Index Of OpenHAB Security Alert! The openhab-cli Password
Background Of OpenHAB Security Alert! The openhab-cli Password
Generally, cybersecurity experts recommend to change default passwords and default user names. During the openHAB installation, I have noticed that there is no enforcement to change the default password of the openhab-cli console.
The risk at this stage, and depending on your scenario, could be lower than high, this since you likely need to login by SSH into your openHAB first. If setup properly, then already at this stage a password (that you hopefully have changed) is required.
However, even if login into your console, that should happen before login into openhab-cli, is requiring a password, I still strongly recommend to follow the advices of cybersecurity experts. These advices simply are to change all default passwords.
This how to helps you how to change the default password.
OpenHAB Security Alert! The openhab-cli Password
The default user of openhab-cli is “openhab”, whilst the default password is “habopen”. You will notice, the “hab” and the “open” simply were put into a different position. Lets call this for now some sort of innovative with a big smily behind… From a cybersecurity point of view this is obviously not a clever move.
Lets re-cap, openhab-cli:
- username: openhab
- password: habopen
Before changing the password, I strongly recommend to leverage on a secure password manager or to write it down and put it into a secure place. Myself is using KeePass. This software also allows to suggest secure passwords.
How to Change the Password
Step zero, and before you do anything, create a full backup of your system and verify that your backup and restore are successful.
First step, generate, by for example using your password manager, a secure password!
Second step, Login into your OpenHAB server leveraging on SSH
Once login by SSH into your OpenHAB, execute the below command that will create a secure and encrypted password. Note: You need to replace the “securePassword” by the new password that you have generated for example by your password manager. In case you do not replace it, your new password will be “securePassword”
sudo sed -i -e "s/openhab = .*,/openhab = securePassword,/g" /var/lib/openhab/etc/users.properties
Next step, and this is important, you must restart your OpenHAB to make this effective! If not, you risk that the password remains in clear text in users.properties and that you cannot login anymore into your openhab-cli. You do restart properly your openHAB by executing the below two commands. I suggest to wait 2-3 minutes after stoping before you start again.
sudo service openhab stop sudo service openhab start
Once successfully done, you can login with your new securely encrypted password by executing:
openhab-cli console
Delete the Password in the Bash History!
With having made this change, you already increased system security. There is however one vulnerability left, which is that your command in openhabian typically are stored in the Bash history. Cyber criminals of course know this. Let’s make their life a bit more difficult by deleting the above issued command. Here’s how you do this:
First step, open the bash history by
nano /home/openhabian/.bash_history
Within bash history search for the line “sudo sed -i -e “s/openhab = .*,/openhab = securePassword,/g” /var/lib/openhab/etc/users.properties” which is the one you have entered before to change your password. You most likely can shortcut the search by simply search for “sudo sed”
Once you found the entry, it should look like this (of course, in your case you have your password instead of *):
This is the line to be deleted! Similar as you just did, cybercriminals could do exactly the same and by this read your password.
Additional Information
OpenHAB
OpenHAB is empowering your smart home. It is a vendor and technology agnostic open source automation software for your home. It’s actually an amazing platform allowing you to do nearly everything. If you do not know it, you definitely should install and try it. To find more about OpenHAB, check out:
Find out more about openhab-cli password change: Read the official Console Guide.
OpenHAB Security Guide
I have written an OpenHAB Security Guide which you maybe like to consider too! Check this out: OpenHAB Security How To
It would be amazing if you follow my myhowto.blog. To my blog is actually easy! You can leverage on
- Click to follow me on Twitter
- Bookmark this page and comeback from time to time
I am really looking forward for you to contact me if for example you found a better option or other idea then in this how to. Also, please touch base if you found an error or anything not working or if you have something that you would love to be added to the myhowto.blog. Simply click this link to touch base with me.
Linking Or Recommending The How To Or The myhowto.blog
I would love to see you are recommending this how to or link it to your website. Also, I would love if you link or recommend the whole myhowto.blog. Please feel free to do so! In case you like to touch base regarding this topic with me, then simply click this link. I look forward!