SSH Access

IAM.tfopen in new window has its own built-in SSH service that you can use to access the server command line console. The same credentials that are used to access IAM.tfopen in new window.

Connecting ot the server

You can configure your SSH client with default options for your IAM.tfopen in new window connection by modifying your $HOME/.ssh/config file. In the following example we configured hostname, port (8101 is IAM.tfopen in new window's default SSH port), user and added ssh-rsa to the list of available hostkeyalgorithms.

Host josso
        User admin
        Hostname localhost
        Port 8101
        HostkeyAlgorithms +ssh-rsa

You can connect by simply typing using the Host value:

ssh josso

You can also pass all options to the ssh command:

ssh -oPort=8101 -oHostkeyAlgorithms=+ssh-rsa admin@localhost

Credentials

Users allowed to connect using SSH are the same users that have Web and JMX access. These are users registered in the server with the Administrators. You can add/modify server users by accessing the Provisioning section in the web console, or by using spml: commands.

Tips

When using SPML, you can mange any in multiple built-in user repository, the default repository can be reference with these coordinates idau-default pst-default and psp-default. See SMPL commands docunetation for more details

Using SSH keys

It is possible to connect to the server using SSH keys instead of username/password credentials. Unfortunatly at the moment only one of the two methods can be enabled at a time.

By default, username and password is used, in order to switch to private/public keys we need to modify the SHELL module.

Edit the file $IAMTF_HOME/server/etc/org.apache.karaf.shell.cfg and set the sshRealm property to atricore-sshkey

#sshRealm=atricore
sshRealm=atricore-sshkey

Restart IAM.tfopen in new window in foreground mode and add register each user's public key. Set the certificate property to the SSH public key, for instance to configure the admin public key:

karaf@josso-ee> spml:usrmodify -u admin -c AAAAB3NzaC1yc2EAAAADAQABAAABAQDfum1bjD5kkGi+bhX1UO3a9DV/gz74luIbMxNqCuMKIqcLGUuTRQnWEondYwhlb5ZiLzdJIBS+mHb4iOUbVRiWqG1VK9DvlwASQfaQFtBvKV7p4xJ07ROqwQlhqBuCURLocAuyGplSNbPFxoD8dBtWvxhvYLQ1KX8nN4WNAwAFn0fFExWAuYc15Tx6MOkfw79P7xLxiR0zJ5Bv5xl3jgrkSWQofYZaK9QS6THSWrX9j6EQSlqsyrlRBTLAp+IOyq16W/EINkOj7jAq0pF0iNawjHDmU0XmfJOkVUNrrhNNLvYIDU4ovtwIa1pbDy2ISxFrw2UFloCdzY1zrGqo0Tez

Now you can access IAM.tfopen in new window using your private key, these are the ~/.ssh/config entries

  Host iamtf
        User admin
        Hostname localhost
        Port 8101
        Ciphers +aes256-cbc
        HostkeyAlgorithms +ssh-rsa
        PubkeyAcceptedAlgorithms +ssh-rsa
        BatchMode=yes

Connecting using .ssh/config

ssh josso2

Connecting passing all options

ssh -oPort=8101 -oCiphers=+aes256-cbc -oHostkeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -oBatchMode=yes admin@localhost

Tips

Depending on your environment, some of the used options may not be required, we are providing an example that uses all as an example

Commands

Some of the most usefull commads are found in these namespaces, just type it and press TAB

  • appliance: manage identity appliances (lifecycle, view import/export)
  • log: access atricore.log file
  • shell: shell utils like grep
  • spml: server user management

Appliance specific commands start with the appliance: prefix, you can press TAB at the prompt to see a full list of all available commands. You can always use the --help option to get details on a specific command, for example:

appliance:list --help
Last Updated:
Contributors: Sebastian