在rhc设置过程中如何为ssh密钥加载指定其他位置? [英] How to specify a different location for ssh keys loading during rhc setup?
问题描述
我正在对OpenShift项目使用rhc cli工具.我遇到了默认rhc ssh密钥的问题.
I am using rhc cli tool for OpenShift projects. I have encountered a problem with default rhc ssh key.
在任何与ssh相关的操作(设置,应用程序创建等)上,rhc会创建~/.ssh/id_rsa密钥(如果不存在).我不喜欢这种行为,我希望它使用~/.ssh/OpenShift-SSH-Keys/my_id_rsa之类的东西.
On any ssh related action (setup, app-create, etc..) rhc creates ~/.ssh/id_rsa key if it does not exist. I do not like that behaviour, and I would like it to use something like ~/.ssh/OpenShift-SSH-Keys/my_id_rsa.
因为在rhc设置过程中,它没有询问我要从哪个位置加载密钥.因此,我也查看了~/.openshift/express.conf,并且只看到了ssl的配置.不是ssh.
Because during rhc setup, it did not ask me from which location I wanted to load the keys. Thus I also looked in ~/.openshift/express.conf and I only saw the configurations for ssl; not ssh.
所以我在互联网上找到了以下配置行以添加到~/.openshift/express.conf:
So I found on the internet this following configuration line to add to ~/.openshift/express.conf:
ssh_key_file='~/.ssh/OpenShift-SSH-Keys/my_id_rsa'
我添加了它,还修改了我的~/.ssh/config文件:
I added it and also modified my ~/.ssh/config file:
# Openshift *.rhcloud.com ssh-key config
Host *.rhcloud.com
IdentityFile ~/.ssh/OpenShift-SSH-Keys/my_id_rsa
IdentitiesOnly yes
VerifyHostKeyDNS yes
StrictHostKeyChecking no
PasswordAuthentication no
UserKnownHostsFile ~/.ssh/known_hosts
最后,我要这样设置我的帐户:
To finish I setup my account like that:
rhc setup --config ~/.openshift/express.conf -l myusername@gmail.com
此命令行的输出:
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace, and check that other programs like Git are
properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to use the server for OpenShift Online:
openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Using myusername@gmail.com to login to openshift.redhat.com
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Password: ************************
OpenShift can create and store a token on disk which allows to you to access the server without using your password. The
key is stored in your home directory and should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... RSA 1024 bit CA certificates are loaded due to old openssl compatibility
lasts 29 days
Saving configuration to /Users/theuser/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /Users/theuser/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code. Upload now? (yes|no) no
You can upload your public SSH key at a later time using the 'rhc sshkey' command
Checking for git ... found git version 2.5.0
Checking common problems .. done
Checking for a domain ... mydomainz1955
Checking for applications ... found 1
myapp http://myapp-mydomainz1955.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small
Your client tools are now configured.
正如您在命令行输出中看到的那样:No SSH keys were found. We will generate a pair of keys for you.,尽管我在~/.openshift/express.conf中指定已经生成了ssh密钥,但rhc setup并未考虑或未找到它们.
As you can see in the output of the command line: No SSH keys were found. We will generate a pair of keys for you., although I specified in the ~/.openshift/express.conf that I already had ssh keys generated, rhc setup did not take them in consideration or did not find them.
因此,根据你们的说法,可以在rhc设置过程中以某种方式为ssh密钥加载指定一个不同的位置吗?
注意:我知道如何添加其他ssh密钥,但是我想停止rhc创建/使用~/.ssh/id_rsa
Note: I know how to add additional ssh key, but I would like to stop rhc creating/using ~/.ssh/id_rsa
推荐答案
据我所知,您只是希望rhc不使用您的默认ssh密钥.因此,这是创建一个单独的密钥并配置rhc以使用它而不是默认密钥的方法.
As far as I see you just want rhc to not use your default ssh key. So here is how you create a separate key and configure rhc to use it instead of the default one.
关键点在于:
- 您选择
no在rhc setup期间生成并上传ssh密钥
- 您用
rhc sshkey add分别添加密钥
- 您将ssh配置为在您使用该域的其他密钥 在您的原始示例中列出
- you select
noto generating and uploading ssh key duringrhc setup - you add your key separately with
rhc sshkey add - you configure ssh to use the different key for that domain as you list in your original example
这可以解决您的问题吗?
Does this cover your concerns?
[crackit@koTapaH ~]$ mkdir /home/crackit/my_key_location
[crackit@koTapaH ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/crackit/.ssh/id_rsa): /home/crackit/my_key_location/key.rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/crackit/my_key_location/key.rsa.
Your public key has been saved in /home/crackit/my_key_location/key.rsa.pub.
The key fingerprint is:
c5:20:15:fb:17:96:86:8f:88:28:18:17:2a:b8:eb:51 crackit@koTapaH
The key's randomart image is:
+--[ RSA 2048]----+
| . ..+. |
|.. . . + . . |
|= . . + = |
|.= . . + = . |
|o .E. . S o o |
| ... . |
|.. |
|. . |
| . |
+-----------------+
[crackit@koTapaH ~]$ rhc setup
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace,
and check that other programs like Git are properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to
use the server for OpenShift Online: openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Login to openshift.redhat.com:
Login to openshift.redhat.com: asdfgg@example.com
Password: *************
OpenShift can create and store a token on disk which allows to you to access the
server without using your password. The key is stored in your home directory and
should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... lasts about 1 month
Saving configuration to /home/crackit/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /home/crackit/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code.
Upload now? (yes|no)
no
You can upload your public SSH key at a later time using the 'rhc sshkey'
command
Checking for git ... found git version 2.1.0
Checking common problems .. done
Checking for a domain ... foobar
Checking for applications ... found 2
jenkins http://jenkins-foobar.rhcloud.com/
tmp http://tmp-foobar.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small, medium
Your client tools are now configured.
[crackit@koTapaH ~]$ rhc sshkey add mykey my_key_location/key.rsa.pub
RESULT:
SSH key my_key_location/key.rsa.pub has been added as 'mykey'
[crackit@koTapaH ~]$ vi .ssh/config
<.. do your modifications here ..>
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
*********************************************************************
You are accessing a service that is for use only by authorized users.
If you do not have authorization, discontinue use at once.
Any use of the services is subject to the applicable terms of the
agreement which can be found at:
https://www.openshift.com/legal
*********************************************************************
Welcome to OpenShift shell
This shell will assist you in managing OpenShift applications.
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Shell access is quite powerful and it is possible for you to
accidentally damage your application. Proceed with care!
If worse comes to worst, destroy your application with "rhc app delete"
and recreate it
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit@koTapaH ~]$
更新:我没有注意到生成了密钥.但是我可以确定在rhc setup期间生成的密钥实际上并没有被使用.首先是因为默认位置的键永远不会添加到openshift中.您可以在下面看到一个快速证明.另一种查看方式是rhc sshkeys list.
Update: I didn't notice keys are generated. But I am sure that the generated keys during rhc setup are not actually used. First because the keys from default location are never added to openshift. And you can see a quick proof below. Another way to see is rhc sshkeys list.
另一件事是,如果默认位置已经有密钥,则不会生成任何密钥(在这种情况下,您仍然选择no不会上传密钥).但这实际上是rhc中的一个小错误IMO,它生成ssh密钥而不询问用户.这可能是一种非常罕见的用例-您没有默认密钥,并且想要从非标准位置使用密钥(这不是在标准位置具有密钥的用例,只是不想使用它),但IMO仍然不应该生成用户未请求的内容.因此,这是向我显示仅使用所需的自定义密钥的方式:
Another thing is that if you already have keys in default location, then no keys are generated (in which case you still select no to not upload them). But it is actually a minor bug IMO in rhc that ssh keys are generated without asking the user. It might be a very rare use case - you don't have default key and you want to use a key from non-standard location (this is not your use case where you have a key in standard location, just don't want to use it) but still IMO one shouldn't generate something user did not request. So here's how I show you that only my desired custom key is used:
[crackit@koTapaH ~]$ rm -rf .ssh/id_rsa*
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
<...>
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit@koTapaH ~]$ ls .ssh/
config known_hosts
[crackit@koTapaH ~]$
更新2 当然,令牌不能帮助您使用ssh:
Update 2 Of course token cannot help you with ssh:
[crackit@koTapaH ~]$ rm -rf my_key_location
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
no such identity: /home/crackit/my_key_location/key.rsa: No such file or directory
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
SSH密钥用于ssh.令牌用于API请求.这些是不同的用例. rhc在下面使用ssh可执行文件,因此使用自定义键意味着可以编辑~/.ssh/config将默认密钥设置到另一个位置或为不同主机设置不同的密钥. rhc setup无法很好地处理此问题.但是一旦设置好密钥,就不必再运行rhc setup.
SSH key is used for ssh. Token is used for API requests. These are different use cases. rhc uses the ssh executable underneath so using a custom key means to edit ~/.ssh/config to set your default key to another location or set different keys for different hosts. This is not handled well by rhc setup. But once you have your key set, you don't have to run rhc setup anymore.
这篇关于在rhc设置过程中如何为ssh密钥加载指定其他位置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
