The key is stored in a file at /var/lib/openhab2/etc/. Technically we are not supposed to be editing the files in this folder and they are considered system files, not user-space files. But there are some things we just can’t do without changing these files, like changing the Karaf console password. I know that when using Docker, changes to these files are preserved. I’m reasonably sure that when using apt or openHABian to update these files get overwritten and therefore returned to the default.
Note that this is a double edged sword. For example, I had changes made to my logging config that I kept for a long time and more and more junk kept showing up in my openhab.log as new versions came out. Eventually I compared my version with the version in github and there were about 50 new lines added that I was missing.
I don’t think there is a good answer for this except to remember to reapply the changes to the files in /var/lib/openhab/etc after an upgrade.
All I really know is documented on those pages better than I can write here. I can also confirm that it works for me. hat command are you using to access the console? Are you logging in as user openhab?
Unless you configure ssh keys per the instructions linked to above it will always ask for a password. The point of ssh certificates is to authenticate with “something you have” (i.e. the certificate) as opposed to “something you know” (i.e. password). For completeness, bio-metrics like fingerprints would be “something you are”. Multi-factor authentication would be using two or more of the three.
In fact, you could use whichever user you want, if first setting up the user to be allowed to login to karaf
For simple login, just add a line to $OPENHAB_USERDATA/etc/users.properties (like the one for user openhab), write down the password, openHAB will encrypt the password while startup.
For passwordless login, use private/public key. Create the key with ssh-keygen and copy the key to $OPENHAB_USERDATA/etc/keys.properties. Format is
username=your-public-key-here,_g_:admingroup
Now use
ssh username@localhost -i private.key -p8101
No need to say, don’t set a password when creating the key.
They shouldn’t do. /var/lib/openhab2/etc is a configuration folder, where only a specific set of files are replaced on an update, the files @Udo_Hartmann mentioned above should be left untouched by the update and won’t be overwritten.
it’s common practice in linux distributions that during an update edited/changed configuration files are being detected and the user will be asked for which action ( keep edited file, overwrite edited file in case a newer maintainer version is avaiable; do a diff and edit the file manually ) needs to be done.
I’ve had files replaced in that folder before I think. But maybe I’m mistaken. I’ve only one apt based installation and I almost never update it because it’s 100 miles away and fixing problems is a bit challenging.
That’s correct and this is what it will do (if it’s not one the specific files listed). It only comes up with these warnings and prompts if the file has changed on the maintainer’s side.
I had to test because that’s certainly something that should be fixed asap, it was our goal to have the update of all types of installation exhibit the same behaviour:
ben@server:~ $ echo "ben = testpass,_g_:admingroup" | sudo tee -a /var/lib/openhab2/etc/users.properties
ben = testpass,_g_:admingroup
ben@server:~ $ tail -n2 /var/lib/openhab2/etc/users.properties
_g_\:admingroup = group,admin,manager,viewer,systembundles
ben = {CRYPT}13D249F2CB4127B40CFA757866850278793F814DED3C587FE5889E889A7A9F6C{CRYPT},_g_:admingroup
ben@server:~ $ sudo apt upgrade
[...]
The following packages will be upgraded:
openhab2
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
[...]
Unpacking openhab2 (2.5.6~S139-1) over (2.5.5~S108-1) ...
Setting up openhab2 (2.5.6~S139-1) ...
[...]
ben@server:~ $ tail -n2 /var/lib/openhab2/etc/users.properties
_g_\:admingroup = group,admin,manager,viewer,systembundles
ben = {CRYPT}13D249F2CB4127B40CFA757866850278793F814DED3C587FE5889E889A7A9F6C{CRYPT},_g_:admingroup
It’s been a long time and my memory may be from OH 1.6 for all I know. Or I’m thinking of /etc/defaults or something like that. Or it might be something openHABian did. I just can’t remember any specifics.