Introducing optional ability to secure the ONOS karaf shell and to use raw ssh client. Change-Id: I48cfc922eaf980d1cb8b9182b26999ce3c26b667

commit: 12bf44523983426352999f4260aa36e73f9c193c [log] [tgz]
author: Thomas Vachuska <tom@onlab.us> Fri Jun 26 09:15:38 2015 -0700
committer: Gerrit Code Review <gerrit@onlab.us> Mon Jun 29 17:08:09 2015 +0000
tree: 3b44475f86dbefda87834f5dcda9965fcbcf3353
parent: 2a65575cf89829aca8dc4684dcf3669d630366a0 [diff] [blame]
diff --git a/tools/package/bin/onos-secure-ssh b/tools/package/bin/onos-secure-ssh
new file mode 100755
index 0000000..6c46904
--- /dev/null
+++ b/tools/package/bin/onos-secure-ssh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Enables secure access to ONOS console by removing default users & keys.
+# -----------------------------------------------------------------------------
+
+rm -f $(dirname $0)/onos
+
+set -e
+
+cd $(dirname $0)/../apache-karaf-*/etc
+USERS=users.properties
+KEYS=keys.properties
+
+# Remove the built-in users and keys to secure the access implicitly.
+egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
+egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
+
+# Remove any previous known keys for the local host.
+ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
+
+# Swap the onos client to use the SSH variant
+ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
commit	12bf44523983426352999f4260aa36e73f9c193c	[log] [tgz]
author	Thomas Vachuska <tom@onlab.us>	Fri Jun 26 09:15:38 2015 -0700
committer	Gerrit Code Review <gerrit@onlab.us>	Mon Jun 29 17:08:09 2015 +0000
tree	3b44475f86dbefda87834f5dcda9965fcbcf3353
parent	2a65575cf89829aca8dc4684dcf3669d630366a0 [diff] [blame]