环境:ubuntu 18.1
Gate One版本:1.2
一. 生成apikey
sudo python run_gateone.py --new_api_key
在gateone的conf.d目录下会生成30api_keys.conf文件
vim 20authentication.conf 将auth: "none" 改成 auth: "api"
{
// "gateone" server-wide settings fall under "*"
"*": {
"gateone": { // These settings apply to all of Gate One
"api_timestamp_window": "600s",
"auth": "api", // 改成api
"pam_realm": "ubuntu",
"pam_service": "login",
"ssl_auth": "none",
"sso_keytab": null,
"sso_realm": null,
"sso_service": "HTTP"
}
}
}
如果重新启动,访问浏览器将出现
unauthenticated.png
二.获取gateone.js
- 第一种获取方式
https://ip:10443/static/gateone.js - 第二种获取方式
gateone目录/gateone/static/gateone.js
三.生成api所需要的key-value
- 查看 vim gateone目录/conf.d/30api_keys.conf
// This file contains the key and secret pairs used by Gate One's API authentication method.
{
"*": {
"gateone": {
"api_keys": {
// 可以随便更改
"Y2YzZTU4ODcyZDZjNDFkMzk4Y2YyODc5NDE3ZWY0NWMzM": "YjM4OGMzZTExOTY4NGRjNGI4ZTAwZWM4MmM2ODkxMzBjY"
}
}
}
}
- 我这用的是java代码根据上面的key-secret生成登录校验所需要的key-value
普遍情况下这些代码是在springmvc的controller中运行然后通过json或者model方式返回前端
import com.common.utils.JsonUtils;
import com.pazu.monitor.controller.HMacUtils;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
public class Test {
public static void main(String[] args) {
String upn = "someone"; //可以随便定义
String key = "Y2YzZTU4ODcyZDZjNDFkMzk4Y2YyODc5NDE3ZWY0NWMzM";
String secret = "YjM4OGMzZTExOTY4NGRjNGI4ZTAwZWM4MmM2ODkxMzBjY";
String timeStamp = Calendar.getInstance().getTimeInMillis() + "";
Map<String, String> map = new HashMap<>();
map.put("timestamp", timeStamp);
map.put("signature", generate(key,secret, upn, timeStamp));
map.put("api_key", key);
map.put("upn", upn);
System.out.println(JsonUtils.toJson(map));
}
private static String generate(String apiKey, String secret, String username, String timeStamp) {
String body = apiKey + username + timeStamp;
return HMacUtils.hmacSha1Hex(secret, body); //官方文档表明现在支持HMAC-SHA1加密
}
}
- html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<div id="gateone_container" style="width:60em;height: 30em">
<div id="gateone"></div>
</div>
</body>
</html>
<script src="https://ip:10443/static/gateone.js"></script> // 引入gateone.js,本地或者远程都可以
<script type="text/javascript">
window.onload=function(){
console.log(G)
var auth = {
'api_key': ${api_key},
'upn':${upn},
'timestamp': ${timestamp},
'signature': ${signature},
'signature_method': 'HMAC-SHA1',
'api_version': '1.0'
}
GateOne.init({
auth: auth,
url: 'https://ip:10443',
goDiv: '#gateone',
autoConnectURL: 'ssh://root@ip:22' //需要ssh的地址,校验成功后会直接让你输入密码而不用输入地址
});
GateOne.Net.autoConnect();
}
</script>
这样就可以登录了
四:参考
官方配置文档:https://liftoff.github.io/GateOne/About/configuration.html
http://liftoff.github.io/GateOne/Developer/embedding_api_auth.html
https://www.xdty.org/687
https://www.jianshu.com/p/b8123a8178de
网友评论