Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 24d7c360f92bb63ea1f01fa1b4dfd756d80a5b37 / . / tools / package / bin / onos-secure-ssh
blob: 3f541dbe12ed11788d93f08c59434dee0068898b [file] [log] [blame]
Thomas Vachuska12bf4452015-06-26 09:15:38 -0700[diff] [blame]1#!/bin/bash
2# -----------------------------------------------------------------------------
3# Enables secure access to ONOS console by removing default users & keys.
4# -----------------------------------------------------------------------------
5
6rm -f $(dirname $0)/onos
7
8set -e
9
Thomas Vachuska3c831fa2015-08-17 18:44:15 -0700[diff] [blame]10# Scan arguments for user/password or other options...
Thomas Vachuskaeff0e4e2015-08-11 00:26:24 -0700[diff] [blame]11while getopts u:p: o; do
12 case "$o" in
13 u) user=$OPTARG;;
14 p) password=$OPTARG;;
15 esac
16done
Thomas Vachuska3c831fa2015-08-17 18:44:15 -0700[diff] [blame]17password=${password:-$user} # password defaults to the user if not specified
Thomas Vachuskaeff0e4e2015-08-11 00:26:24 -0700[diff] [blame]18let OPC=$OPTIND-1
19shift $OPC
20
Thomas Vachuska12bf4452015-06-26 09:15:38 -0700[diff] [blame]21cd $(dirname $0)/../apache-karaf-*/etc
22USERS=users.properties
23KEYS=keys.properties
24
25# Remove the built-in users and keys to secure the access implicitly.
26egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS
27egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS
28
29# Remove any previous known keys for the local host.
30ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101
31
Thomas Vachuskaeff0e4e2015-08-11 00:26:24 -0700[diff] [blame]32# Swap the onos client to use the SSH variant.
Thomas Vachuska12bf4452015-06-26 09:15:38 -0700[diff] [blame]33ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos
Thomas Vachuskaeff0e4e2015-08-11 00:26:24 -0700[diff] [blame]34
35# If user and password options were given, setup the user/password.
36if [ -n "$user" -a -n "$password" ]; then
37 echo "$user = $password,_g_:admingroup" >> $USERS
38fi