Introducing optional ability to secure the ONOS karaf shell and to use raw ssh client.

Change-Id: I48cfc922eaf980d1cb8b9182b26999ce3c26b667
diff --git a/tools/package/bin/onos b/tools/package/bin/onos-client
similarity index 89%
rename from tools/package/bin/onos
rename to tools/package/bin/onos-client
index 84a41e0..2a37087 100755
--- a/tools/package/bin/onos
+++ b/tools/package/bin/onos-client
@@ -1,6 +1,6 @@
 #!/bin/bash
 # -----------------------------------------------------------------------------
-# ONOS command-line client
+# ONOS command-line client that uses the built-in Apache Karaf client.
 # -----------------------------------------------------------------------------
 
 if [ -z "${JAVA_HOME}" ]; then
diff --git a/tools/package/bin/onos-secure-ssh b/tools/package/bin/onos-secure-ssh
new file mode 100755
index 0000000..6c46904
--- /dev/null
+++ b/tools/package/bin/onos-secure-ssh
@@ -0,0 +1,22 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Enables secure access to ONOS console by removing default users & keys.
+# -----------------------------------------------------------------------------
+
+rm -f $(dirname $0)/onos
+
+set -e
+
+cd $(dirname $0)/../apache-karaf-*/etc
+USERS=users.properties
+KEYS=keys.properties
+
+# Remove the built-in users and keys to secure the access implicitly.
+egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
+egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+
+# Remove any previous known keys for the local host.
+ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
+
+# Swap the onos client to use the SSH variant
+ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
diff --git a/tools/package/bin/onos-ssh b/tools/package/bin/onos-ssh
new file mode 100755
index 0000000..7e082aa
--- /dev/null
+++ b/tools/package/bin/onos-ssh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# ONOS command-line client that uses raw ssh.
+# -----------------------------------------------------------------------------
+
+ssh -p 8101 localhost "$@"
\ No newline at end of file
diff --git a/tools/package/bin/onos-user-key b/tools/package/bin/onos-user-key
new file mode 100755
index 0000000..db24da1
--- /dev/null
+++ b/tools/package/bin/onos-user-key
@@ -0,0 +1,20 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Adds or removes a user key for managing passwordless loging to ONOS console.
+# -----------------------------------------------------------------------------
+
+[ $# -lt 2 ] && echo "usage: $(basename $0) user {key|remove}" && exit 1
+
+set -e
+
+user=$1
+[ -f $2 ] && key=$(cut -d\  -f2 $2) || key=$2
+
+cd $(dirname $0)/../apache-karaf-*/etc
+KEYS=keys.properties
+
+# Remove the user key first, in case one was already present
+egrep -v "^$user[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+if [ $key != "remove" ]; then
+    echo "$user=$key,_g_:admingroup" >> $KEYS
+fi