Openhabian console login fails

Continuing the discussion from Ssh connection to karaf no longer possible:

I just got this same issue today on openHAB 2.5.0-1 (Release Build). I had just changed permissions to establish setup of ssh using a key for auto-logging into openhabian:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

After that (and it may not have been the triggering event), the password habopen stopped working for logging into console:

[11:24:38] openhabian@openhab:~$ openhab-cli console

Logging in as openhab
Password:  
Password:  
No more authentication methods available

Next, I changed the console password (using openhabian-config) and tried again to login to the console. That did not work.

Next, I stopped openhab (sudo systemctl stop openhab2.service), cleared the cache (sudo openhab-cli clean-cache), then did a reboot.

After reboot, I tried again to login to the console, and now there is a different result, but still no success:

11:33:53] openhabian@openhab:~$ openhab-cli console

Logging in as openhab
Password:  
Session is being closed

After waiting a minute, I tried again, and got the first result (No more authentication methods available) again.

With the newer Karaf the password habopen is required.

The default habopen used to work, but after the ssh actions I described, it stopped working as a password, so I changed it. openhabian requires a 10-character password, so it cannot be “reestablished” as habopen.

What worked was using this instruction to reset the password for the openhab user from the command line:

sudo sed -i -e "s/openhab = .*,/openhab = securePassword,/g" /var/lib/openhab2/etc/users.properties

Substitute securePassword with your desired password.

Then, stop openhab and reboot.

Even though openhabian has a password reset, it apparently does not work, so you have to do it this way.

It’s not at all clear what is going on. ~/.ssh/authorized_keys is completely unrelated to the Karaf console so the change made to that is not relevant. However, the ~/.ssh chmod may have messed up something. As a general rule, nothing inside ~/.ssh should have the execute permission set.

The password/ssh certificate for the Karaf console is managed by $OH_USERDATA/etc/users.properties and $OH_USERDATA/etc/keys.properties. To manually change the password (in case openhabian-config is causing problems) edit $OH_USERDATA/etc/users.properties and replace {CRYPT}blahblahblah....blah{CRYPT} with the new password. Then try to log in again. Karaf will encrypt the password as soon as you successfully log in.

If you want to cofigure certificate logins, exit $OH_USERDATA/etc/keys.properties and copy your SSH public key (in ~/.ssh/id_rsa.pub usually) for the openhab user following the example for the karaf user in that file.

OK, that did just what I described above, it replaced the stuff between the {CRYPT} tags for the openhab user.

Please file an issue. See How to file an Issue.

1 Like

Thanks Rich. Issue filed here.