红帽全球峰会此内容没有您所选择的语言版本。
Chapter 11. SSH Keys
Decision Central provides an SSH keystore service to enable user SSH authentication. It provides a configurable default SSH keystore, extensible APIs (for custom implementations), and support for multiple SSH public keys formats.
You can access the SSH Keys option from the Admin page to register your SSH public keys.
11.1. Default SSH keystore
The default SSH keystore included with Decision Central provides a file-based storage mechanism to store a user’s public keys. By default, Decision Central uses the *.security folder as the root directory. However, it is possible to use a custom storage path by setting the value of the appformer.ssh.keys.storage.folder system property point to a different folder.
The SSH public keys are stored in the {securityFolderPath}/pkeys/{userName}/ folder structure.
Each SSH public key consists of the following files, located in the storage folder:
{keyId}.pub: This file contains the SSH public key content. As the file name determines the logic key ID on the system, ensure that the file name is not modified during runtime.For example:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmak4Wu23RZ6XmN94bOsqecZxuTa4RRhhQmHmTZjMB7HM57/90u/B/gB/GhsPEu1nAXL0npY56tT/MPQ8vRm2C2W9A7CzN5+z5yyL3W01YZy3kzslk77CjULjfhrcfQSL3b2sPG5jv5E5/nyC/swSytucwT/PE7aXTS9H6cHIKUdYPzIt94SHoBxWRIK7PJi9d+eLB+hmDzvbVa1ezu5a8yu2kcHi6NxxfI5iRj2rsceDTp0imC1jMoC6ZDfBvZSxL9FXTMwFdNnmTlJveBtv9nAbnAvIWlilS0VOkdj1s3GxBxeZYAcKbcsK9sJzusptk5dxGsG2Z8vInaglN6OaOQ7b7tcomzCYYwviGQ9gRX8sGsVrw39gsDIGYP2tA4bRr7ecHnlNg1b0HCchA5+QCDk4Hbz1UrnHmPA2Lg9c3WGm2qedvQdVJXuS3mlwYOqL40aXPs6890PvFJUlpiVSznF50djPnwsMxJZEf1HdTXgZD1Bh54ogZf7czyUNfkNkE69yJDbTHjpQd0cKUQnu9tVxqmBzhX31yF4VcsMeADcf2Z8wlA3n4LZnC/GwonYlq5+G93zJpFOkPhme8c2XuPuCXF795lsxyJ8SB/AlwPJAhEtm0y0s0l1l4eWqxsDxkBOgN+ivU0czrVMssHJEJb4o0FLf7iHhOW56/iMdD9w== userName
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmak4Wu23RZ6XmN94bOsqecZxuTa4RRhhQmHmTZjMB7HM57/90u/B/gB/GhsPEu1nAXL0npY56tT/MPQ8vRm2C2W9A7CzN5+z5yyL3W01YZy3kzslk77CjULjfhrcfQSL3b2sPG5jv5E5/nyC/swSytucwT/PE7aXTS9H6cHIKUdYPzIt94SHoBxWRIK7PJi9d+eLB+hmDzvbVa1ezu5a8yu2kcHi6NxxfI5iRj2rsceDTp0imC1jMoC6ZDfBvZSxL9FXTMwFdNnmTlJveBtv9nAbnAvIWlilS0VOkdj1s3GxBxeZYAcKbcsK9sJzusptk5dxGsG2Z8vInaglN6OaOQ7b7tcomzCYYwviGQ9gRX8sGsVrw39gsDIGYP2tA4bRr7ecHnlNg1b0HCchA5+QCDk4Hbz1UrnHmPA2Lg9c3WGm2qedvQdVJXuS3mlwYOqL40aXPs6890PvFJUlpiVSznF50djPnwsMxJZEf1HdTXgZD1Bh54ogZf7czyUNfkNkE69yJDbTHjpQd0cKUQnu9tVxqmBzhX31yF4VcsMeADcf2Z8wlA3n4LZnC/GwonYlq5+G93zJpFOkPhme8c2XuPuCXF795lsxyJ8SB/AlwPJAhEtm0y0s0l1l4eWqxsDxkBOgN+ivU0czrVMssHJEJb4o0FLf7iHhOW56/iMdD9w== userNameCopy to Clipboard Copied! .{keyId}.pub.meta: This file contains the key metadata in JSON format. A new metadata file is dynamically generated if a key has no metadata.For example:
{ "name":"Key", "creationDate":"Oct 10, 2018 10:10:50 PM", "lastTimeUsed":"Oct 11, 2018 12:11:23 PM" }{ "name":"Key", "creationDate":"Oct 10, 2018 10:10:50 PM", "lastTimeUsed":"Oct 11, 2018 12:11:23 PM" }Copy to Clipboard Copied!
11.2. Custom SSH keystore
You can extend and customize the default SSH keystore according to your requirements. Use the appformer.ssh.keystore system property to specify the Java class name of the SSH service to use. If this property is not defined or it contains an incorrect value then the default SSH keystore is loaded.
To create a custom implementation of the SSH keystore, your java class must implement the org.uberfire.ssh.service.backend.keystore.SSHKeyStore class defined in the uberfire-ssh-api module.
11.3. Creating an SSH key
Before you can add or register SSH keys to Decision Central, you must generate an SSH key on your system.
Procedure
- Open a terminal on your system.
Run the
ssh-keygencommand to create the SSH key as shown in the following example, where <user_login> is your user name.ssh-keygen -t rsa -b 4096 -C "<user_login>"
ssh-keygen -t rsa -b 4096 -C "<user_login>"Copy to Clipboard Copied! NoteThe SSH key formats supported by Decision Central keystore are
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, andecdsa-sha2-nistp521.When prompted, press the Enter key and accept the default key file location as shown in the following example, where <user_login> is your user name.
Enter a file in which to save the key (/home/<user_login>/.ssh/id_rsa): [Press enter]
Enter a file in which to save the key (/home/<user_login>/.ssh/id_rsa): [Press enter]Copy to Clipboard Copied! At the command prompt, enter and confirm the passphrase.
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]Copy to Clipboard Copied! Start the
ssh-agent.eval "$(ssh-agent -s)" Agent pid <any-number-here>
eval "$(ssh-agent -s)" Agent pid <any-number-here>Copy to Clipboard Copied! Add the new SSH private key to the
ssh-agent. If you have used a different key name, replace id_rsa in code.ssh-add ~/.ssh/id_rsa
ssh-add ~/.ssh/id_rsaCopy to Clipboard Copied!
11.4. Registering your SSH public key with the SSH keystore
You must register your newly created SSH public key with the Decision Central keystore.
Procedure
- Open a terminal on your system.
Run the
catcommand as shown in the following example, whereid_rsais your key name.cat ~/.ssh/id_rsa.pub
cat ~/.ssh/id_rsa.pubCopy to Clipboard Copied! - Copy the contents of your SSH public key.
- Log in to Decision Central.
-
Select Admin
SSH Keys. - From the SSH Keys page, click Add SSH Keys.
In the Add SSH Key window, enter a name in the Name field and copy the contents of the SSH public key to the Keys field.
NoteThe Name and the Key fields are mandatory.
- Click Add SSH Key to register the key.
11.5. Deleting an SSH key
You can delete an SSH key from Decision Central by from the SSH Keys page.
Procedure
- Log in to Decision Central.
-
Select Admin
SSH Keys. - All of the SSH keys are listed on the SSH Keys page.
- To delete an SSH key, click the delete icon (trash can).
- Click the Delete SSH Key to confirm the deletion.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}