Examples with Ssh org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh used on opensource projects

Example 1 with Ssh

use of org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh in project netconf by opendaylight.

the class IetfZeroTouchCallHomeServerProvider method createOperationalDevice.

private Device createOperationalDevice(final Device cfgDevice, final Device1 devStatus) {
    final DeviceBuilder deviceBuilder = new DeviceBuilder().addAugmentation(devStatus).setUniqueId(cfgDevice.getUniqueId());
    if (cfgDevice.getTransport() instanceof Ssh) {
        final String hostKey = ((Ssh) cfgDevice.getTransport()).getSshClientParams().getHostKey();
        final SshClientParams params = new SshClientParamsBuilder().setHostKey(hostKey).build();
        final Transport sshTransport = new SshBuilder().setSshClientParams(params).build();
        deviceBuilder.setTransport(sshTransport);
    } else if (cfgDevice.getTransport() instanceof Tls) {
        deviceBuilder.setTransport(cfgDevice.getTransport());
    } else if (cfgDevice.getSshHostKey() != null) {
        deviceBuilder.setSshHostKey(cfgDevice.getSshHostKey());
    }
    return deviceBuilder.build();
}

Example 2 with Ssh

use of org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh in project netconf by opendaylight.

the class NetconfConnectDeviceCommand method execute.

@Override
public Object execute() {
    if (!NetconfCommandUtils.isIpValid(deviceIp) || !NetconfCommandUtils.isPortValid(devicePort)) {
        return "Invalid IP:" + deviceIp + " or Port:" + devicePort + "Please enter a valid entry to proceed.";
    }
    final boolean isTcpOnly = connectionType.equals("true");
    final boolean isSchemaless = schemaless.equals("true");
    final NetconfNodeBuilder netconfNodeBuilder = new NetconfNodeBuilder();
    netconfNodeBuilder.setHost(new Host(new IpAddress(new Ipv4Address(deviceIp)))).setPort(new PortNumber(Uint16.valueOf(Integer.decode(devicePort)))).setTcpOnly(isTcpOnly).setSchemaless(isSchemaless);
    if (isTcpOnly || protocol.equalsIgnoreCase("ssh")) {
        if (Strings.isNullOrEmpty(username) || Strings.isNullOrEmpty(password)) {
            return "Empty Username:" + username + " or Password:" + password + ". In TCP or SSH mode, you must provide valid username and password.";
        }
        final Credentials credentials = new LoginPasswordBuilder().setPassword(password).setUsername(username).build();
        netconfNodeBuilder.setCredentials(credentials);
        if (!isTcpOnly) {
            netconfNodeBuilder.setProtocol(new ProtocolBuilder().setName(Name.SSH).build());
        }
    } else if (protocol.equalsIgnoreCase("tls")) {
        TlsCase tlsCase = null;
        if (!Strings.isNullOrEmpty(excludedTlsVersions)) {
            tlsCase = new TlsCaseBuilder().setTls(new TlsBuilder().setExcludedVersions(Arrays.asList(excludedTlsVersions.split(","))).build()).build();
        }
        netconfNodeBuilder.setProtocol(new ProtocolBuilder().setName(Name.TLS).setSpecification(tlsCase).build());
    } else {
        return "Invalid protocol: " + protocol + ". Only SSH and TLS are supported.";
    }
    service.connectDevice(netconfNodeBuilder.build(), deviceId);
    final String message = "Netconf connector added succesfully";
    return message;
}

Example 3 with Ssh

use of org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh in project netconf by opendaylight.

the class CallHomeAuthProviderImpl method provideAuth.

@Override
public CallHomeAuthorization provideAuth(final SocketAddress remoteAddress, final PublicKey serverKey) {
    Device deviceSpecific = deviceConfig.get(serverKey);
    String sessionName;
    Credentials deviceCred;
    if (deviceSpecific != null) {
        sessionName = deviceSpecific.getUniqueId();
        if (deviceSpecific.getTransport() instanceof Ssh) {
            final SshClientParams clientParams = ((Ssh) deviceSpecific.getTransport()).getSshClientParams();
            deviceCred = clientParams.getCredentials();
        } else {
            deviceCred = deviceSpecific.getCredentials();
        }
    } else {
        String syntheticId = fromRemoteAddress(remoteAddress);
        if (globalConfig.allowedUnknownKeys()) {
            sessionName = syntheticId;
            deviceCred = null;
            statusReporter.asForceListedDevice(syntheticId, serverKey);
        } else {
            Device opDevice = deviceOp.get(serverKey);
            if (opDevice == null) {
                statusReporter.asUnlistedDevice(syntheticId, serverKey);
            } else {
                LOG.info("Repeating rejection of unlisted device with id of {}", opDevice.getUniqueId());
            }
            return CallHomeAuthorization.rejected();
        }
    }
    final Credentials credentials = deviceCred != null ? deviceCred : globalConfig.getCredentials();
    if (credentials == null) {
        LOG.info("No credentials found for {}, rejecting.", remoteAddress);
        return CallHomeAuthorization.rejected();
    }
    Builder authBuilder = CallHomeAuthorization.serverAccepted(sessionName, credentials.getUsername());
    for (String password : credentials.getPasswords()) {
        authBuilder.addPassword(password);
    }
    return authBuilder.build();
}

Example 4 with Ssh

use of org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh in project netconf by opendaylight.

the class CallhomeStatusReporter method reportFailedAuth.

@Override
public void reportFailedAuth(final PublicKey sshKey) {
    AuthorizedKeysDecoder decoder = new AuthorizedKeysDecoder();
    for (final Device device : getDevicesAsList()) {
        final String keyString;
        if (device.getTransport() instanceof Ssh) {
            keyString = ((Ssh) device.getTransport()).getSshClientParams().getHostKey();
        } else {
            keyString = device.getSshHostKey();
        }
        if (keyString == null) {
            LOG.info("Whitelist device {} does not have a host key, skipping it", device.getUniqueId());
            continue;
        }
        try {
            PublicKey pubKey = decoder.decodePublicKey(keyString);
            if (sshKey.getAlgorithm().equals(pubKey.getAlgorithm()) && sshKey.equals(pubKey)) {
                Device failedDevice = withFailedAuthStatus(device);
                if (failedDevice == null) {
                    return;
                }
                LOG.info("Setting auth failed status for callhome device id:{}.", failedDevice.getUniqueId());
                setDeviceStatus(failedDevice);
                return;
            }
        } catch (GeneralSecurityException e) {
            LOG.error("Failed decoding a device key with host key: {}", keyString, e);
            return;
        }
    }
    LOG.error("No match found for the failed auth device (should have been filtered by whitelist). Key: {}", sshKey);
}

Example 5 with Ssh

use of org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh in project netconf by opendaylight.

the class CallhomeStatusReporter method newDevice.

private static Device newDevice(final String id, final PublicKey serverKey, final Device1.DeviceStatus status) {
    // used only for netconf devices that are connected via SSH transport and global credentials
    String sshEncodedKey = serverKey.toString();
    try {
        sshEncodedKey = AuthorizedKeysDecoder.encodePublicKey(serverKey);
    } catch (IOException e) {
        LOG.warn("Unable to encode public key to ssh format.", e);
    }
    final SshClientParams sshParams = new SshClientParamsBuilder().setHostKey(sshEncodedKey).build();
    final Transport transport = new SshBuilder().setSshClientParams(sshParams).build();
    return new DeviceBuilder().setUniqueId(id).withKey(new DeviceKey(id)).setTransport(transport).addAugmentation(new Device1Builder().setDeviceStatus(status).build()).build();
}