2 Replies Latest reply on Jun 20, 2014 9:18 AM by Vincent Desjardins

    Unable to connect to fabric with a SSH private/public key

    Vincent Desjardins Newbie

      Hi,

       

      I'm trying to setup a private/public key authentification with Fabric. My public key is setuped like this in the file etc/keys.properties:

       

      asuser=AAAAB3NzaC1yc2EAAAABIwAAAQEAo6ZWXYfnudsP4Za1g8Y7ezkIJsiSjIbGXmxyP3ZQYAq4yKxI4JkJ3gbcRIzVP2PvCNdmgOnn0fog0xVYdZGQnw33QfR8yQRYccm6jyuw1NeoiH7OnpyfhoHOuy10hXsz3eFviFeKG4SYZjLTCDgdyKicF68/dbc6/R17g3Fd21BgQkS058YfWCfTRHzagETfsA73veQuf1nZYarWl3X4qFYlV0/XO72EJr4yXgL3y7u/v79VivXa0WKikqRe4gf6nwJum90oQNrqQ/9uib0OUHzZ+T+LxD3ZQjCAOK21SqykOOMyjqdn0lu84LCKT0uHRVFak1gSq+z0xzlA3y2ogw==,admin

       

      Connecting with OpenSSH client with my private key always results in a password prompt.

       

      I didn't alter the default realms in Fabric. They are configured like this:

       

      JBossFuse:karaf@esb-test-01> jaas:realms

      Index Realm                Module Class

          1 karaf                org.apache.karaf.jaas.modules.properties.PropertiesLoginModule

          2 karaf                org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule

          3 karaf                io.fabric8.jaas.ZookeeperLoginModule

       

       

      I tried to deploy a configuration blueprint with the same PublickeyLoginModule. After the deployment the SSH connection with my private key succeed *but* all other authentification fail. For exemple I can't connect anymore to the web console.

       

      Here is the blueprint that I tried:

       

      <?xml version="1.0" encoding="UTF-8"?>

      <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"

                 xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"

                 xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"

                 xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

       

       

          <!-- Allow usage of System properties, especially the karaf.base property -->

          <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>

       

       

          <jaas:config name="karaf" rank="2">

              <jaas:module className="org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule"

                           flags="sufficient">

                  users = $[karaf.base]/etc/keys.properties

              </jaas:module>

          </jaas:config>

      </blueprint>

       

       

      What am I missing? Do I have to configure something else?

        • 1. Re: Unable to connect to fabric with a SSH private/public key
          Freeman(Yue) Fang Master

          Hi,

           

          In fabric, the realm karaf with module class io.fabric8.jaas.ZookeeperLoginModule has high rank, and this is the central place to do JAAS in fabric for jmx|http|ssh connection.

           

          So you need use command like

          jaas:manage --module io.fabric8.jaas.ZookeeperLoginModule --realm karaf

          jaas:useradd newuser newuserpassword

          jaas:roleadd newuser newuserrole

          jaas:update

          to add new users with password(fabric will save the encrypted password into zookeeper), but the private/public key authentification isn't supported in fabric yet, though it's supported in Karaf, but the fabric managed container will use the io.fabric8.jaas.ZookeeperLoginModule which will bypass the karaf one.

           

          I will create a fabric improvement issue to track this.

           

          Freeman

          1 of 1 people found this helpful
          • 2. Re: Unable to connect to fabric with a SSH private/public key
            Vincent Desjardins Newbie

            Hi,

             

            Thanks for your answer.

             

            I need to authenticate by public key to automate tasks in fabric. In the meantime I will connect by password instead of a key.

             

            Or maybe you know of a better way to call fabric programmatically?

             

            Thanks again!

             

            - Vincent