I am running OH2 on an RPi3, which is running openHABian. Yesterday, after I updated to openHAB 2.0.0~20170108034429 (Build #736), I needed to adjust some log levels for debugging, but I found I was unable to access the karaf console as I have in the past. I enter
/usr/share/openhab2/runtime/bin/client
and I am prompted for a an openhab password. I don’t recall having ever seen that behavior in the past. I tried my password (my account is authorized to use sudo) as well as the root password on my system. Nothing works.
I searched and found a section of the openHABian hassle-free RPi image thread where a similar issue is discussed. I went through the process recommended there with no success. I also tried deleting /var/lib/openhab2/etc/host.key and restarting OH2 as recommended by @ThomDietrich, still no joy.
I verified my OH2 installation with:
dpkg --verify openhab2-offline
The verification indicated that no files are missing or modified.
Asking for the password is not an expected change, we’ll have to look into this. However the real issue here is, that you are simply using the wrong password http://docs.openhab.org/administration/console.html
[07:04:39] root@rpi3:~# ssh openhab@localhost -p 8101
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
84:cb:b5:5a:1f:b5:17:e6:98:1b:36:d8:59:51:a0:26.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:2
remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R [localhost]:8101
DSA host key for [localhost]:8101 has changed and you have requested strict checking.
Host key verification failed.
[07:06:00] root@rpi3:~# sed -i 2d ~/.ssh/known_hosts
[07:06:34] root@rpi3:~# ssh openhab@localhost -p 8101
The authenticity of host '[localhost]:8101 ([127.0.0.1]:8101)' can't be established.
DSA key fingerprint is 84:cb:b5:5a:1f:b5:17:e6:98:1b:36:d8:59:51:a0:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8101' (DSA) to the list of known hosts.
Password authentication
Password:
Password authentication
Password:
Password authentication
Password:
[07:07:16] root@rpi3:~# passwd openhab
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
[07:07:53] root@rpi3:~# ssh openhab@localhost -p 8101
Password authentication
Password:
Password authentication
Password:
Still no joy. Note that, just be sure, I set the openhab password to the default per the doc you brought to my attention.
I’ve just tested both paths. After supplying the habopen password I was able to login.
The first SSH/fingerprint error is related to you deleting the host.key, that’s to be expected. Please also note, that passwd openhab will not have any effect, as the password for the karaf console is configured here: /var/lib/openhab2/etc/users.properties
Yours and other reported problems brought forth the idea to revert that change for openHAB 2.0 final.
Please check this issue for further developments: https://github.com/openhab/openhab-docs/issues/168
have you tried to reset the password to something else using the openhabian-config command?
You can do this when you bind the karaf console to all interfaces.
I just updated from the last available openhab2-offline package (I guess it was from January, 4th) to the final stable release and ran into the problem, that the karaf client now asks for a password. With the habopen password it works but I don’t want to enter it every time. Connecting to karaf via ssh works without having to enter a password, so the key configuration should be fine I guess.
While searching for a solution I stumbled upon this thread, which exaclty describes my problem. But if I understand things right the change that led to this issue was reverted, right? Or didn’t this make it into the final package but only to the current snapshot package?
root@vdr:~# /usr/share/openhab2/runtime/bin/client -k ~/.ssh/id_rsa -v
client: Ignoring predefined value for KARAF_HOME
Error starting ssh agent for: org/bouncycastle/openssl/PEMParser
Logging in as openhab
616 [sshd-SshClient[6b26e945]-nio2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /127.0.0.1:8101 presented unverified RSA key: a6:af:a6:6a:04:95:a9:17:69:63:a8:0e:c2:fc:a6:e7
660 [sshd-SshClient[6b26e945]-nio2-thread-3] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught
java.lang.NullPointerException
at org.apache.sshd.agent.common.AgentDelegate.getIdentities(AgentDelegate.java:40)
at org.apache.sshd.client.auth.UserAuthPublicKey.init(UserAuthPublicKey.java:79)
at org.apache.sshd.client.session.ClientUserAuthServiceNew.tryNext(ClientUserAuthServiceNew.java:212)
at org.apache.sshd.client.session.ClientUserAuthServiceNew.processUserAuth(ClientUserAuthServiceNew.java:178)
at org.apache.sshd.client.session.ClientUserAuthServiceNew.process(ClientUserAuthServiceNew.java:131)
at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:80)
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:431)
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)
at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Authentication failed
I mean these seem to be just WARNINGs, but I suppose this may lead to the abortion of the public key login…