2 Replies Latest reply on Jun 20, 2014 9:18 AM by Vincent Desjardins

    Unable to connect to fabric with a SSH private/public key

    Vincent Desjardins Newbie



      I'm trying to setup a private/public key authentification with Fabric. My public key is setuped like this in the file etc/keys.properties:




      Connecting with OpenSSH client with my private key always results in a password prompt.


      I didn't alter the default realms in Fabric. They are configured like this:


      JBossFuse:karaf@esb-test-01> jaas:realms

      Index Realm                Module Class

          1 karaf                org.apache.karaf.jaas.modules.properties.PropertiesLoginModule

          2 karaf                org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule

          3 karaf                io.fabric8.jaas.ZookeeperLoginModule



      I tried to deploy a configuration blueprint with the same PublickeyLoginModule. After the deployment the SSH connection with my private key succeed *but* all other authentification fail. For exemple I can't connect anymore to the web console.


      Here is the blueprint that I tried:


      <?xml version="1.0" encoding="UTF-8"?>

      <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"






          <!-- Allow usage of System properties, especially the karaf.base property -->

          <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>



          <jaas:config name="karaf" rank="2">

              <jaas:module className="org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule"


                  users = $[karaf.base]/etc/keys.properties






      What am I missing? Do I have to configure something else?

        • 1. Re: Unable to connect to fabric with a SSH private/public key
          Freeman(Yue) Fang Master



          In fabric, the realm karaf with module class io.fabric8.jaas.ZookeeperLoginModule has high rank, and this is the central place to do JAAS in fabric for jmx|http|ssh connection.


          So you need use command like

          jaas:manage --module io.fabric8.jaas.ZookeeperLoginModule --realm karaf

          jaas:useradd newuser newuserpassword

          jaas:roleadd newuser newuserrole


          to add new users with password(fabric will save the encrypted password into zookeeper), but the private/public key authentification isn't supported in fabric yet, though it's supported in Karaf, but the fabric managed container will use the io.fabric8.jaas.ZookeeperLoginModule which will bypass the karaf one.


          I will create a fabric improvement issue to track this.



          1 of 1 people found this helpful
          • 2. Re: Unable to connect to fabric with a SSH private/public key
            Vincent Desjardins Newbie



            Thanks for your answer.


            I need to authenticate by public key to automate tasks in fabric. In the meantime I will connect by password instead of a key.


            Or maybe you know of a better way to call fabric programmatically?


            Thanks again!


            - Vincent