blob: eab5d7aac8937e3182992f22e704c879363d359b [file] [log] [blame]
# -----------------------------------------------------------------------------
# Enables secure access to ONOS console by removing default users & keys.
# -----------------------------------------------------------------------------
# Remove the "unsecure" shell client which uses karaf "client" which is used
# by default; we will install the "secure" client that just uses raw ssh later.
rm -f $(dirname $0)/onos
set -e
# Scan arguments for user/password or other options...
while getopts u:p: o; do
case "$o" in
u) user=$OPTARG;;
p) password=$OPTARG;;
password=${password:-$user} # password defaults to the user if not specified
shift $OPC
cd $(dirname $0)/../apache-karaf-*/etc
# Remove the built-in users and keys to secure the access implicitly.
egrep -v "^(karaf|onos)[ ]*=" $USERS > $ && mv $ $USERS
egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $ && mv $ $KEYS
# Remove any previous known keys for the local host.
ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
# Swap the onos client to use the SSH variant.
ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
# If user and password options were given, setup the user/password.
if [ -n "$user" -a -n "$password" ]; then
echo "$user = $password,_g_:admingroup" >> $USERS