diff --git a/assemblies/features/base/src/main/resources/resources/etc/keys.properties b/assemblies/features/base/src/main/resources/resources/etc/keys.properties
index 6ab2072fd6e..e0538ff234b 100644
--- a/assemblies/features/base/src/main/resources/resources/etc/keys.properties
+++ b/assemblies/features/base/src/main/resources/resources/etc/keys.properties
@@ -29,7 +29,7 @@
#
#
-# For security reason, the default auto-signed key is disabled.
+# This is an example of how to associate a public key with a user.
# The user guide describes how to generate/update the key.
#
#karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,_g_:admingroup
diff --git a/client/pom.xml b/client/pom.xml
index 847884db76d..5947b27dbe6 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -87,7 +87,6 @@
META-INF;-split-package:=merge-first
- ../shell/ssh/src/main/resources/karaf.key,
{maven-resources}
!*
@@ -95,27 +94,6 @@
true
-
- org.codehaus.mojo
- build-helper-maven-plugin
-
-
- attach-artifacts
- package
-
- attach-artifact
-
-
-
-
- target/classes/karaf.key
- key
-
-
-
-
-
-
diff --git a/client/src/main/java/org/apache/karaf/client/Main.java b/client/src/main/java/org/apache/karaf/client/Main.java
index 9fcc7c89db0..1bbdaca988b 100644
--- a/client/src/main/java/org/apache/karaf/client/Main.java
+++ b/client/src/main/java/org/apache/karaf/client/Main.java
@@ -25,10 +25,8 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.io.ObjectInputStream;
import java.io.Reader;
import java.lang.reflect.Proxy;
-import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Paths;
import java.security.KeyPair;
@@ -141,7 +139,7 @@ public String getUpdatedPassword(ClientSession session, String prompt, String la
}
});
}
-
+
if (config.getUser()==null || config.getUser().isEmpty()) {
while (true) {
String user = console.readLine("Enter user: ");
@@ -157,7 +155,7 @@ public String getUpdatedPassword(ClientSession session, String prompt, String la
else if (console != null) {
console.printf("Logging in as %s\n", config.getUser());
}
-
+
setupAgent(config.getUser(), config.getKeyFile(), client, passwordProvider);
// define hearbeat (for the keep alive) and timeouts
@@ -216,7 +214,7 @@ else if (console != null) {
if (channel.getExitStatus() != null) {
exitStatus = channel.getExitStatus();
}
-
+
} else {
ChannelShell channel = session.createShellChannel();
Attributes attributes = terminal.enterRawMode();
@@ -354,8 +352,7 @@ private static int getFlag(Attributes attributes, LocalFlag flag) {
private static void setupAgent(String user, String keyFile, SshClient client, FilePasswordProvider passwordProvider) {
SshAgent agent;
- URL builtInPrivateKey = Main.class.getClassLoader().getResource("karaf.key");
- agent = startAgent(user, builtInPrivateKey, keyFile, passwordProvider);
+ agent = startAgent(user, keyFile, passwordProvider);
client.setAgentFactory(new LocalAgentFactory(agent));
client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME, "local");
}
@@ -380,40 +377,23 @@ private static ClientSession connectWithRetries(SshClient client, ClientConfig c
return session;
}
- private static SshAgent startAgent(String user, URL privateKeyUrl, String keyFile, FilePasswordProvider passwordProvider) {
- InputStream is = null;
+ private static SshAgent startAgent(String user, String keyFile, FilePasswordProvider passwordProvider) {
try {
SshAgent agent = new AgentImpl();
- is = privateKeyUrl.openStream();
- ObjectInputStream r = new ObjectInputStream(is);
- KeyPair keyPair = (KeyPair) r.readObject();
- is.close();
- agent.addIdentity(keyPair, user);
if (keyFile != null) {
FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(Paths.get(keyFile));
fileKeyPairProvider.setPasswordFinder(passwordProvider);
for (KeyPair key : fileKeyPairProvider.loadKeys()) {
- agent.addIdentity(key, user);
+ agent.addIdentity(key, user);
}
}
return agent;
} catch (Throwable e) {
- close(is);
System.err.println("Error starting ssh agent for: " + e.getMessage());
return null;
}
}
- private static void close(Closeable is) {
- if (is != null) {
- try {
- is.close();
- } catch (IOException e1) {
- // Ignore
- }
- }
- }
-
private static void registerSignalHandler(final Terminal terminal, final PtyCapableChannelSession channel) {
try {
Class> signalClass = Class.forName("sun.misc.Signal");
diff --git a/client/src/main/key/karaf.key b/client/src/main/key/karaf.key
deleted file mode 100644
index 708a466b380..00000000000
Binary files a/client/src/main/key/karaf.key and /dev/null differ
diff --git a/manual/src/main/asciidoc/user-guide/security.adoc b/manual/src/main/asciidoc/user-guide/security.adoc
index 0c459838096..f4cced27109 100644
--- a/manual/src/main/asciidoc/user-guide/security.adoc
+++ b/manual/src/main/asciidoc/user-guide/security.adoc
@@ -360,18 +360,6 @@ The keys allowed to connect are stored in `etc/keys.properties` file, following
user=key,role
----
-By default, Karaf allows a key for the karaf user:
-
-----
-#karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,_g_:admingroup
-_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
-----
-
-[NOTE]
-====
-For security reason, this key is disabled. We encourage to create the keys pair per client and update the `etc/keys.properties` file.
-====
-
The easiest way to create key pair is to use OpenSSH.
You can create a key pair using:
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafAgentFactory.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafAgentFactory.java
index 0f3e4e40a1b..9b4884ee611 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafAgentFactory.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafAgentFactory.java
@@ -19,10 +19,6 @@
package org.apache.karaf.shell.ssh;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.net.URL;
-import java.security.KeyPair;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -105,11 +101,6 @@ public void registerSession(org.apache.karaf.shell.api.console.Session session)
try {
String user = (String) session.get("USER");
SshAgent agent = new AgentImpl();
- URL url = getClass().getClassLoader().getResource("karaf.key");
- InputStream is = url.openStream();
- ObjectInputStream r = new ObjectInputStream(is);
- KeyPair keyPair = (KeyPair) r.readObject();
- agent.addIdentity(keyPair, "karaf");
String agentId = "local:" + user;
session.put(SshAgent.SSH_AUTHSOCKET_ENV_NAME, agentId);
locals.put(agentId, agent);
diff --git a/shell/ssh/src/main/resources/karaf.key b/shell/ssh/src/main/resources/karaf.key
deleted file mode 100644
index 708a466b380..00000000000
Binary files a/shell/ssh/src/main/resources/karaf.key and /dev/null differ
diff --git a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/ClientMojo.java b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/ClientMojo.java
index 1d5cc1ea4fb..f98668d1d4c 100644
--- a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/ClientMojo.java
+++ b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/ClientMojo.java
@@ -46,11 +46,8 @@
import java.io.FileReader;
import java.io.IOError;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
-import java.net.URL;
import java.security.KeyPair;
import java.util.Comparator;
import java.util.EnumSet;
@@ -236,20 +233,15 @@ public String getUpdatedPassword(ClientSession session, String prompt, String la
}
private void setupAgent(String user, File keyFile, SshClient client) {
- URL builtInPrivateKey = ClientMojo.class.getClassLoader().getResource("karaf.key");
- SshAgent agent = startAgent(user, builtInPrivateKey, keyFile);
+ SshAgent agent = startAgent(user, keyFile);
client.setAgentFactory( new LocalAgentFactory(agent));
client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME, "local");
}
- private SshAgent startAgent(String user, URL privateKeyUrl, File keyFile) {
- try (InputStream is = privateKeyUrl.openStream())
+ private SshAgent startAgent(String user, File keyFile) {
+ try
{
SshAgent agent = new AgentImpl();
- ObjectInputStream r = new ObjectInputStream(is);
- KeyPair keyPair = (KeyPair) r.readObject();
- is.close();
- agent.addIdentity(keyPair, user);
if (keyFile != null) {
FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(keyFile.getAbsoluteFile().toPath());
for (KeyPair key : fileKeyPairProvider.loadKeys()) {
diff --git a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/DeployMojo.java b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/DeployMojo.java
index e9ee204f8e5..92312eb73c0 100644
--- a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/DeployMojo.java
+++ b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/client/DeployMojo.java
@@ -50,11 +50,8 @@
import java.io.File;
import java.io.IOError;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
-import java.net.URL;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.EnumSet;
@@ -240,20 +237,14 @@ public String getUpdatedPassword(ClientSession session, String prompt, String la
}
private void setupAgent(String user, File keyFile, SshClient client) {
- URL builtInPrivateKey = ClientMojo.class.getClassLoader().getResource("karaf.key");
- SshAgent agent = startAgent(user, builtInPrivateKey, keyFile);
+ SshAgent agent = startAgent(user, keyFile);
client.setAgentFactory( new LocalAgentFactory(agent));
client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME, "local");
}
- private SshAgent startAgent(String user, URL privateKeyUrl, File keyFile) {
- try (InputStream is = privateKeyUrl.openStream())
- {
+ private SshAgent startAgent(String user, File keyFile) {
+ try {
SshAgent agent = new AgentImpl();
- ObjectInputStream r = new ObjectInputStream(is);
- KeyPair keyPair = (KeyPair) r.readObject();
- is.close();
- agent.addIdentity(keyPair, user);
if (keyFile != null) {
FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(keyFile.getAbsoluteFile().toPath());
for (KeyPair key : fileKeyPairProvider.loadKeys()) {