Key based logins to your openHAB server console

Up until now, I was first doing a ssh login to my Pi3, then from there ssh to the well-known port and using the well-known password:

  • ssh openhab@localhost -p 8101

Apart from the security issues with the well-known password, this was adding another step of hassle whenever I needed to do some karaf operations or simply shut down my server for updates.

I always wanted to read up on Karaf to see how I can use key based logins, but somehow never got around to do that.

Thanks to a posting on the forums by Benj ( https://community.openhab.org/t/security-of-karaf-console/17661/3 ), I can streamline this step:

  1. Create a key on the connecting client through your usual methods (e.g. ssh-keygen).
    • This step is optional if you already have a key you are using for your other systems.
  2. Copy the public key into openHAB’s keys.properties (i.e. in userdata/etc/ or /var/lib/openhab2/etc/)
    • This follows the format [username]=[key],_g_:admingroup
    • Default username is openhab, but I prefer to use my “normal” username here too. Makes everything a tiny little bit easier
    • You can have multiple usernames if you decide to allow access to your openhab core for multiple users.
  3. Volia! Passwordless login

Of course, all of this might be moot when openHAB Cloud is released (on December 15th I believe).

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.