Fix KeyPairProvider initialization in NetconfSshServerProvider

As a side offect of https://git.opendaylight.org/gerrit/#/c/60138,
RSA private key is stored unencrypted on disk.

Without additional countermeasures this might not be a good idea.

This patch sets DEFAULT_PRIVATE_KEY_PATH to null which disables
key pair serialization.

Change-Id: Ibbf51f702bc47d768db16d6a3f406a1b2ec906fb
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
(cherry picked from commit f01da36f40cdcc21a88c40330b43334d3eb06a84)

diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java
index 72878b1e6caa13f8cee77235c4cd21783cdcc6c8..65de77be96fb6c75c18f91a94abfb8c757aec57b 100644 (file)
--- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java
+++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/NetconfNorthboundSshServer.java
@@ -28,7 +28,8 @@ public class NetconfNorthboundSshServer {
 
     private static final Logger LOG = LoggerFactory.getLogger(NetconfNorthboundSshServer.class);
 
-    private static final String DEFAULT_PRIVATE_KEY_PATH = "./configuration/netconf-mdsal-nb/RSA.pk";
+    // Do not store unencrypted private key
+    private static final String DEFAULT_PRIVATE_KEY_PATH = null;
     private static final String DEFAULT_ALGORITHM = "RSA";
     private static final int DEFAULT_KEY_SIZE = 4096;