default remote console access localhost only
mstormi opened this issue · 4 comments
In org.apache.karaf.shell.cfg, sshHost is 127.0.0.1 by default.
Can you please change that (in time for OH4) to be 0.0.0.0.
That's a fairly annoying restriction that'll do more harm than good .
For most installs this goes unchanged.
So the console cannot be used from remote on default (and hence 99% of) installs.
The config is also getting reset on any OH upgrade which is very annoying even to experts.
( 'Security' is a bad argument here as you have to protect your installation from the internet anyway and anyone interested can do easily)
I think this is was set intentionally by default both for openHAB and for Karaf, it would be a problem to set 0.0.0.0 by default because the default username and password into the machine is known.
The config is also getting reset on any OH upgrade which is very annoying even to experts.
Yes, but ideally anything in ${OPENHAB_USERDATA} shouldn't be changed manually by the user because it may be overwritten by the software or distribution. There a few files in this folder where this is unavoidable but for most things there's an alternative in ${OPENHAB_CONF} which is always persistent.
You can also change this in ${OPENHAB_CONF}/services/runtime.cfg by un-commenting the line:
#org.apache.karaf.shell:sshHost = 0.0.0.0
which will persist between upgrades. Again, I would advise not doing this by default until a user has changed the console password. IMO, this should be a user decision to change.
Perhaps in the future the initial setup wizard can ask what username/password should be used to access the Console instead of the current defaults. By default Karaf is more secure nowadays. It has no default user and you need to manually configure this if you want access to the console (see user guide). The initial OH setup wizard could also ask if you want to make the Console available on external interfaces.
for 4.0 that would be extremely last minute and extremely unlikely, Markus ;)
but in the future I think the setup wizard could handle more things indeed, like that or help the user configure an openHAB Cloud/myopenhab.org instance if they wish. I'm not sure yet if it could be the same wizard or a separate one but there would also be a need to set up the initial model (asking how many floors, list the rooms in each, do you have a front/backyard, etc.)