Unconfigured public SSH Server
SSH server is running on port 8101. Username is karaf. Password is karaf. It is listening to all hosts. This is an immense security issue. The SSH server should best be deactivated by default.
I couldn't find a way to disable the SSH console completely (see docs at https://karaf.apache.org/manual/latest/users-guide/remote.html as well), but I've changed the default config to bind to localhost only (commit b3d24a8a1070dc17fc5c9047ef053e4a65c5fe22).
I agree, the SSH connection to the Karaf console is not something that needs to be there in order for Opencast to run properly. We can therefore disable it by default and give the user the choice to activate it.