神刀安全网

Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

The problem here is that REST API POST request creating ssh-keypair to access nova servers  doesn’t write to disk rsa private key  and only upload public one to nova. Closing Chrome Client results loosing rsa private key. To prevent failure to write to disk private key , save response-export.json as shown bellow. Working via CLI ( invoking curl ) doesn’t write private rsa key to disk as well.To start ( keystone api v3 environment ) obtain project’s scoped token via request

[root@ip-192-169-142-127 ~(keystone_admin)]# curl -i  -H “Content-Type: application/json” -d ‘ { “auth”:

{ “identity”:

{ “methods”: [“password”], “password”:

{ “user”:

{ “name”: “admin”, “domain”:

{ “id”: “default” }, “password”: “7049f834927e4468” }

}

},

“scope”:

{ “project”:

{ “name”: “demo”, “domain”:

{ “id”: “default” }

}

}

}

}’  http://192.169.142.127:5000/v3/auth/tokens ; echo

HTTP/1.1 201 Created

Date: Mon, 02 May 2016 10:41:25 GMT

Server: Apache/2.4.6 (CentOS)

X-Subject-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  <= token value

Vary: X-Auth-Token

x-openstack-request-id: req-bed4f407-8cbd-4d43-acd5-7450d028bc45

Content-Length: 5791

Connection: close

Content-Type: application/json

Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

*******************************************************************************

The run script extracting from response-export.json the rsa private key

*******************************************************************************

#!/bin/bash -x

echo “Genegating privare key for server access”

echo “—–BEGIN RSA PRIVATE KEY—–” > $1.pem

sed ‘s///n//

/g’ <  response-export.json | grep -v “keypair” | grep -v “user_id” >> $1.pem

chmod 600 $1.pem

like :-

# ./filter.sh oskeymitakaV3

***********************************

Shell command [  1 ]  :-

***********************************

sed ‘s///n//

will replace ‘/n’ by Carriage Return in  response-export.json.

Now login to dashboard and verify that rsa public key gets uploaded

Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

Relaunch Chrome Advanced Rest Client and launch server with“key_name” : “oskeymitakaV3”

Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

******************************************************************************

Login to server using rsa private key  oskeymitakaV3.pem

******************************************************************************

[boris@fedora23wks json]$ ssh -i oskeymitakaV3.pem ubuntu@192.169.142.169

The authenticity of host ‘192.169.142.169 (192.169.142.169)’ can’t be established.

ECDSA key fingerprint is SHA256:khfhZEHHwz7T18oIlKMCKWKY9b6ctsS8XMW5ZpVlRa8.

ECDSA key fingerprint is MD5:25:98:50:9f:b3:37:f3:a1:ed:95:5d:44:f4:03:13:14.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘192.169.142.169’ (ECDSA) to the list of known hosts.

Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-generic x86_64)

* Documentation:  https://help.ubuntu.com/

Get cloud support with Ubuntu Advantage Cloud Guest:

http://www.ubuntu.com/business/services/cloud

0 packages can be updated.

0 updates are security updates.

The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

To run a command as administrator (user “root”), use “sudo “.

See “man sudo_root” for details.

ubuntu@ubuntuxenialdevs:~$

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Creating functional ssh key-pair on RDO Mitaka via Chrome Advanced REST Client

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址