我正在为 OpenShift 项目使用 rhc cli 工具。我遇到了默认 rhc ssh key 的问题。
在任何与 ssh 相关的操作(设置、应用程序创建等)上,rhc 创建 ~/.ssh/id_rsa键,如果它不存在。我不喜欢这种行为,我希望它使用像 ~/.ssh/OpenShift-SSH-Keys/my_id_rsa 这样的东西.
因为在 rhc 设置期间,它没有询问我要从哪个位置加载 key 。因此我也查看了~/.openshift/express.conf我只看到了 ssl 的配置;不是ssh。
所以我在互联网上找到了以下配置行添加到 ~/.openshift/express.conf :ssh_key_file='~/.ssh/OpenShift-SSH-Keys/my_id_rsa'
我添加了它并修改了我的~/.ssh/config文件:
# Openshift *.rhcloud.com ssh-key config
Host *.rhcloud.com
IdentityFile ~/.ssh/OpenShift-SSH-Keys/my_id_rsa
IdentitiesOnly yes
VerifyHostKeyDNS yes
StrictHostKeyChecking no
PasswordAuthentication no
UserKnownHostsFile ~/.ssh/known_hosts
最后,我像这样设置我的帐户:
rhc setup --config ~/.openshift/express.conf -l myusername@gmail.com
此命令行的输出:
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace, and check that other programs like Git are
properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to use the server for OpenShift Online:
openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Using myusername@gmail.com to login to openshift.redhat.com
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Password: ************************
OpenShift can create and store a token on disk which allows to you to access the server without using your password. The
key is stored in your home directory and should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... RSA 1024 bit CA certificates are loaded due to old openssl compatibility
lasts 29 days
Saving configuration to /Users/theuser/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /Users/theuser/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code. Upload now? (yes|no) no
You can upload your public SSH key at a later time using the 'rhc sshkey' command
Checking for git ... found git version 2.5.0
Checking common problems .. done
Checking for a domain ... mydomainz1955
Checking for applications ... found 1
myapp http://myapp-mydomainz1955.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small
Your client tools are now configured.
正如您在命令行的输出中看到的那样:
No SSH keys were found. We will generate a pair of keys for you. ,虽然我在
~/.openshift/express.conf 中指定了我已经生成了 ssh key ,
rhc setup没有考虑他们或没有找到他们。
所以根据你们的说法,是否可以在 rhc 设置期间以某种方式为 ssh key 加载指定不同的位置?
注意:我知道如何添加额外的 ssh key ,但我想停止 rhc 创建/使用
~/.ssh/id_rsa
请您参考如下方法:
据我所知,你只想要 rhc不使用您的默认 ssh key 。因此,这里是您如何创建一个单独的 key 并配置 rhc 以使用它而不是默认 key 。
关键点是:
no在 rhc setup 期间生成和上传 ssh key rhc sshkey add 单独添加您的 key 在您的原始示例中列出
这是否涵盖了您的担忧?
[crackit@koTapaH ~]$ mkdir /home/crackit/my_key_location
[crackit@koTapaH ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/crackit/.ssh/id_rsa): /home/crackit/my_key_location/key.rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/crackit/my_key_location/key.rsa.
Your public key has been saved in /home/crackit/my_key_location/key.rsa.pub.
The key fingerprint is:
c5:20:15:fb:17:96:86:8f:88:28:18:17:2a:b8:eb:51 crackit@koTapaH
The key's randomart image is:
+--[ RSA 2048]----+
| . ..+. |
|.. . . + . . |
|= . . + = |
|.= . . + = . |
|o .E. . S o o |
| ... . |
|.. |
|. . |
| . |
+-----------------+
[crackit@koTapaH ~]$ rhc setup
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace,
and check that other programs like Git are properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to
use the server for OpenShift Online: openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Login to openshift.redhat.com:
Login to openshift.redhat.com: asdfgg@example.com
Password: *************
OpenShift can create and store a token on disk which allows to you to access the
server without using your password. The key is stored in your home directory and
should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... lasts about 1 month
Saving configuration to /home/crackit/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /home/crackit/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code.
Upload now? (yes|no)
no
You can upload your public SSH key at a later time using the 'rhc sshkey'
command
Checking for git ... found git version 2.1.0
Checking common problems .. done
Checking for a domain ... foobar
Checking for applications ... found 2
jenkins http://jenkins-foobar.rhcloud.com/
tmp http://tmp-foobar.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small, medium
Your client tools are now configured.
[crackit@koTapaH ~]$ rhc sshkey add mykey my_key_location/key.rsa.pub
RESULT:
SSH key my_key_location/key.rsa.pub has been added as 'mykey'
[crackit@koTapaH ~]$ vi .ssh/config
<.. do your modifications here ..>
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
*********************************************************************
You are accessing a service that is for use only by authorized users.
If you do not have authorization, discontinue use at once.
Any use of the services is subject to the applicable terms of the
agreement which can be found at:
https://www.openshift.com/legal
*********************************************************************
Welcome to OpenShift shell
This shell will assist you in managing OpenShift applications.
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Shell access is quite powerful and it is possible for you to
accidentally damage your application. Proceed with care!
If worse comes to worst, destroy your application with "rhc app delete"
and recreate it
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit@koTapaH ~]$
更新 :我没有注意到生成了 key 。但我确信
rhc setup 期间生成的 key 没有实际使用。首先是因为默认位置的 key 永远不会添加到 openshift。您可以在下面看到一个快速证明。另一种查看方式是
rhc sshkeys list .
另一件事是,如果您在默认位置已经有 key ,则不会生成 key (在这种情况下,您仍然选择
no 不上传它们)。但它实际上是 IMO 中的一个小错误
rhc无需询问用户即可生成 ssh key 。这可能是一个非常罕见的用例 - 您没有默认 key 并且您想使用来自非标准位置的 key (这不是您在标准位置有 key 的用例,只是不想使用它)但仍然 IMO 不应该生成用户没有请求的东西。因此,我将向您展示仅使用我想要的自定义 key 的方式:
[crackit@koTapaH ~]$ rm -rf .ssh/id_rsa*
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
<...>
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit@koTapaH ~]$ ls .ssh/
config known_hosts
[crackit@koTapaH ~]$
更新 2 当然 token 不能帮助你使用 ssh:
[crackit@koTapaH ~]$ rm -rf my_key_location
[crackit@koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040@tmp-foobar.rhcloud.com ...
no such identity: /home/crackit/my_key_location/key.rsa: No such file or directory
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
SSH key 用于 ssh。 token 用于 API 请求。这些是不同的用例。 rhc 使用
ssh在下面可执行,因此使用自定义键意味着编辑
~/.ssh/config将默认 key 设置为另一个位置或为不同的主机设置不同的 key 。
rhc setup 处理得不好.但是一旦你有了你的 key 集,你就不必运行
rhc setup了。
