Stop Karaf from generating new SSH keys on startup -


i've noticed karaf keeps generating new ssh keys on each startup. makes automatic scripts connecting via ssh useless, because new key must manually accepted each time.

is possible stop behaviour , generate new keys once per new installation?

more debug info: i've noticed, 'etc/host.key' has not changed. however, after stopping , starting karaf message:

ssh -p 8101 localhost -ohostkeyalgorithms=+ssh-dss

offending dsa key in ~/.ssh/known_hosts:5   remove with:   ssh-keygen -f "~/.ssh/known_hosts" -r [localhost]:8101 dsa host key [localhost]:8101 has changed , have requested strict checking. host key verification failed. 

the fact dsa keys generated doesn't match log message karaf.log well:

info | sshd-sshserver[20056f77]-nio2-thread-2 | simplegeneratorhostkeyprovider | 48 - org.apache.sshd.core - 1.2.0 | generatekeypair(rsa) generating host key - size=4096

my etc/org.apache.karaf.shell.cfg:

sshport=8101 sshhost=0.0.0.0 sshrealm=karaf hostkey=${karaf.etc}/host.key algorithm=rsa keysize=4096 

after digging in logs i've found out, host.key file not loaded properly:

2017-03-29t13:44:58,977 | warn | sshd-sshserver[18c17f90]-nio2-thread-1 | simplegeneratorhostkeyprovider | 48 - org.apache.sshd.core - 1.2.0 | resolvekeypair(~/karaf-docker/apache-karaf-4.1.0/etc/host.key) failed (invalidkeyspecexception) load: missing classes: org.bouncycastle.jcajce.provider.asymmetric.rsa.bcrsaprivatecrtkey 2017-03-29t13:45:00,340 | error | sshd-sshserver[18c17f90]-nio2-thread-1 | simplegeneratorhostkeyprovider | 48 - org.apache.sshd.core - 1.2.0 | overwriting key (~/karaf-docker/apache-karaf-4.1.0/etc/host.key) disabled: using throwaway ssh-dss: sha256:3ywwxdzoymmvebyiwmiguq8g3j7kfapd+avcmoue2r4 2017-03-29t13:45:00,342 | warn | sshd-sshserver[18c17f90]-nio2-thread-1 | serversessionimpl

the apache sshd reads/writes host.key using java serialization might cause issues in osgi (and, maybe worse, redeploy of feature might turn file useless).

karaf creates server key when first connect using ssh. place key in karaf home etc/host.key. key should created once each karaf server.

you can provide own key there avoid overhead of creation.

the key generated org.apache.sshd.server.keyprovider.simplegeneratorhostkeyprovider. when creates key should see message in log:

generatekeypair(rsa) generating host key - size=4096 

Comments

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

c# - Selenium Authentication Popup preventing driver close or quit -

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -