Unable to run Karaf Console in Visual Studio Code


I’m having trouble to get the Karaf Console to work in Visual Studio Code.
Here is a short description of the setup I’m using:
OH2 version is running on a Synology DS214
Visual Studio 1.23.1 running on my local Windows 10 PC with OH2 extension (0.3.5)
The OH2 Config Files are shared from the DS214 to a network drive mounted to my Win 10 PC.
VSC is accessing the Config files on the network drive on my local PC.

To access the OH Console, I am currently using PuTTY to connect to the Synology server using my local IP 192.168.2.XX with ssh on Port 22, the admin user and admin password.
Once logged into the server, I am using “ssh -p 8101 openhab@localhost” to start the OH console.

To get the Console to work I’ve done the following:

  1. added “openhab.karafCommand”: “ssh -p 8101 openhab@localhost ‘log:tail’”, to the user settings in VSC
  2. added “openhab.host”: “192.168.2.XX”, to user settings
  3. added “openhab.port”: 8080, to user settings

Starting the console in the terminal section gives me the following:
Windows PowerShell
Copyright © Microsoft Corporation. All rights reserved.

PS Z:\> ssh -p 8101 openhab@localhost 'log:tail'
ssh: connect to host localhost port 8101: Connection refused

I guess my setup appears to be incomplete to be able to start the console in VSC.
What part is missing ?
What is meant by “Note that this option is available only if you exposed Karaf console.”
How do I expose the Karaf Console ?

Any help is appreciated,

Maybe this helps.

I do not remember when it changed, but at some point a decision was made that by default karaf is setup to be accessed from the local machine only for security reasons; so to access karaf you would need to open a shell window in your NAS drive; this restriction can be changed [edit] see the docs: https://docs.openhab.org/administration/console.html#bind-console-to-all-interfaces

Thanks for your advise.
I have tried to lift the restriction to access the Karaf Console in VSC by modifying the entry in the runtime.cfg file.
I temporarily modified the entry to “org.apache.karaf.shell:sshHost =”
Rebooted the NAS, result is: connection refused:
PS Z:> ssh -p 8101 openhab@ ‘log:tail’
ssh: connect to host port 8101: Connection refused

Then I reset the Karaf entry in runtime.cfg back to the default value and rebooted the NAS:
“org.apache.karaf.shell:sshHost =”

Then I tried again the remote shell via PuTTY with this: (Remember it worked before)

login as: admin
admin@'s password:
admin@DS216-MD1:~$ ssh -p 8101 openhab@localhost
ssh: connect to host localhost port 8101: Connection refused

Same result: Connection refused

So basically I’m now completely stuck and can no longer access the Karaf Console.
Neither via remote shell nor via the VSC terminal.
What is wrong here ?

In the meantime I’ve got the Karaf Console via remote shell back to work.
Now trying to get it to work in VSC from my local PC.

I have set runtime.cfg to “org.apache.karaf.shell:sshHost =”
When now lauching the console I get the following message below:
> PS Z:> ssh -p 8101 openhab@ ‘log:tail’

    Unable to negotiate with port 8101: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

What is the issue here ? is the IP from the NAS server running OH2.
VSC is running on my local PC using OpenSSH Client (Beta) from Windows 10

Appreciate your help …

Did you try anything descriped in the upper post?

OK, although I don’t understand each step in detail let me give it a try, but I need some help to get the steps done:

Step 1.1 is completed, file id_ed25519.pub is created
Step 1.2.1
OH2 is running on a NAS DS 214 Synology, User is “admin”
What command do you want me to perform on the remote shell ?
“ssh-copy-id -i ~/.ssh/mykey user@host” ? Is this correct ?
Step 1.2.2
I can see an .ssh folder under /var/services/homes/admin/ …
Is this the correct folder and as there is no /authorized_keys file in that folder, do you want me to create the file and copy the content from id_ed25519 into that file ?

Once you confirm, I’ll give it a try … Thanks for your help

I do not own a synology but what i read assembles to following.

  1. generate your WIN PC ssh key, assumed you use openSSH, from your Windows PC with command line
  1. Copy your public key to your synology, from your Windows PC with command line
// Windows
scp "<PathToFile>/id_XXXXX.pub" admin@<Ip-of-Synology>:/var/services/homes/admin/.ssh/authorized_keys

or mannually using vim or nano on your synology

// manually 
// copy content of `id_XXXXX.pub` to   
// existing or created file `/var/services/homes/admin/.ssh/authorized_keys`
  1. Set the permissions correctly on that directories and files on your synology:

Sets proper permissions for the folder (full rights to user, no rights to anyone else)

sudo chmod 700 /var/services/homes/admin/.ssh

Set permissions of the authorized keys file. (read/write to current user, read-only to everyone else)

sudo chmod 644 /var/services/homes/admin/.ssh/authorized_keys

The important thing is that home directories for SSH users MUST be writable ONLY by the user. The web UI creates these wrong. For each home directory, change permissions:
Changes permission to full (read/write/execute) for the user, but to read/execute only for the group and for everyone else

sudo chmod 755 /volume1/homes/someuser
  1. Check on a command line on your Synology, check the pubkey
ssh-keygen -l -f /var/services/homes/admin/.ssh/authorized_keys
  1. You need to edit on your synology the SSH daemon’s config file to allow access via keys. Edit /etc/ssh/sshd_config and comment out this lines:
#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
  1. restart the deamon
sudo synoservicectl --restart sshd

I’ve executed steps 1-3 and 5, but now receiving the message below on Synology at step 4:

admin@DS216-MD1:/$ ssh-keygen -l -f /var/services/homes/admin/.ssh/authorized_keys
/var/services/homes/admin/.ssh/authorized_keys is not a public key file.

What is the expected message here ? Is it OK to proceed ?

After some try and error I managed to get Steps 1-6 completed.
I restarted the Synology server and VSCode and executed the following command in the VSCode Terminal window:

PS Z:> ssh openhab@ tail -q -f /var/log/openhab2/events.log -f /var/log/openhab2/openhab.log
openhab@’s password:
Permission denied, please try again.
openhab@’s password:
Permission denied, please try again.
openhab@’s password:
openhab@ Permission denied (publickey,password).

It is asking for the openhab daemon user’s password on the Synology (which I believe I don’t have …)
I’m stuck at this point, Please advise …

BTW: the runtime.cfg file has not been modified at this point.
Still on default with “# org.apache.karaf.shell:sshHost =” commented out
Is this correct ?

Please advise, Thanks

As you try to log in as openbhab you should repeat all steps for the user openhab. Above the example showed it for admin.

Understood, now logging in as admin and modified the paths for the log files acc to my NAS server:

PS Z:> ssh admin@ tail -q -f /volume1/public/openHAB/userdata/logs/events.log -f /volume1/public/openHAB/userdata/logs/openhab.log
admin@’s password:
2018-05-18 17:35:06.990 [vent.ItemStateChangedEvent] - ntp_ntp_local_string changed from 2018-05-18 17:34:36 CEST to 2018-05-18 17:35:06 CEST
2018-05-18 17:35:32.381 [vent.ItemStateChangedEvent] - Solar_Speicher_Dach_Speicher changed from 58.40 to 57.20

and I can finally see the logs coming in. This is great !!!

Why do I still have to give the admin password to get it started ?

Maybe you have multiple ssh clients in windows, make sure that the client which has the right path is the first one in your environment variables.

I vagely remember that i had something similar. I think i ended up deleting all ssh clients and make sure windows build in openssh is the choosen one when connecting.

I have removed all other ssh clients (I believe): PuTTY, WinSCP, Wireshark …
Same thing, it asks me for the password when starting Karaf Console.

Here are my environment variables; moving “OpenSSH” to the Top does not make a difference


One more thing I noticed is that the Key in the .pub file and in the “known_hosts” file is NOT the same, see below screenshot from the .ssh directory on my Win 10 PC. Is that an issue ?


Is there a way to explicitly choose openssh when connecting from VSCode Powershell terminal window ?

Thanks for your help

I again repeated all steps for user admin, and finally it worked.
No password needed any longer.
Thanks for all your help !!

The only thing I have to do after starting VSCode is to go to the Terminal window and press CTRL + Shift + P and select

OpenHAB: Karaf Console.

Is there a way to get the console started right away on VSCode start w/o the steps above ?

Glad it works. I don’t know a direct way to configure events at startup but maybe activationEvents can be used.