CN103136026A - Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt - Google Patents
Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt Download PDFInfo
- Publication number
- CN103136026A CN103136026A CN2013100566753A CN201310056675A CN103136026A CN 103136026 A CN103136026 A CN 103136026A CN 2013100566753 A CN2013100566753 A CN 2013100566753A CN 201310056675 A CN201310056675 A CN 201310056675A CN 103136026 A CN103136026 A CN 103136026A
- Authority
- CN
- China
- Prior art keywords
- ssh
- pki
- libvirt
- need
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt. The ssh connecting identification of the virtualized software library libvirt is achieved through the method, prompt does not pop up when connection from a management node to a computational node of the libvirt or ssh is performed, passwords do not need entering any longer, automated process of management software is improved by the operation, too much manual operation of deploying workers is not needed, error rate is reduced, and simultaneously convenience is also provided for later back-stage management.
Description
Technical field
The present invention relates to technical field of virtualization, specifically a kind of method that solves the ssh connectivity verification of virtualization software storehouse libvirt.
Background technology
Along with the fast development of cloud computing, increasing manufacturer begins to participate in this field.Because the technology more complicated of bottom, and comparative maturity, at this time going to develop the bottom Intel Virtualization Technology does not have advantage again, there is no manpower and materials yet.Therefore most manufacturers selected platform integrated and the management.Because dog-eat-dog, therefore faster can being shaped and issuing just can be seized the more market share.At this moment the more libvirt that increases income that selects carries out the support of bottom virtual management, comes integrated multi-platform virtual support.
In the management software exploitation of cloud computing, many bottom most softwares have all selected libvirt to carry out Virtual Machine Manager, because libvirt can manage multi-platform virtual machine, and as xen, vmware etc.In the cloud management system of a rapid shaping, the first-selected libvirt of bottom management software.
When using libvirt to carry out Virtual Machine Manager, because need the cross-node management, connect therefore need to set up a libvirt.Connected mode has multiple, and wherein a kind of is to use the ssh agreement to connect.But when using the ssh agreement to connect, need username and password, this is a more loaded down with trivial details process, need to record the username and password of all node servers, increase certain workload, and the management node in cloud environment and computing node should intercommunications, belong to mutual trust, the safety of cloud environment should be controlled by the shell of an integral body, and the ssh of internal node authentication is just insignificant so.Even bypass top reason, also have a fatal problem when setting up ssh and connecting, that is exactly when connecting for the first time, and ssh can inquire whether connect, and at this moment needs administrator hand to confirm.The API of libvirt connects does not have this response mechanism, can't return to this behavior and confirm to the keeper, at this moment will cause the libvirt connection failure.So need a kind of method can solve ssh connectivity verification problem.Certainly the simplest to be also the most loaded down with trivial details keeper of being exactly carry out the ssh instruction at management node to each computing node, and then manual confirmation one time records the username and password of all nodes in management system.
Here introduce a kind of method, walk around password authentification by the public key verifications mechanism of ssh.The solution here is to realize public key verifications mechanism by the agency.
Summary of the invention
The purpose of this invention is to provide a kind of method that solves the ssh connectivity verification of virtualization software storehouse libvirt.It is mainly the ssh checking that solves between management node and computing node.Here need to utilize PKI and the key mechanism of ssh, coordinate the agency to realize.
The objective of the invention is to realize in the following manner, concrete implementation step is as follows:
A. at first need in deployed environment, an agency be installed on each computing node, and move this agency;
B. need do following realization at management node:
1) at first detect this locality and whether created PKI and key, if do not use the ssh-keygen order to create one without password authentification PKI and key;
2) use the ssh-keyscan instruction to obtain the host public key of target computing node, this PKI is not that the user creates, but the hostid that ssh generates automatically detects in the know_hosts file whether comprise this PKI, if do not add;
3) PKI that head was created in the step is sent to the computing node agency;
C. need do following realization at computing node:
The PKI that the receiving management node sends over also is saved to it in authorized_keys file;
By above step, realized the ssh connectivity verification of virtualization software storehouse libvirt, libvirt or ssh can not eject prompting when managing node to the connection of computing node again, also need not to input again password, these operations have improved the automatic flow of management software, need not the too many manually-operated of deployment personnel, reduced fault rate, also provide convenience for later back-stage management simultaneously.
The invention has the beneficial effects as follows: this scheme has solved the ssh connectivity verification problem of libvirt in the virtual bottom management of cloud computing effectively, reduced manually-operated, make it can carry out better management and control, the difficulty that the uncertainty reduction system effectively that reduces that software environment goes wrong disposes, reduce deployment personnel's work, maintainer's orientation problem has also facilitated many.
Embodiment
Implementation step is as follows:
At first a need in deployed environment, install an agency, and move this agency on each computing node;
B need do following realization at management node:
1) at first detect this locality and whether created PKI and key, if do not use the ssh-keygen order to create one without password authentification PKI and key;
2) host public key of using the ssh-keyscan instruction to obtain the target computing node (is different from the PKI that creates above, this PKI is not that the user creates, but the hostid that ssh generates automatically), detect in the know_hosts file whether comprise this PKI, if do not add;
3) PKI that head was created in the step is sent to the computing node agency;
C need do following realization at computing node:
1) PKI that sends over of receiving management node and it is saved in the authorized_keys file.
So far realized this scheme, libvirt or ssh can not eject prompting when managing node to the connection of computing node again, also need not to input password again.These operations have improved the automatic flow of management software, need not the too many manually-operated of deployment personnel, have reduced fault rate, also provide convenience for later back-stage management simultaneously.
Embodiment
A. create PKI and key at management node;
B. obtain the host public key of computing node and be saved in the ssh specified configuration file of management node;
C. the PKI with management node is sent to the computing node agency;
D. the computing node agency receives PKI and is saved to assigned address.
Except the described technical characterictic of instructions, be the known technology of those skilled in the art.
Claims (1)
1. a method that solves the ssh connectivity verification of virtualization software storehouse libvirt, is characterized in that
Concrete implementation step is as follows:
A. at first need in deployed environment, an agency be installed on each computing node, and move this agency;
B. need do following realization at management node:
1) at first detect this locality and whether created PKI and key, if do not use the ssh-keygen order to create one without password authentification PKI and key
2) use the ssh-keyscan instruction to obtain the host public key of target computing node, this PKI is not that the user creates, but the hostid that ssh generates automatically detects in the know_hosts file whether comprise this PKI, if do not add;
3) PKI that head was created in the step is sent to the computing node agency;
C. need do following realization at computing node:
The PKI that the receiving management node sends over also is saved to it in authorized_keys file;
By above step, realized the ssh connectivity verification of virtualization software storehouse libvirt, libvirt or ssh can not eject prompting when managing node to the connection of computing node again, also need not to input again password, these operations have improved the automatic flow of management software, need not the too many manually-operated of deployment personnel, reduced fault rate, also provide convenience for later back-stage management simultaneously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100566753A CN103136026A (en) | 2013-02-22 | 2013-02-22 | Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100566753A CN103136026A (en) | 2013-02-22 | 2013-02-22 | Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103136026A true CN103136026A (en) | 2013-06-05 |
Family
ID=48495892
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100566753A Pending CN103136026A (en) | 2013-02-22 | 2013-02-22 | Method for achieving secure shell (ssh) connecting identification of virtualized software library libvirt |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103136026A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100031A (en) * | 2014-05-23 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for adding trusts in batches |
| CN107465752A (en) * | 2017-08-22 | 2017-12-12 | 郑州云海信息技术有限公司 | A kind of connection management method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7150014B2 (en) * | 2002-10-04 | 2006-12-12 | Hewlett-Packard Development Company, L.P. | Automatically deploying software packages used in computer systems |
| CN101520748A (en) * | 2009-01-12 | 2009-09-02 | 浪潮电子信息产业股份有限公司 | Method for testing speed-up ratio of Intel multicore CPU |
| CN102202046A (en) * | 2011-03-15 | 2011-09-28 | 北京邮电大学 | Network-operating-system-oriented trusted virtual operating platform |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
-
2013
- 2013-02-22 CN CN2013100566753A patent/CN103136026A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7150014B2 (en) * | 2002-10-04 | 2006-12-12 | Hewlett-Packard Development Company, L.P. | Automatically deploying software packages used in computer systems |
| CN101520748A (en) * | 2009-01-12 | 2009-09-02 | 浪潮电子信息产业股份有限公司 | Method for testing speed-up ratio of Intel multicore CPU |
| CN102202046A (en) * | 2011-03-15 | 2011-09-28 | 北京邮电大学 | Network-operating-system-oriented trusted virtual operating platform |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
Non-Patent Citations (2)
| Title |
|---|
| 张丽 等: ""利用SSH的密钥对建立安全通道"", 《微计算机信息》 * |
| 林晓飞 等: "《Red Hat Enterprise Linux4.0网络服务与管理》", 31 August 2008, 清华大学出版社 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100031A (en) * | 2014-05-23 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for adding trusts in batches |
| CN105100031B (en) * | 2014-05-23 | 2019-05-17 | 北京奇虎科技有限公司 | A kind of methods, devices and systems that batch addition is trusted |
| CN107465752A (en) * | 2017-08-22 | 2017-12-12 | 郑州云海信息技术有限公司 | A kind of connection management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102376419B1 (en) | Secure creation of encrypted virtual machines from encrypted templates | |
| US10754955B2 (en) | Authenticating a boot path update | |
| TWI559167B (en) | A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device | |
| CN109154849A (en) | Super emerging system including core layer, user interface and the service layer equipped with the user's space based on container | |
| US20140258238A1 (en) | Method to embed snapshot management into virtual machine instances | |
| CN110073355A (en) | Secure execution environments on server | |
| US20130227710A1 (en) | System and method for securing leased images in a cloud environment | |
| CN105306225B (en) | A kind of physical machine remote power-off method based on Openstack | |
| CN106506636A (en) | A kind of cloud platform cluster method and system based on OpenStack | |
| KR102524126B1 (en) | Apparatus for providing design and deployment of distributed cloud system for establishing 5G infra and method thereof | |
| TWI581589B (en) | Iscsi boot parameter deployment system and iscsi boot parameter deployment method | |
| KR20160094440A (en) | Media protection policy enforcement for multiple-operating-system environments | |
| CN103473117A (en) | Cloud-mode virtualization method | |
| US10592268B2 (en) | Management computer and resource management method configured to combine server resources and storage resources and allocate the combined resources to virtual machines | |
| CN110012074B (en) | Cloud environment trusted context management method | |
| US10740467B2 (en) | Remote access controller in-band access system | |
| TW201539240A (en) | Data erasure of a target device | |
| US20220413903A1 (en) | Framework for migrating applications across public and private clouds | |
| US9363270B2 (en) | Personas in application lifecycle management | |
| WO2015160366A1 (en) | Method and apparatus for template based platform and infrastructure provisioning | |
| US20140258235A1 (en) | Method to provide user domain management of snapshots for virtual desktops using centralized portal | |
| US11861011B2 (en) | Secure boot process | |
| US11537732B2 (en) | Unlocking access of information responsive to validation of program codes of virtual entities | |
| WO2015070376A1 (en) | Method and system for realizing virtualization security | |
| US20130219499A1 (en) | Apparatus and method for providing security for virtualization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130605 |