Up until now, I was first doing a ssh login to my Pi3, then from there ssh to the well-known port and using the well-known password:
- ssh openhab@localhost -p 8101
Apart from the security issues with the well-known password, this was adding another step of hassle whenever I needed to do some karaf operations or simply shut down my server for updates.
I always wanted to read up on Karaf to see how I can use key based logins, but somehow never got around to do that.
Thanks to a posting on the forums by Benj ( https://community.openhab.org/t/security-of-karaf-console/17661/3 ), I can streamline this step:
- Create a key on the connecting client through your usual methods (e.g. ssh-keygen).
- This step is optional if you already have a key you are using for your other systems.
- Copy the public key into openHAB’s keys.properties (i.e. in
userdata/etc/
or/var/lib/openhab2/etc/
)- This follows the format [username]=[key],_g_:admingroup
- Default username is openhab, but I prefer to use my “normal” username here too. Makes everything a tiny little bit easier
- You can have multiple usernames if you decide to allow access to your openhab core for multiple users.
- Volia! Passwordless login
Of course, all of this might be moot when openHAB Cloud is released (on December 15th I believe).