Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


ONOS CLI, GUI and REST API are all presently secured by allowing only authenticated access. 


The tool comes in two variants to support run-time deployments and dev-time usage. The dev-time variant secures the entire ONOS test cell with one invocation and will use the dev bench user’s public key to enable secure ssh CLI. The run-time variant secures just the instance on which it is invoked and uses the invoking user’s public key to enable secure ssh CLI.


Since ONOS CLI is secured via key-based authentication, there is no explicit action required once the onos-secure-ssh tool was used.


The login will remain active while the browser is active or until user logs-out by clicking on the logout link in the right-hand side of the GUI mast-head. Presently there are no cookies and no mechanism to maintain authentication past browser restart. This may be added in future releases as we add token-based authentication.

HTTPS & Redirect

By default HTTPS is not enabled, but it can be easily configured and used directly, by modifying the etc/org.ops4j.pax.web.cfg file. The reason for this is that it requires a setup of keystore & truststore and unless one has a key signed by a CA, the self-signed key ends up raising issues with REST API and puts up entry barriers in the browser. For these reason, this remain a manual configuration task; see instructions in