openhab-distro icon indicating copy to clipboard operation
openhab-distro copied to clipboard

Published 20 hours ago verified publisher icon openhab

default remote console access localhost only

Open mstormi opened this issue 1 year ago • 4 comments

In org.apache.karaf.shell.cfg, sshHost is 127.0.0.1 by default. Can you please change that (in time for OH4) to be 0.0.0.0. That's a fairly annoying restriction that'll do more harm than good . For most installs this goes unchanged.

So the console cannot be used from remote on default (and hence 99% of) installs. The config is also getting reset on any OH upgrade which is very annoying even to experts. ( 'Security' is a bad argument here as you have to protect your installation from the internet anyway and anyone interested can do easily)

mstormi avatar Jun 23 '23 07:06 mstormi

I think this is was set intentionally by default both for openHAB and for Karaf, it would be a problem to set 0.0.0.0 by default because the default username and password into the machine is known.

The config is also getting reset on any OH upgrade which is very annoying even to experts.

Yes, but ideally anything in ${OPENHAB_USERDATA} shouldn't be changed manually by the user because it may be overwritten by the software or distribution. There a few files in this folder where this is unavoidable but for most things there's an alternative in ${OPENHAB_CONF} which is always persistent.

You can also change this in ${OPENHAB_CONF}/services/runtime.cfg by un-commenting the line:

#org.apache.karaf.shell:sshHost = 0.0.0.0

which will persist between upgrades. Again, I would advise not doing this by default until a user has changed the console password. IMO, this should be a user decision to change.

BClark09 avatar Jul 06 '23 14:07 BClark09

Perhaps in the future the initial setup wizard can ask what username/password should be used to access the Console instead of the current defaults. By default Karaf is more secure nowadays. It has no default user and you need to manually configure this if you want access to the console (see user guide). The initial OH setup wizard could also ask if you want to make the Console available on external interfaces.

wborn avatar Jul 22 '23 08:07 wborn

good idea Wouter @ghys Yannick do you think you could add that to the wizard ?

mstormi avatar Jul 22 '23 09:07 mstormi

for 4.0 that would be extremely last minute and extremely unlikely, Markus ;)

but in the future I think the setup wizard could handle more things indeed, like that or help the user configure an openHAB Cloud/myopenhab.org instance if they wish. I'm not sure yet if it could be the same wizard or a separate one but there would also be a need to set up the initial model (asking how many floors, list the rooms in each, do you have a front/backyard, etc.)

ghys avatar Jul 22 '23 18:07 ghys