Unconfigured public SSH Server


SSH server is running on port 8101. Username is karaf. Password is karaf. It is listening to all hosts. This is an immense security issue. The SSH server should best be deactivated by default.


Basil Brunner
September 24, 2015, 4:28 PM

I couldn't find a way to disable the SSH console completely (see docs at https://karaf.apache.org/manual/latest/users-guide/remote.html as well), but I've changed the default config to bind to localhost only (commit b3d24a8a1070dc17fc5c9047ef053e4a65c5fe22).

Basil Brunner
September 23, 2015, 2:20 PM

I agree, the SSH connection to the Karaf console is not something that needs to be there in order for Opencast to run properly. We can therefore disable it by default and give the user the choice to activate it.

Fixed and reviewed
Your pinned fields
Click on the next to a field label to start pinning.


Lars Kiesow


Lars Kiesow