• Openstack中用秘钥对(keypair)生成和访问虚机的方法


    Openstack中用镜像文件生成的image来创建虚机(VM或Instance)时, 通常不支持用户名加密码的ssh方式登录访问该VM,而是用秘钥对(keypair)方式.

    这里以Centos的镜像为例, 介绍用keypair生成和访问虚机的方法.

    1) 查看系统中的keypair:
    root@cic-1:~# openstack keypair list
    +----------+-------------------------------------------------+
    | Name     | Fingerprint                                     |
    +----------+-------------------------------------------------+
    | my_key   | 51:47:92:7d:a1:ec:75:aa:07:3a:a8:7c:17:63:4d:6f |
    | pub_key  | 91:4b:da:c4:9d:6e:2e:7e:75:60:25:2a:d5:d1:5b:99 |
    +----------+-------------------------------------------------+

    2) 生成自己的keypair, 名字随意取, 本例中是key0510t:

    该指令的输出即为密钥:
    root@cic-1:~# openstack keypair create key0510t
    -----BEGIN RSA PRIVATE KEY-----
    MIIEqAIBAAKCAQEAzSuh/2jslGnRKjjaVMaBN/kNTOQ/7x1etcw82eppcY3L0ls/
    CaNU3GI+ldh36bIMXDwlpLVHp0D4antYKDVVNMbyTlLH0XbO+gSSF955XYV1FSLN
    I0WuKtU6Gh4GoC1LaC3gpLEa5FJD+K/N5o3Z5xVseLebLbPnDCCzA6tqu4hq8M1z
    t2STtbAT/GyCVmAEUR4qmGl8mRcKGnBTaC6r6o/+UYz+25IF/0yoLJEd4pNJgwRt
    0xIel/KS1AVlQwxMdigsoXSN78e5kUEjof7HAk+2qzY8jAMuZKsedyoD8QrcuNPC
    dE3edEqmIQiFD7lHO3CztNKc1K9CiTEVvKJWXwIDAQABAoIBABSuR0AFhYNYPzsw
    S+GruK65rfuILmGd5kQQ+DlHBaXqkxb7F5mTGySzync0QLIPvms1rN2zYCudwuyI
    zlQPPC17uETo1zdn8GkHOOqrBDTHFQwyW9coWOv8XkTvrd9LcYRoy3IOYBWPrUZO
    AkUxGzvNzwdECqJKtglk6mZ+St3oLeHG1AE2wgdhEgzxtc8JrCLoWNNRM4Ajob3n
    SgCILlWOrZRuVGFTRiwjXQKvTbIxISJ4wIPDdgT+o25uiXX3MfTtK0dArl+oCopc
    RXhNZfKwZ5laQOvoAvLwWPS85ir3H0VRusCGrhDxYrS9kN5u8/ad0KyLHd44LTu1
    g6trkcECggCBAM+fclFgYXz1nn0bcx3LlOrS6OeKhCg5qWrccpKdvFUfFRE/fEMC
    T27AfxYUV3AU0tIIqAlhFmLpp5JOJn7xfAWwo3gvjSd0nfxCxZQP9NXRpPgkdmeo
    fcWnTPtLZOlwujzjcEETqJL02P8eixKJIV6uQfThXKA6iS4cPueVUztxAoIAgQD8
    +ecKKBeAiijwyM1DV0W+tjnEgEroR0e5/96ZgKeNNrVSLAh8niMQy+Fx7ZXRZfCz
    e4cjFpsD0hMuhQT1fXvRbH+ouazl9thtxUROXcRBU8NhOCoogsIj4NCd5bX0c43Y
    Kaz6RqA77xKk/V04ZZVCAmES58Z/sHfyU+IBeWqmzwKCAIBti0Dzsph9J9KxS5RX
    OhyeMR11XN4RoyrCGQHSXasKdlXVPdvANy3Vz3a+HYlst2/sJWkTWchH8+PYC6e/
    /oVjMylsthoRoTPh7xDz599UGUKjMgnO81U4veaeB898Y1+/1HhbvZWJw+nh4Smb
    ZALZQ7PFEkqet4O9cmW2JlE94QKCAIEAyiSmiWcf4IaF0GGkI3tJL+tMncgmExVi
    Ky5aIS68tApTOSYWYf2652EC9JZ0cK6Ud9btVQxrMdJboYCJReDPX7jjCV/U2K02
    pABNZJFokQrtxHGsvlI9741lJca4bm0nmuMyZYqp3zpaG5yZMMd7TRO5nfG2m7HX
    JrwAjE0I++ECggCAZF5WvDh0lus+gN48BETksoEF/2YiE8XkT6gWW5C9Hj6esFwx
    vkkPZ1Hvt3U6iFHTdQ8A+kMG7kWACgsrqgkIpB3pKui66+WlyNxo+EcAa0HqziF1
    qqZm9Dwk6GJ7Jb5pjQDSGB83gtvzFFrl5KjD+ZhBNNSv4KQSKxrVct5akcE=
    -----END RSA PRIVATE KEY-----

    3) 把密钥保持在一个文件中, 也就是key file (名字任意选取, 为方便这里和keypair的名字一样):
    root@cic-1:~# vi key0510t.pem

    把上面所有的内容(含第一行和最后一行的标签和符号)复制到该文件,保存退出。
    再用more或cat指令检查一遍该文件:
    root@cic-1:~# more key0510t.pem

    4) 确认keypair:
    root@cic-1:~# openstack keypair list
    +----------+-------------------------------------------------+
    | Name     | Fingerprint                                     |
    +----------+-------------------------------------------------+
    | my_key   | 51:47:92:7d:a1:ec:75:aa:07:3a:a8:7c:17:63:4d:6f |
    | pub_key  | 91:4b:da:c4:9d:6e:2e:7e:75:60:25:2a:d5:d1:5b:99 |
    | key0510t | 4b:79:61:3f:5d:30:97:66:e5:6f:2a:73:0e:64:11:e0 |
    +----------+-------------------------------------------------+

    5) 用nova boot创建VM,带上关键参数--key-name,其值就是上面的keypair:
    root@cic-1:~# nova boot --flavor m1.small --image centos --key-name key0510t --availability-zone nova --nic net-name=testnet test_vm_t

    检查生成的VM,获取IP地址:
    root@cic-1:~# nova show test_vm_t
    +--------------------------------------+----------------------------------------------------------+
    | Property                             | Value                                                    |
    +--------------------------------------+----------------------------------------------------------+
    | OS-DCF:diskConfig                    | MANUAL                                                   |
    | OS-EXT-AZ:availability_zone          | nova                                                     |
    | OS-EXT-SRV-ATTR:host                 | compute-1                              |
    | OS-EXT-SRV-ATTR:hostname             | test-vm-t                                                |
    | OS-EXT-SRV-ATTR:hypervisor_hostname  | compute-1                               |
    | OS-EXT-SRV-ATTR:instance_name        | instance-00000407                                        |
    ...........................................
    | image                                | centos (ad9e09fe-7359-4ce6-9b39-75b33fff0374)      |
    | key_name                             | key0510t                                                 |
    | metadata                             | {}                                                       |
    | name                                 | test_vm_t                                                |
    | os-extended-volumes:volumes_attached | []                                                       |
    | security_groups                      | default                                                  |
    | status                               | ACTIVE                                                   |
    | tenant_id                            | bfb1b84d2d994b36985cfd306e4f8860                         |
    | testnet network                      | 10.10.10.246                                             |
    | updated                              | 2018-05-10T02:49:21Z                                     |
    | user_id                              | c099eaacab0f452e806b59d8b89f0c74                         |
    +--------------------------------------+----------------------------------------------------------+

    6) 很重要的一步: 修改key file的读写属性为只读(这里已经是root用户,如果不是就加sudo):
    root@cic-1:~# chmod 600 key0510t.pem

    7) 用ssh -i的方式登录VM,-i所带的参数就是key file的名字:
    root@cic-1:~# ssh -i key0510t.pem centos@10.10.10.246
    The authenticity of host '10.10.10.246 (10.10.10.246)' can't be established.
    ECDSA key fingerprint is 59:f9:c9:c1:4b:69:8b:3d:53:31:98:24:73:17:c6:e1.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.10.10.246' (ECDSA) to the list of known hosts.
    [centos@test-vm-t ~]$ ls

    如果忽略了第6)步就会得到如下错误信息:

    root@cic-1:~# ssh -i key0510t.pem centos@10.10.10.246
    The authenticity of host '10.10.10.246 (10.10.10.246)' can't be established.
    ECDSA key fingerprint is 59:f9:c9:c1:4b:69:8b:3d:53:31:98:24:73:17:c6:e1.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.10.10.246' (ECDSA) to the list of known hosts.
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Permissions 0640 for 'key0510t.pem' are too open.
    It is required that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: key0510t.pem
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

    注:接下来如果想用用户名加密码的方式,就修改该VM的/etc/ssh/sshd_config文件:

    PermitRootLogin yes

    PasswordAuthentication yes

    然后保存退出,再service sshd restart即可。这样下次就能用用户名和密码登录了。

  • 相关阅读:
    几个ID
    一百层高楼和两个棋子
    快速了解的链接 shell sed awk
    用shell实现一个“输入密码”程序
    i love you do you love me
    打造全新视觉环境
    【转】LINUX 环境变量总结
    TextBox输入限制
    获取CPU和硬盘序列号
    Lable属性设置(winform)
  • 原文地址:https://www.cnblogs.com/bjtime/p/9178865.html
Copyright © 2020-2023  润新知