summaryrefslogtreecommitdiffstats
path: root/framework/src/onos/tools/package/bin/onos-secure-ssh
blob: 3f541dbe12ed11788d93f08c59434dee0068898b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash
# -----------------------------------------------------------------------------
# Enables secure access to ONOS console by removing default users & keys.
# -----------------------------------------------------------------------------

rm -f $(dirname $0)/onos

set -e

# Scan arguments for user/password or other options...
while getopts u:p: o; do
    case "$o" in
        u) user=$OPTARG;;
        p) password=$OPTARG;;
    esac
done
password=${password:-$user} # password defaults to the user if not specified
let OPC=$OPTIND-1
shift $OPC

cd $(dirname $0)/../apache-karaf-*/etc
USERS=users.properties
KEYS=keys.properties

# Remove the built-in users and keys to secure the access implicitly.
egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS

# Remove any previous known keys for the local host.
ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101

# Swap the onos client to use the SSH variant.
ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos

# If user and password options were given, setup the user/password.
if [ -n "$user" -a -n "$password" ]; then
    echo "$user = $password,_g_:admingroup" >> $USERS
fi