I just updated my OH2 instance to the newest snapshot and ran into a bit of a problem.
After updating OH2, I could not login via SSH anymore. The ssh command takes forever to eventually kick you out with the message “Session has timed out waiting for authentication after 120000 ms”.
Karaf apparently generates an SSH host key the first time you log in. With karaf 4.0.1, the strength of this key was increased to 4096 bits RSA. What apparently happens is that the client connects via SSH, the session timer starts running, Karaf starts generating that SSH host key and will only ask for authentication after said key is generated.
Now if you are like me and run OH2 on very slow hardware (Raspberry 1 in my case), the generation takes longer than the session is allowed to be pending, which means that you get kicked out everytime you try to connect.
I’ve solved this by reducing the encryption from 4096 bits RSA to 1024 bits RSA in the file org.apache.karaf.shell.cfg. Keep in mind that doing this might pose a security problem, especially if you allow connections to karaf from elsewhere than localhost.
I’m not sure if my observation fits your description, however it looks to me as if I just need to delete the known.hosts file in order to get the connection in time again.
Hello @Red_Wraith, that was an interesting read, thanks for investigating! I’ve seen similar behavior and being able to get rid of it in openHABian would be nice. I do not see a problem in weakening the key as long as the port is not reachable from outside the local subnet / your home. 2048 is still okay and besides, a “not so strong” key is still better tha the default password which presumably 99% did never change ;D
