SSH Access

JOSSO has its own built-in SSH service that you can use to access the server command line console. The credentials are the same as those used to access JOSSO.

Connecting to the server

You can configure your SSH client with default options for your JOSSO connection by modifying your $HOME/.ssh/config file. In the following example we configured hostname, port (8101 is JOSSO's default SSH port), user and added ssh-rsa to the list of available hostkeyalgorithms.

Host josso
        User admin
        Hostname localhost
        Port 8101
        HostkeyAlgorithms +ssh-rsa

You can connect simply by typing using the Host value:

ssh josso

You can also pass all options to the ssh command:

ssh -oPort=8101 -oHostkeyAlgorithms=+ssh-rsa admin@localhost

Credentials

Users allowed to connect using SSH are the same users that have Web and JMX access. These are users registered in the server with the Administrators. You can add/modify server users by accessing the Provisioning section in the web console, or by using spml: commands.

TIP

When using SPML, you can manage any multiple built-in user repository, the default repository can be reference with these coordinates: idau-default pst-default and psp-default. See SMPL commands documentation for more details

Using SSH keys

It is possible to connect to the server using SSH keys instead of username/password credentials. Unfortunately, at the moment only one of the two methods can be enabled at a time.

TIP

Available since JOSSO 2.5.2 update #21

By default, username and password is used, in order to switch to private/public keys we need to modify the SHELL module.

Edit the file $JOSSO_HOME/server/etc/org.apache.karaf.shell.cfg and set the sshRealm property to atricore-sshkey

#sshRealm=atricore
sshRealm=atricore-sshkey

Restart JOSSO in foreground mode and add register each user's public key. Set the certificate property to the SSH public key, for instance, to configure the admin public key:

karaf@josso-ee> spml:usrmodify -u admin -c AAAAB3NzaC1yc2EAAAADAQABAAABAQDfum1bjD5kkGi+bhX1UO3a9DV/gz74luIbMxNqCuMKIqcLGUuTRQnWEondYwhlb5ZiLzdJIBS+mHb4iOUbVRiWqG1VK9DvlwASQfaQFtBvKV7p4xJ07ROqwQlhqBuCURLocAuyGplSNbPFxoD8dBtWvxhvYLQ1KX8nN4WNAwAFn0fFExWAuYc15Tx6MOkfw79P7xLxiR0zJ5Bv5xl3jgrkSWQofYZaK9QS6THSWrX9j6EQSlqsyrlRBTLAp+IOyq16W/EINkOj7jAq0pF0iNawjHDmU0XmfJOkVUNrrhNNLvYIDU4ovtwIa1pbDy2ISxFrw2UFloCdzY1zrGqo0Tez

Now you can access JOSSO using your private key, these are the ~/.ssh/config entries:

  Host josso2
        User admin
        Hostname localhost
        Port 8101
        Ciphers +aes256-cbc
        HostkeyAlgorithms +ssh-rsa
        PubkeyAcceptedAlgorithms +ssh-rsa
        BatchMode=yes

Connecting using .ssh/config

ssh josso2

Connecting passing all options

ssh -oPort=8101 -oCiphers=+aes256-cbc -oHostkeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -oBatchMode=yes admin@localhost

TIP

Depending on your environment, some of the used options may not be required; we are providing an example that uses all as an example

Commands

Some of the most useful commands are found in these namespaces, just type it and press TAB

  • appliance: manage identity appliances (lifecycle, view import/export)
  • log: access atricore.log file
  • shell: shell utils like grep
  • spml: server user management

Appliance-specific commands start with the appliance: prefix, you can press TAB at the prompt to see a full list of all available commands. You can always use the --help option to get details on a specific command, for example:

appliance:list --help
Last Updated:
Contributors: Sebastian, karenlehmann