Re: ssh passwordless login to Karaf


A Vamsikrishna
 

Hi Ryan,

 

I want to do passwordless login using the userid: egjmnnq . I am following https://karaf.apache.org/manual/latest/security

 

below are the changes made but no luck as it's still prompting for password:

 

1. etc/users.properties:

 

egjmnnq = egjmnnq,_g_:admingroup

_g_\:admingroup = group,admin,manager,viewer,systembundles

 

 

2. Generated keys as follows on my openSSH client:

 

ssh-keygen -t dsa -f karaf.id_dsa -N karaf

 

[egjmnnq.PF0KDF1U] ls -lrt

total 6

-rw-r--r--    1 egjmnnq  UsersGrp       393 Jun 13 18:01 README.txt

lrwxrwxrwx    1 egjmnnq  UsersGrp        33 Jun 13 18:01 MyDocuments -> /drives/C/Users/egjmnnq/DOCUME~1/

lrwxrwxrwx    1 egjmnnq  UsersGrp        61 Jun 13 18:01 LauncherFolder -> /drives/C/Users/egjmnnq/Desktop/NEWFOL~1/ERICSS~1/MOBAXT~1.2/

lrwxrwxrwx    1 egjmnnq  UsersGrp        32 Jun 13 18:01 Desktop -> /drives/C/Users/egjmnnq/Desktop/

-rw-r--r--    1 egjmnnq  UsersGrp       606 Jun 13 18:23 karaf.id_dsa.pub

-rw-r--r--    1 egjmnnq  UsersGrp       751 Jun 13 18:23 karaf.id_dsa

                                                                         

                                                                                                                                                                                                                                                                                               

 

 

[egjmnnq.PF0KDF1U] cat karaf.id_dsa.pub

ssh-dss AAAAB3NzaC1kc3MAAACBANNMOUvACwVH99GhyKzSB7m/Ovy+xAQZX1gUs5Pk2FeUyCtR3nVBDNtdiT/4Eg/RT/Be+RynTanWJ/5KBeu3hY3I3gOIi9H1rFztf1ObOc+BvUtFC6h4/dppXqxmHm1PX67DVLAmz7IdR+dvxoG5iplJKHUvdRA8PiHB4ffL/c77AAAAFQDFTP6Qn+8McN3WA4/ELTcoYMzdKwAAAIBqK/E8dsXUSH62Og/TdifJpfLadq90zA3DHS1zvLYAJ+iIBm3V6jrKGw5H036hfYKOPvzWQ5USpkWfj4WXecra+Bfpxfq+zxWL3Xs1c592oJne4h0T9RQC780/tC3hLXoMeotuL4avM1IiQrnXkk3FjMj04elUIUwGAdBeVhG5HAAAAIAaaGsbYUzpdKrEOMpo+1XQGXkL8lGTW1JJOGbAGeZAe6/6xLIl025HIlnYCrAWsmqL6xcRzbzI/Enk3s9ZddQ+XmLJddgURwj8tMIAGZq0p7emBczw4fOaiv4Tc2Z+vyQJ+n+P9V94g1j2hdyqq4H2Ew0oPvIUUAEGv2Yz+SGj7Q== egjmnnq@PF0KDF1U

 

3. copied pub key in etc/keys.properties

 

egjmnnq=ssh-dss AAAAB3NzaC1kc3MAAACBANNMOUvACwVH99GhyKzSB7m/Ovy+xAQZX1gUs5Pk2FeUyCtR3nVBDNtdiT/4Eg/RT/Be+RynTanWJ/5KBeu3hY3I3gOIi9H1rFztf1ObOc+BvUtFC6h4/dppXqxmHm1PX67DVLAmz7IdR+dvxoG5iplJKHUvdRA8PiHB4ffL/c77AAAAFQDFTP6Qn+8McN3WA4/ELTcoYMzdKwAAAIBqK/E8dsXUSH62Og/TdifJpfLadq90zA3DHS1zvLYAJ+iIBm3V6jrKGw5H036hfYKOPvzWQ5USpkWfj4WXecra+Bfpxfq+zxWL3Xs1c592oJne4h0T9RQC780/tC3hLXoMeotuL4avM1IiQrnXkk3FjMj04elUIUwGAdBeVhG5HAAAAIAaaGsbYUzpdKrEOMpo+1XQGXkL8lGTW1JJOGbAGeZAe6/6xLIl025HIlnYCrAWsmqL6xcRzbzI/Enk3s9ZddQ+XmLJddgURwj8tMIAGZq0p7emBczw4fOaiv4Tc2Z+vyQJ+n+P9V94g1j2hdyqq4H2Ew0oPvIUUAEGv2Yz+SGj7Q== egjmnnq@PF0KDF1U,_g_:admingroup

_g_\:admingroup = group,admin,manager,viewer,systembundles

 

 

4. When I try to connect from my openSSH client it's still prompting for password.

 

[egjmnnq.PF0KDF1U] ssh -p 8101 -i karaf.id_dsa egjmnnq@...

egjmnnq@...'s password:

 

    ________                       ________                .__  .__       .__     __

    \_____  \ ______   ____   ____ \______ \ _____  ___.__.|  | |__| ____ |  |___/  |_

     /   |   \\____ \_/ __ \ /    \ |    |  \\__  \<   |  ||  | |  |/ ___\|  |  \   __\

    /    |    \  |_> >  ___/|   |  \|    `   \/ __ \\___  ||  |_|  / /_/  >   Y  \  |

    \_______  /   __/ \___  >___|  /_______  (____  / ____||____/__\___  /|___|  /__|

            \/|__|        \/     \/        \/     \/\/            /_____/      \/

 

 

Hit '<tab>' for a list of available commands

and '[cmd] --help' for help on a specific command.

Hit '<ctrl-d>' or type 'system:shutdown' or 'logout' to shutdown OpenDaylight.

 

opendaylight-user@root>

 

 

Am I missing anything ?

 

Thanks,

Vamsi

 

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, June 13, 2018 7:26 PM
To: A Vamsikrishna <a.vamsikrishna@...>
Cc: aaa-dev@...
Subject: Re: [Aaa-dev] ssh passwordless login to Karaf

 

Vamsi,

 

AAA does not control karaf's authentication; the two are configured separately.  I suggest you engage the upstream Apache Karaf community.

 

HTH.

 

Regards,

Ryan


Regards,

Ryan Goulding

 

On Wed, Jun 13, 2018 at 5:27 AM, A Vamsikrishna <a.vamsikrishna@...> wrote:

Hi Stephen / Ryan,

 

Can you please help me with the steps to perform ssh passwordless login to Karaf ?

 

Thanks,

Vamsi


_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev

 

Join z.archive.aaa-dev@lists.opendaylight.org to automatically receive all group messages.