Skip to content
Commit e5a99777 authored by Albert Zhang's avatar Albert Zhang Committed by Ed Tanous
Browse files

Redfish: Allow disabling and enabling SSH 



This patch adds support for disabling and enabling SSH using
Redfish API.

Tested:Validator passes

1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 ssh: connect to host <IP> port 22: Connection refused

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    false  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    false  emits-change writable
 ...

2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 Successfully connected

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    true  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    true  emits-change writable
 ...

Signed-off-by: default avatarAlbert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018
parent 0256b694
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment