ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Adding and using signed ssh keys

The ability to add a signed ssh key is offered through the API only for now but the following steps describe the procedure to add a signed ssh key on your account and use it to connect to ssh servers where it has been deployed.

Step 1: create a creds file

This file will be used on step 3 to upload to your ClearGLASS account. Only dependency here is that you have python installed on your system. Create file file.py with this content:

import json 

NAME = 'signed'
PRIVATE_KEY_PATH = '/home/user/.ssh/id_rsa'
CERTIFICATE_PATH = '/home/user/.ssh/id_rsa-cert.pub' 

d =  {
  "name": NAME, 
  "priv": open(PRIVATE_KEY_PATH).read(),
  "certificate":open(CERTIFICATE_PATH).read(),
} 

w = open('creds', 'w')
w.write(json.dumps(d))
w.close()

This will create a key with name 'signed' on your ClearGLASS account, with the private ssh key being /home/user/.ssh/id_rsaand the signed ssh pub key /home/user/.ssh/id_rsa-cert.pub. Update these variables before you run the script to reflect the path of your keys in case they are different. You can change the name of the key anytime through the UI on the keys page.

Now run the script with

 python file.py

This will produce file creds that will used on step 3 to upload to your ClearGLASS account.

Step 2: get an API token for ClearGLASS

Before you can use the API you need to get a valid API token. Login to ClearGLASS, visit the account paget, on the API TOKENS section select CREATE TOKEN, you will be asked to provide the password for confirmation and once this is done you will receive an API token.

Step 3: push signed key

With the valid API key and the creds file created, all you need is run curl to upload the signed ssh key via the following command:

curl -H "Authorization: XYZ" -X PUT https://ClearGLASS/api/v1/keys -d @creds --header "Content-Type: application/json"

where you replace XYZ with the API token you created on step 2

Step 4: use the signed key

You can now use the signed key the same way you can associate any other ssh key with your VMs. Enter the machine page for a VM and select 'ADD KEY', specify the signed key and you will be able to connect to the server - provided that the key is deployed to the server.

content/en_us/cg_adding-and-using-signed-ssh-keys.txt · Last modified: 2018/03/14 07:10 by cjones

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Acg_adding-and-using-signed-ssh-keys&1544459842