aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/onos/tools/package/bin/onos-secure-ssh
diff options
context:
space:
mode:
authorAshlee Young <ashlee@onosfw.com>2015-09-09 22:15:21 -0700
committerAshlee Young <ashlee@onosfw.com>2015-09-09 22:15:21 -0700
commit13d05bc8458758ee39cb829098241e89616717ee (patch)
tree22a4d1ce65f15952f07a3df5af4b462b4697cb3a /framework/src/onos/tools/package/bin/onos-secure-ssh
parent6139282e1e93c2322076de4b91b1c85d0bc4a8b3 (diff)
ONOS checkin based on commit tag e796610b1f721d02f9b0e213cf6f7790c10ecd60
Change-Id: Ife8810491034fe7becdba75dda20de4267bd15cd
Diffstat (limited to 'framework/src/onos/tools/package/bin/onos-secure-ssh')
-rwxr-xr-xframework/src/onos/tools/package/bin/onos-secure-ssh38
1 files changed, 38 insertions, 0 deletions
diff --git a/framework/src/onos/tools/package/bin/onos-secure-ssh b/framework/src/onos/tools/package/bin/onos-secure-ssh
new file mode 100755
index 00000000..3f541dbe
--- /dev/null
+++ b/framework/src/onos/tools/package/bin/onos-secure-ssh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Enables secure access to ONOS console by removing default users & keys.
+# -----------------------------------------------------------------------------
+
+rm -f $(dirname $0)/onos
+
+set -e
+
+# Scan arguments for user/password or other options...
+while getopts u:p: o; do
+ case "$o" in
+ u) user=$OPTARG;;
+ p) password=$OPTARG;;
+ esac
+done
+password=${password:-$user} # password defaults to the user if not specified
+let OPC=$OPTIND-1
+shift $OPC
+
+cd $(dirname $0)/../apache-karaf-*/etc
+USERS=users.properties
+KEYS=keys.properties
+
+# Remove the built-in users and keys to secure the access implicitly.
+egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
+egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+
+# Remove any previous known keys for the local host.
+ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
+
+# Swap the onos client to use the SSH variant.
+ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
+
+# If user and password options were given, setup the user/password.
+if [ -n "$user" -a -n "$password" ]; then
+ echo "$user = $password,_g_:admingroup" >> $USERS
+fi \ No newline at end of file