如何在Spring Cloud Config中使用自定义ssh密钥位置 [英] How to use a custom ssh key location with Spring Cloud Config

问题描述

我正在尝试设置使用自定义位置的 Spring Cloud Config 服务器用于ssh私钥. 我需要为密钥指定自定义位置的原因是因为运行该应用程序的用户没有主目录..所以没有办法让我使用默认的~/.ssh目录作为密钥. 我知道可以创建一个只读帐户并在配置中提供用户名/密码，但是ssh的方式可以使工作更加整洁.
是否可以设置此方式?

I am trying to setup a Spring Cloud Config server that uses a custom location for the ssh private key. The reason i need to specify a custom location for the key is because the user running the application has no home directory ..so there is not way for me to use the default ~/.ssh directory for my key. I know that there is the option of creating a read-only account and provide the user/password in the configuration but the ssh way seams more clean.
Is there a way I can setup this?

推荐答案

在阅读了很多代码之后...我发现了一个相对简单的解决方法，可以让您设置所需的任何SSH密钥.

After reading a lot more code... I found a relatively simple work around to allow you to set whatever SSH keys you want.

首先:按如下方式创建一个类:

First: Create a class as follows:

/**
 * @file FixedSshSessionFactory.java 
 * 
 * @date Aug 23, 2016 2:16:11 PM 
 * @author jzampieron
 */

import org.eclipse.jgit.transport.JschConfigSessionFactory;
import org.eclipse.jgit.transport.OpenSshConfig.Host;
import org.eclipse.jgit.util.FS;

import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;

/**
 * Short Desc Here.
 * 
 * @author jzampieron
 *
 */
public class FixedSshSessionFactory extends JschConfigSessionFactory
{

   protected String[] identityKeyPaths;

   /**
    * @param string
    */
   public FixedSshSessionFactory( String... identityKeyPaths )
   {
      this.identityKeyPaths = identityKeyPaths;
   }

   /* (non-Javadoc)
    * @see org.eclipse.jgit.transport.JschConfigSessionFactory#configure(org.eclipse.jgit.transport.OpenSshConfig.Host, com.jcraft.jsch.Session)
    */
   @Override
   protected void configure( Host hc, Session session )
   {
      // nothing special needed here.
   }

   /* (non-Javadoc)
    * @see org.eclipse.jgit.transport.JschConfigSessionFactory#getJSch(org.eclipse.jgit.transport.OpenSshConfig.Host, org.eclipse.jgit.util.FS)
    */
   @Override
   protected JSch getJSch( Host hc, FS fs ) throws JSchException
   {
      JSch jsch = super.getJSch( hc, fs );
      // Clean out anything 'default' - any encrypted keys
      // that are loaded by default before this will break.
      jsch.removeAllIdentity();
      for( final String identKeyPath : identityKeyPaths )
      {
         jsch.addIdentity( identKeyPath );
      }
      return jsch;
   }


}

然后使用jgit注册它:

Then register it with jgit:

...
import org.eclipse.jgit.transport.SshSessionFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.config.server.EnableConfigServer;

@SpringBootApplication
@EnableConfigServer
public class ConfigserverApplication 
{

    public static void main(String[] args) {
       URL res = ConfigserverApplication.class.getClassLoader().getResource( "keys/id_rsa" );
       String path = res.getPath();
       SshSessionFactory.setInstance( new FixedSshSessionFactory( path ) );

       SpringApplication.run(ConfigserverApplication.class, args);
    }

}

在此示例中，我将密钥存储在src/main/resources/keys文件夹中， 我正在使用类加载器来获取它们.

For this example I'm storing the keys in the src/main/resources/keys folder and I'm using the class loader to get at them.

removeAllIdentities很重要b/c JSch在我指定的默认ssh密钥之前加载了我的默认ssh密钥，然后Spring Cloud b/c对其加密的崩溃了.

The removeAllIdentities is important b/c JSch was loading my default ssh key before the one I specified and then Spring Cloud was crashing out b/c its encrypted.

这使我能够成功地使用bitbucket进行身份验证.

This allowed me to successfully authenticate with bitbucket.

这篇关于如何在Spring Cloud Config中使用自定义ssh密钥位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！