美文网首页
应用嵌入GateOne以及SSH自动登陆

应用嵌入GateOne以及SSH自动登陆

作者: ilaoke | 来源:发表于2017-04-28 19:31 被阅读2730次

    http://liftoff.github.io/GateOne/Developer/embedding_api_auth.html
    https://github.com/liftoff/GateOne/issues/239

    接上篇GateOne Web SSH环境搭建,使用GateOne 1.2配置

    配置API验证

    修改20authentication.conf:

    # 修改为api
"auth": "api",

    创建API Key/Secret(官方文档是./gateone.py --new_api_key,死活找不到gateone.py,这个是1.1版本中的,如果你使用这里的rpm安装,应该是有的):

    feng@ubuntu:~/Desktop$ sudo gateone --new_api_key
[sudo] password for feng: 
[W 170427 20:34:57 app_terminal:2806] dtach command not found.  dtach support has been disabled.
[I 170427 20:34:58 server:4179] Gate One License: AGPLv3 (http://www.gnu.org/licenses/agpl-3.0.html)
[I 170427 20:34:58 server:4188] Imported applications: Terminal
[I 170427 20:34:58 server:4323] A new API key has been generated: YTRjMzBkMzNjMTkxNGExMWFmYmRkZDI0Yjg1OWM3YWMyM
[I 170427 20:34:58 server:4325] This key can now be used to embed Gate One into other applications.

    此时配置文件目录下,会生成**30api_keys.conf **文件,该文件中的key-secret会在应用中使用:

    {
    "*": {
        "gateone": {
            "api_keys": {
                "YTRjMzBkMzNjMTkxNGExMWFmYmRkZDI0Yjg1OWM3YWMyM": "MTEzYjQ3MTM5NDk4NDkyNmEwMjc4NjAwODViNjNlN2E0N"
            }
        }
    }
}

    开启API验证后,不能再直接访问GateOne

    创建应用,嵌入GateOne

    应用嵌入GateOne,Controller代码(这里使用JFinal,使用SpringMVC的简单修改即可):

    package com.demo.sso.controller;

import java.util.Calendar;
import org.apache.commons.codec.digest.HmacUtils;
import com.jfinal.core.Controller;

public class GateOneController extends Controller {
    private static final String key = "YTRjMzBkMzNjMTkxNGExMWFmYmRkZDI0Yjg1OWM3YWMyM";
    private static final String secret = "MTEzYjQ3MTM5NDk4NDkyNmEwMjc4NjAwODViNjNlN2E0N";
    private static final String GATE_ONE_OWNER = "feng";

    public void index() {
        Calendar c = Calendar.getInstance();
        String timestamp = c.getTimeInMillis() + "";
        String signature = generate(key, GATE_ONE_OWNER, timestamp);

        setAttr("timestamp", timestamp);
        setAttr("signature", signature);
        setAttr("api_key", key);
        setAttr("upn", GATE_ONE_OWNER);

        setAttr("gateoneUrl", "http://localhost");
        setAttr("sshUrl", "ssh://root@192.168.1.97");

        render("/WEB-INF/pages/sso.jsp");
    }

    private static String generate(String apiKey, String username, String timestamp) {
        String body = apiKey + username + timestamp;
        return HmacUtils.hmacSha1Hex(secret, body);
    }
}

    JSP页面:

    <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="${gateoneUrl}/static/gateone.js" type="text/javascript"></script>

<title>SSO</title>
</head>
<body>
<h2>hello gate one</h2>

<div id="gateone_container" style="width: 60em; height: 30em;">
    <div id="gateone"></div>
</div>

<!-- Call GateOne.init() at some point after the page is done loading -->
<script type="text/javascript">
    window.onload = function() {
        /**
         * upn - username
         * timestamp
         * signature: A valid HMAC signature that is generated from the api_key, upn, and timestamp (in that order).
         */
        var auth = {
            'api_key': '${api_key}',
            'upn': '${upn}',
            'timestamp': '${timestamp}',
            'signature': "${signature}",
            'signature_method': 'HMAC-SHA1',
            'api_version': '1.0'    
        };
        
        // Initialize Gate One:
        GateOne.init({
            auth: auth, 
            url: 'http://localhost:80', 
            theme: 'solarized',
            goDiv: '#gateone',
            autoConnectURL:'${sshUrl}',
            showToolbar: false
        });
    
        GateOne.Net.autoConnect(); 
    }
</script>

</body>
</html>

    自动登陆的配置

    http://blog.chinaunix.net/uid-26284395-id-2949145.html

    上面代码中,已经配置了自动登陆的SSH地址,要做到不输密码直接SSH登陆,需要用ssh-keygen来生成公私钥,将生成的id_rsa.pub上传到另外一台机(192.168.1.97)。

    ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.97

    此时在终端ssh应该能够直接访问另外一台,无需输入密码:

    ssh root@192.168.1.97

    但是在要GateOne中免密码直接登陆,还需要做以下配置

    找到user目录,10server.conf配置文件中有

    将id_rsa复制到用户的.ssh目录下(这里为什么是feng这个用户,是和上面JAVA代码中GATE_ONE_OWNER = "feng"; 相呼应的)

    cd /var/lib/gateone/users/feng/.ssh

cp /home/feng/.ssh/id* .

echo id_rsa > ./.default_ids

    这里的配置可以参考issues#239

    至此,当访问应用后,出现以下画面,点击图标,即可自动登陆


    PS:

    作者多次提到的以下两种方式自动登陆,我始终没有配置成功:

    https://your-gateone-server/?ssh=ssh://user@somehost/

https://your-gateone-server/?terminal_cmd=somecmd

    简单提一下terminal_cmd这种方式,修改50terminal.conf加入shell命令,这个shell的内容就是直接ssh登陆另外一台机。
    然后访问http://localhost:80/?terminal_cmd=loginrt, 页面总是提示如下信息:

    An SSL certificate must be accepted by your browser to continue. Please click here to be redirected.

    应该是需要接受证书,具体如何用这种方式自动登陆,如果有人知道,烦请赐教。


    相关文章

      网友评论

          本文标题:应用嵌入GateOne以及SSH自动登陆

          本文链接:https://www.haomeiwen.com/subject/jejazttx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|应用嵌入GateOne以及SSH自动登陆|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!