JarCasting
JarCasting JarCasting

Karaf SFTP Home Setup

Configuration extension for Karaf SSH Server

License

License
GroupId

GroupId

org.sodeac
ArtifactId

ArtifactId

org.sodeac.karaf.sftphome
Last Version

Last Version

1.1.0
Release Date

Release Date
Type

Type

bundle
Description

Description

Karaf SFTP Home Setup
Configuration extension for Karaf SSH Server
Project URL

Project URL

https://github.com/spalarus/karaf-sodeac-sftphome
Source Code Management

Source Code Management

https://github.com/spalarus/karaf-sodeac-sftphome.git

Download org.sodeac.karaf.sftphome

Filename Size
org.sodeac.karaf.sftphome-1.1.0.pom
org.sodeac.karaf.sftphome-1.1.0.jar 24 KB
org.sodeac.karaf.sftphome-1.1.0-sources.jar 11 KB
org.sodeac.karaf.sftphome-1.1.0-javadoc.jar 53 KB
Browse

Dependencies

compile (4)

Group / Artifact Type Version
org.apache.sshd : sshd-osgi jar 2.5.1
org.apache.sshd : sshd-scp jar 2.5.1
org.apache.sshd : sshd-sftp jar 2.5.1
org.apache.karaf.shell : org.apache.karaf.shell.ssh jar 4.2.10

provided (3)

Group / Artifact Type Version
org.osgi : osgi.core jar 6.0.0
org.osgi : osgi.cmpn jar 6.0.0
org.osgi : osgi.annotation jar 6.0.1

test (1)

Group / Artifact Type Version
junit : junit jar 3.8.1

Project Modules

There are no modules declared in this project.

Karaf SFTP Home

This bundle enables private sftp home directories for various karaf users.

Karaf dependencies

feature:install scr

Install on Apache Karaf 4.2.3-4.2.8

bundle:install -s mvn:org.sodeac/org.sodeac.karaf.sftphome/1.0.0

Install on Apache Karaf 4.2.10+

bundle:install -s mvn:org.sodeac/org.sodeac.karaf.sftphome/1.1.0

Configuration

A valid OSGi configuration is requrired to reconfigure SshServer.

  • homeroot # directory contains private homedirectories
  • rolesecureshell # role for users with access to secureshell
  • rolehomedir # role for users with private home directory
  • rolekarafbasedir # role for users with access to karaf base directory

Additionally the sshRole defined in configuration org.apache.karaf.shell must assigned to users (by default ssh) ! Users with both roles ( defined in rolehomedir and rolekarafbasedir ) have access to karaf base directory.

Example installation on vanilla Karaf 4.2.10 with PropertiesLoginModule

# install
feature:install scr
bundle:install -s mvn:org.sodeac/org.sodeac.karaf.sftphome/1.1.0

# create special role for sftp users with private home directory
jaas:realm-manage --index 1
jaas:group-create sftphomegroup
jaas:update

jaas:realm-manage --index 1
jaas:group-role-add sftphomegroup ssh
jaas:update

jaas:realm-manage --index 1
jaas:group-role-add sftphomegroup sftphome
jaas:update

# secure shell for admingroup
jaas:realm-manage --index 1
jaas:group-role-add admingroup sshconsole
jaas:update

# sftp access to ${karaf.base) for admingroup 
jaas:realm-manage --index 1
jaas:group-role-add admingroup sftpkaraf
jaas:update

# create user sftpuser with access to private home
jaas:realm-manage --index 1
jaas:user-add sftpuser secret
jaas:update

jaas:realm-manage --index 1
jaas:group-add sftpuser sftphomegroup
jaas:update

# configuration
config:edit org.sodeac.org.sodeac.karaf.sftphome
config:property-set homeroot "${karaf.base}/data/home"
config:property-set rolesecureshell sshconsole
config:property-set rolehomedir sftphome
config:property-set rolekarafbasedir sftpkaraf
config:update

Result:

  • user karaf has sftp access to ${karaf.base} and can login to secure shell
  • user sftpuser has sftp access to ${karaf.base}/data/home/sftpuser and can not login to secure shell

Credits

Versions

Version
1.1.0
1.0.0