Is there a way via ssh to connect to the karaf console?
Say i start in a ssh session OH2beta2, or more likely via a service…if i start a new ssh session, is it possible to connect to the karaf “console” or “shell” … so that i can issue the karaf commands etc?
Cheers,
Greg
Sure, see here.
You can do:
ssh karaf@localhost -p 8101
Default password is “karaf”. Actually, I think we should disable the ssh access by default or at least do not have any users being allowed to use it - looks like a real security issue. @davy, would you know how to do this?
Besides the remote ssh access, you can also always use the local Karaf client by
./runtime/karaf/bin/client
This will create a local shell for you.
Excellent - thanks as always Kai.
I would opt for enabling by default only localhost connections (karaf ssh out of the box is bound to all interfaces).
Sounds good. Could you come up with a PR for that?
Sir, yes sir.
Hi On Pine64 with Remix OS 2.0 Image Release 20160415 I had to add to my PATH:
> export PATH=$PATH:/opt/openhab/runtime/karaf/bin
to get _client _to run… else command not found
I get an authentication failed
root@da-dom-02:/opt/openhab2# ./runtime/karaf/bin/client
client: Ignoring predefined value for KARAF_HOME
Logging in as openhab
Authentication failed
Hey @dannyvanderaa,
You can test authentication with ssh command as well. Karaf client under the hood just opens ssh connection thus it’s alternative way of doing it (this way you can also connect remotely):
ssh -p 8101 karaf@localhost
ssh -p 8101 openhab@localhost
With older versions user and password is karaf, with new it is openhab/habopen.
Thx that is working.
Do we know how can we get this information updated at http://docs.openhab.org/administration/console.html. As that is still wrong and not working and might be putting people off.
Just in case someone is looking for the path when OpenHAB is installed via package manager, the command is
/usr/share/openhab2/runtime/karaf/bin/clientIt might fail with missing ciphers from the server (on a Raspberry Pi / OpenHabian) or with no message at all other then ‘Authentication failed’ on a Odroid with the latest SNAPSHOT of Openhab2.0.
Took me some time to figure out you need the bouncycastle library (bcprov-ext-jdk15on-155.jar) in the addons directory to make it work!
How connect to it without password, where I must put my id_rsa file?
You need to add public key (most likely .ssh/id_rsa.pub) to authorized keys in Karaf. You can edit ${OPENHAB_HOME}/userdata/etc/keys.properties. This is flat property file where key is username and value is public key used for authentication. Public key must be without perfix (ssh-rsa) and comment at the end, just one long string. After comma you need to assign group, so whole line looks like this openhab=sshkey,_g_:admingroup.
Thanks, it’s work for me on Raspi3. I’m added line to
/var/lib/openhab2/etc/keys.properties
was something changed during the last days ? In the past I was able to enter karaf console using
pi@KGTec1Openhab2Server:~$ ssh -p 8101 openhab@localhost
this doesnt work anymore:
pi@KGTec1Openhab2Server:~$ ssh -p 8101 openhab@localhost
Unable to negotiate with 127.0.0.1 port 8101: no matching host key type found. Their offer: ssh-dss
pi@KGTec1Openhab2Server:~$
openhab.log gives me this:
2017-01-20 14:40:30.183 [WARN ] [he.sshd.server.session.ServerSession] - Exception caught
java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 / server: ssh-dss)
at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[61:org.apache.sshd.core:0.14.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_121]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.8.0_121]
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.8.0_121]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)[:1.8.0_121]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)[:1.8.0_121]
at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:170)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:186)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[61:org.apache.sshd.core:0.14.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_121]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.8.0_121]
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.8.0_121]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)[:1.8.0_121]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)[:1.8.0_121]
at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:170)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:135)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:120)[61:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[61:org.apache.sshd.core:0.14.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_121]
at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_121]
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
I did the following upgrades with apt, it was still working after the 16th, but no more today:
Start-Date: 2017-01-16 15:38:40
Commandline: apt-get autoremove
Remove: linux-headers-4.4.0-53-generic:amd64 (4.4.0-53.74), linux-headers-4.4.0-53:amd64 (4.4.0-53.74), linux-image-4.4.0-53-generic:amd64 (4.4.0-53.74), linux-image-extra-4.4.0-53-generic:amd64 (4.4.0-53.74)
End-Date: 2017-01-16 15:44:11
Start-Date: 2017-01-20 09:40:53
Commandline: apt-get upgrade
Upgrade: libdbus-1-3:amd64 (1.10.6-1ubuntu3.1, 1.10.6-1ubuntu3.3), uuid-runtime:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), libfdisk1:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), dbus:amd64 (1.10.6-1ubuntu3.1, 1.10.6-1ubuntu3.3), libmount1:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), util-linux:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), mount:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), apport:amd64 (2.20.1-0ubuntu2.4, 2.20.1-0ubuntu2.5), libblkid1:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), python3-apport:amd64 (2.20.1-0ubuntu2.4, 2.20.1-0ubuntu2.5), libuuid1:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), oracle-java8-set-default:amd64 (8u111+8u111arm-1~webupd8~0, 8u121-1~webupd8~0), libsmartcols1:amd64 (2.27.1-6ubuntu3.1, 2.27.1-6ubuntu3.2), oracle-java8-installer:amd64 (8u111+8u111arm-1~webupd8~0, 8u121-1~webupd8~0), bsdutils:amd64 (1:2.27.1-6ubuntu3.1, 1:2.27.1-6ubuntu3.2), openhab2:amd64 (2.0.0~20170115182648-1, 2.0.0~20170120042546-1), python3-problem-report:amd64 (2.20.1-0ubuntu2.4, 2.20.1-0ubuntu2.5)
End-Date: 2017-01-20 09:48:15
My initial suspect was a change to openssh default settings, but it seems there was no change to it recently ? anyone else having this issue as well or any clue how to fix this ?
It’s no pi, although the user name might suggest it is… it’s a VM running Ubuntu:
root@KGTec1Openhab2Server:/var/log/apt# uname -a
Linux KGTec1Openhab2Server 4.4.0-59-generic #80-Ubuntu SMP Fri Jan 6 17:47:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linuxcheck this out:
Ubuntu + updates = new version of OpenSSH = disables ssh-dss on the client side
Quick Fix:
ssh -oHostKeyAlgorithms=+ssh-dss -p 8101 openhab@localhost
This might be completely, utterly unrelated, so don’t give it any credibility without careful research, but here is one recent change.
thanks, that helped !
I also had to delete the old RSA key using
ssh-keygen -f "/home/pi/.ssh/known_hosts" -R [localhost]:8101