onos-secure-ssh
1.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
# -----------------------------------------------------------------------------
# Secures the ONOS console for all instances in the cell ONOS cluster.
# -----------------------------------------------------------------------------
[ ! -d "$ONOS_ROOT" ] && echo "ONOS_ROOT is not defined" >&2 && exit 1
. $ONOS_ROOT/tools/build/envDefaults
# Scan arguments for user/password or other options...
while getopts u:p: o; do
case "$o" in
u) user=$OPTARG;;
p) password=$OPTARG;;
esac
done
password=${password:-$user} # password defaults to the user if not specified
let OPC=$OPTIND-1
shift $OPC
nodes=${1:-$(env | sort | egrep "^OC[0-9]+" | cut -d= -f2)}
for node in $nodes; do
# Prune the node entry from the known hosts file since server key changes
ssh-keygen -f "$HOME/.ssh/known_hosts" -R [$node]:8101 ||
( echo "Failed to remove key from known_hosts" >&2 && exit 1 )
# Setup passwordless login for the local user on the remote node
ssh $ONOS_USER@$node "
[ ! -f ~/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' -q
$ONOS_INSTALL_DIR/bin/onos-user-key \$(id -un) \$(cut -d\\ -f2 ~/.ssh/id_rsa.pub)
$ONOS_INSTALL_DIR/bin/onos-secure-ssh -u $user -p $password
# Implicitly accept the new server key in dev/test environments
while ! ssh -p 8101 -o StrictHostKeyChecking=no localhost list 2>/dev/null; do
echo Waiting for connection...
sleep 1
done
"
# Setup passwordless login for the remote user on the local bench host
# For now, we let the local public key override the remote one
# TODO: fix username collision between workbench and the remote hosts
onos-user-key $node
done