From 92de42e5ce454b6be07ed077cc16293a0e930f0a Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Thu, 9 Nov 2017 13:49:00 +0100 Subject: [PATCH] Fix KeyPairProvider initialization in NetconfSshServerProvider As a side offect of https://git.opendaylight.org/gerrit/#/c/60138, RSA private key is stored unencrypted on disk. Without additional countermeasures this might not be a good idea. This patch sets DEFAULT_PRIVATE_KEY_PATH to null which disables key pair serialization. Change-Id: Ibbf51f702bc47d768db16d6a3f406a1b2ec906fb Signed-off-by: Marek Gradzki (cherry picked from commit f01da36f40cdcc21a88c40330b43334d3eb06a84) --- .../opendaylight/netconf/ssh/NetconfNorthboundSshServer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java index 72878b1e6c..65de77be96 100644 --- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java +++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java @@ -28,7 +28,8 @@ public class NetconfNorthboundSshServer { private static final Logger LOG = LoggerFactory.getLogger(NetconfNorthboundSshServer.class); - private static final String DEFAULT_PRIVATE_KEY_PATH = "./configuration/netconf-mdsal-nb/RSA.pk"; + // Do not store unencrypted private key + private static final String DEFAULT_PRIVATE_KEY_PATH = null; private static final String DEFAULT_ALGORITHM = "RSA"; private static final int DEFAULT_KEY_SIZE = 4096; -- 2.36.6