Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-32

Support ssh public key authentication and agent forwarding

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.6, 3.0.0
    • Component/s: karaf-shell
    • Labels:
      None

      Description

      The karaf agent needs to be enhanced to be able to set up an ssh agent and use a public/private key.
      The ssh server need to be configured with a public key authentication that could delegate to the KeystoreInstance using certificates.
      The goal would be support the following use cases:

      • once a user is logged into a given karaf instance, he can connect to any other instance (provided that the public key is supported)
      • the stop script could use the ssh agent so that you don't need to launch it with a password on the command line

      A set of commands to administer the keystores might be interesting (maybe a console plugin too, but we need to check with what Geronimo provides in this area).

      Btw, I wonder if Apache Shiro would help in any way for all the security stuff.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jbonofre Jean-Baptiste Onofré
                Reporter:
                gnt Guillaume Nodet
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: