[SOLVED] Access karaf from machine other than localhost

Can I open karaf up to my network?

I run on windows, and it’d be useful if I could access karaf from one of my linux machines. But I don’t know where the restriction is set.

Yes, but it’s a security risk :slight_smile:
In OH2: /var/lib/openhab2/etc/org.apache.karaf.shell.cfg

set sshHost =

An useful information might be found in offial openhab docs: http://docs.openhab.org/administration/console.html#bind-console-to-all-interfaces

Yeah I found it. Only a security risk inside my network right? (I don’t use cloud connector by a VPN)

Correct :slight_smile: (not a big security hole, but I wanted to mention it :stuck_out_tongue:)
I didn’t know that we had a doc entry for that! Thanx @splatch

The risk posed by the SSH port in OpenHAB isn’t really because it’s a SSH port, it’s because it uses a well-known username/password that is difficult to change. Personally I wish that the SSH implementation would accept SSH key-based authentication and allowed me to turn off password authentication completely. There’s nothing in the config files that appear to allow that - I have no idea if the underlying implementation allows that.

It’d also be good if there was something in the web UI that allowed changing the password. I think that it would also be a good idea if the SSH console was disabled until the password was changed as well.

yeah key based authentication would be cool.

It does.
Create a DSA 1024bit key, enable it in /var/lib/openhab2/etc/keys.properties for user openhab:
Example using the default and disabled key (don’t use this one! :slight_smile:) for the karaf user

_g_\:admingroup = group,admin,manager,viewer,systembundles

and you are ready to go.

I don’t think that you can turn off passwd auth entirely on the other hand.


1 Like

Warning: If you are on Snapshot releases and you upgrade, this file will be overwritten and you will have to change it back again (from to
The keys.properties and/or user.properties files will remain the same, so no need to re-apply your ssh key or re-adjust your openhab user password.