Is OSGI Console a security risk?

Even if it is not likely that someone else is in my LAN, I encrypt as much as possible to avoid this problem. For the webinterface everything is fine with AUTH. But I can connect to the OSGI console without any login and do ALL changes.


  1. Can I disable OSGI console?
  2. Can I just run it on the adapter (loopback)? == not reachable from outside of the machine
  3. Can I bring in user/password (ssh) authentication?

Thanks for your help

Are you speaking of openHAB 1.x or 2.x?

I’m using 1.8 still. If there is a difference we should discuss both because I plan to move soon because of Alexa:slight_smile:

Using openHAB 2.0, Karaf console is secured with username and password and it is limited to local login.

1 Like

No further changes are planned for the 1.x runtime, so I think upgrading to 2.0 (or a 2.1 snapshot) is probably your best course of action.