重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
keybox是基于web的ssh终端管理软件,在生产和测试环境中,服务器一般放在内网中,想要通过外网远程连接就需要先连接有外网的代理服务器,然后再ssh内网的机器,有了keybox就免去其中的麻烦。
目前成都创新互联已为1000+的企业提供了网站建设、域名、网站空间、网站托管运营、企业网站设计、久治网站维护等服务,公司将坚持客户导向、应用为本的策略,正道将秉承"和谐、参与、激情"的文化,与客户和合作伙伴齐心协力一起成长,共同发展。
一、安装
1、安装java环境,官方建议使用1.8以上的Java JDK
$ yum localinstall -y jdk-8u45-linux-x64.rpm # jdk路径 $ ls /usr/java/jdk1.8.0_45/ bin COPYRIGHT db include javafx-src.zip jre lib LICENSE man README.html release src.zip THIRDPARTYLICENSEREADME-JAVAFX.txt THIRDPARTYLICENSEREADME.txt $ vim /etc/profile.d/java_env.sh 1 export JAVA_HOME=/usr/java/jdk1.8.0_45 2 export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH $ exec bash # 查看java的版本 $ java -version java version "1.8.0_45" Java(TM) SE Runtime Environment (build 1.8.0_45-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
2、安装keybox,直接到github上下载keybox压缩包:https://github.com/skavanagh/KeyBox/releases/
$ tar xf keybox-jetty-v2.89_00.tar.gz -C /usr/local $ cd /usr/local/ $ mv KeyBox-jetty keybox $ cd keybox && ls jetty LICENSE.md README.md startKeyBox.bat startKeyBox.sh
二、启动keybox
# 初始化并启动 $ ./startKeyBox.sh 2017-05-10 14:13:02.374:INFO::main: Logging initialized @813ms to org.eclipse.jetty.util.log.StdErrLog 2017-05-10 14:13:02.764:INFO:oejs.Server:main: jetty-9.4.2.v20170220 2017-05-10 14:13:02.812:INFO:oejdp.ScanningAppProvider:main: Deployment monitor [file:///tmp/KeyBox-jetty/jetty/webapps/] at interval 1 2017-05-10 14:13:05.084:INFO:oeja.AnnotationConfiguration:main: Scanning elapsed time=1866ms 2017-05-10 14:13:05.478:INFO:oejs.session:main: DefaultSessionIdManager workerName=node0 2017-05-10 14:13:05.478:INFO:oejs.session:main: No SessionScavenger set, using defaults 2017-05-10 14:13:05.483:INFO:oejs.session:main: Scavenging every 660000ms # 新建数据库密码 Please enter database password: Please confirm database password: Setting KeyBox SSH public/private key pair Finger print: 12:70:18:ad:01:45:f5:dd:e2:ac:44:d4:e3:8e:65:d9 KeyBox Generated Global Public Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfC1IZiTNKgSZZtTHiL8Y8fWTfPlkA/3CUahUs3bp0oZStJNYPAAu6mUAYkDjs6FCoASqrC/WwSVamu504ZUHBID/tKJ1gV4bvjdrlkUDIo3tyhmTl2DpwAPYhaHh+NSvhVyyCFSmicVONhdll2m74p/M7jU/V8jKygNM90FMR9U GdNa7K4VpK1MW6XFax5LlskMVnN93tfwfUXCgWg18/ShbuGF6JLJibMnBI8sVsS3/PTjI/tp+MtvYLqzN3G5BHfj31lSIIk5mMcIuLK0u6D8N8ITt3+OvNvNNIeUD2A9op1swb9v8Y92RQ9WnVPQnIeHgRVZJnl3sLyr47ERsb keybox@global_key 2017-05-10 14:13:13.610:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@7e0b0338{/,file:///tmp/KeyBox-jetty/jetty/keybox/,AVAILABLE}{/tmp/KeyBox-jetty/jetty/keybox} 2017-05-10 14:13:13.628:INFO:oejus.SslContextFactory:main: x509=X509@51b1a8f6(jetty,h=[],w=[]) for SslContextFactory@2a389173(file:///tmp/KeyBox-jetty/jetty/etc/keystore,file:///tmp/KeyBox-jetty/jetty/etc/keyst ore)2017-05-10 14:13:13.660:INFO:oejs.AbstractConnector:main: Started ServerConnector@1fc76fc9{SSL,[ssl, http/1.1]}{0.0.0.0:8443} 2017-05-10 14:13:13.660:INFO:oejs.Server:main: Started @12100ms # 查看8443端口 $ ss -tnl | grep 8443 LISTEN 0 50 :::8443 :::* # keybox启动脚本的使用方法 $ /usr/local/keybox/jetty/bin/jetty.sh Usage: jetty.sh [-d] {start|stop|run|restart|check|supervise} [ CONFIGS ... ]
三、访问keybox
1、使用浏览器打开
2、输入默认的用户名admin,密码changeme登录
四、新建用户并配置免密钥ssh访问
本次使用的是通过脚本配合ansible来新建和配置
1、安装ansible并配置
$ yum install -y ansible $ vim /etc/ansible/hosts # 示例 [proxy] 192.168.1.201 [web] 192.168.1.202 192.168.1.203 [MySQL] 192.168.1.204 192.168.1.205
2、配置root与ansible配置文件中的主机免密钥ssh访问,这里就不多赘述了,通过ssh-keygen与ssh-copy-id即可完成
3、在多台主机上新建用户密码并免密钥ssh登录
# 新建用户 $ vim user_add.sh for name in test{1..5} do ansible all -m user -a "name=$name generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa state=present group=java" done $ ./user_add.sh # 配置密码 $ vim passwd_add.sh for i in test{1..5} do ansible all -m shell -a "echo '123456' | passwd --stdin $i" done $ ./passwd_add.sh # 免密钥ssh配置 $ yum install -y expect $ vim ssh_add.sh for user in test{1..5} do pass='123456' for ip in `cat /etc/ansible/hosts | grep "^[^([|#)].*"`; do /usr/bin/expect << EOF set timeout 300 spawn ssh-copy-id -i /home/$user/.ssh/id_rsa.pub $user@$ip expect { "(yes/no)" {send "yes\r"; exp_continue} "password:" {send "$pass\r"} } expect eof EOF done done $ ./ssh_add.sh
五、将相关用户与主机信息写入keybox数据库
1、将/usr/local/keybox/jetty/中的keybox文件夹复制到桌面
2、下载H2数据库console(keybox使用的是H2数据库):http://www.h3database.com/html/quickstart.html
3、连接数据库
其中JDBC 1、URL:jdbc:h3:file:C:\Users\Administrator\Desktop\keybox\WEB-INF\classes\keydb\keybox;CIPHER=AES;
2、用户名为默认的:keybox
3、密码格式为"filepassword空格userpassword":filepwd 初始化时新建的密码
4、进入数据库
5、新建数据
主要需要新建数据的表有5个,分别是
·PROFILES:用户空间示例:INSERT INTO PROFILES (NM,DESC) VALUES ('test1','test1 space');
·SYSTEM:用户和hosts的ssh信息示例:INSERT INTO SYSTEM(DISPLAY_NM,USER,HOST,PORT,AUTHORIZED_KEYS,STATUS_CD) values ('proxy','test1','192.168.1.201',22,'/home/test1/.ssh/authorized_keys','SUCCESS');
·SYSTEM_MAP:PROFILE和SYSTEM通过ID进行关联示例:INSERT INTO SYSTEM_MAP(PROFILE_ID,SYSTEM_ID) VALUES (1,1);
·USERS:用户信息,默认已有admin示例:INSERT INTO USERS (USERNAME,USER_TYPE) VALUES ('test5','A');
·USER_MAP:PROFILE和USER通过ID进行关联 示例:INSERT INTO USER_MAP (USER_ID,PROFILE_ID) VALUES (2,1);
六、配置数据并访问
使用admin用户登录,配置test1-5的密码,然后使用test1-5中的用户登录keybox后就可以使用了。