etc/users.properties

Oh :smile: sorry, wrong detail! You are absolutely right, that’s not covered yet. Should be mentioned somewhere around here: http://docs.openhab.org/administration/console.html#bind-console-to-all-interfaces

Would you care to add a comment here: https://github.com/openhab/openhab-docs/issues/168 and/or https://github.com/openhab/openhab-docs/pull/299

I’ve added the comment although that issue is closed.

The pull request isn’t. If you add your comment there it might be added very soon.

Ah right. I’m quite new to github so dont really understand how it works fully.

Thanks for picking this up.

Chris

1 Like

Looks like you can change it from the console. I’ve not tried but found it looking for something else.

openhab> instance:ssh-port-change --help
DESCRIPTION
        instance:ssh-port-change

        Changes the secure shell port of an existing container instance.

SYNTAX
        instance:ssh-port-change name port

ARGUMENTS
        name
                The name of the container instance
        port
                The new secure shell port to set

openhab> instance:name
Command not found: instance:name
openhab> instance:list
SSH Port |  SSH Host | RMI Registry | RMI Registry Host | RMI Server | RMI Server Host | State   | PID   | Name
---------------------------------------------------------------------------------------------------------------
    8101 | 127.0.0.1 |         1099 |           0.0.0.0 |      44444 |         0.0.0.0 | Started | 12417 | main
openhab>

Hi everyone,

I created the issue #168 that was referenced above and so I’m trying to clean up this request that was added to the issue as well.

I’m new to Karaf. I tried this command from within the console:
instance:ssh-port-change main 12345
…and it appears that since I’m trying to change the main console ssh port and not another container port this is impossible as stopping the instance is required and stopping the instance main using instance:stop main shuts down the console (but the web server still runs?).

The solution that @chriscolden offered in the OP sounds more like it would work. @ThomDietrich was confused and thought we were talking HTTP ports, but brought up a good point that the solution offered in OP may get overwritten.

So I guess the question is: Is anyone sure of a solution for changing the port that is well-tested enough to put into the docs? What is that solution?

My method has been tested on synology nas here. Exception caught while starting SSH server; port already in use (solved)

Someone else confirmed it was also working as expected.

Agree it may get overwritten at a later date, but it shouldn’t be too much of an issue to modify again.

Thanks for explaining, Chris.

@ThomDietrich If it’s possible for this to get overwritten, should we open a larger issue against core openhab to allow for persistent configuration of the console ssh port via a top level openhab configuration, as opposed to deep behind-the-back surgery as this appears?

In the meantime we can put this in the docs (I’ll do it in my existing pull request) and give a warning that it may get overwritten.

Hey guys, sorry for the confusion up there. I was not myself at that time ^^

org.apache.karaf.shell.cfg and all (almost) other files under /var/lib/openhab2 are a different story. You can edit the file and it will not be overwritten any time soon.

The solution posted by @chriscolden is the correct one we should bring to documentation. Sorry for shooting you down at first. In fact, we are doing a pretty similar thing with the console password and interface already, these changes are even part of openHABian.

GoGoGo

Curious as to the reason for changing ssh port. Is this to avoid a port conflict or is this some effort to secure the system?

In this instance its a port conflict not really the security angle.

1 Like

Good deal. Was just checking since there are people who do this type of thing thinking that it helps secure their system when it actually doesn’t.

Sorry for bringing this old discussion back to life… (not really :grin:)

Although @ThomDietrich stated org.apache.karaf.shell.cfg will not be overwritten any time soon,

I still believe the documentation here should be updated to describe the more elegant way of setting the parameter override in $OPENHAB_CONF/services/runtime.cfg, as the documentation currently contradicts itself by first stating that parameters for .../etc/org.apache.karaf.shell.cfg can be overridden in $OPENHAB_CONF/services/runtime.cfg, but later on stating that changing a port should be done in .../etc/org.apache.karaf.shell.cfg directly.

I stumbled upon this when trying to run a container with 2.5.0-SNAPSHOT alongside the 2.4.0. stable release. There are 4 ports opened when running in host networking mode (needed for many discovery services): The UI ports (default 8080 and 8443), the Karaf console port (default 8101) and the LSP port (default 5007).
The HTTP(S) ports can be changed with an environment variable and the Karaf console port in the runtime.cfg, just like the LSP port:

org.eclipse.smarthome.lsp:port=5007

This last parameter is not mentioned in the documentation as far as I can see (only in a forum post). I propose to update the docs (in a follow up post of this first).

UPDATE: on 2.5.0-SNAPSHOT I noticed that the behaviour at initial startup of a clean install is somewhat confusing.
Initially the default ports for Karaf console and LSP are used/tried. Because they are already in use in my configuration an error is thrown. But later on the runtime.cfg is processed and the correct ports are used after all.