Fuse ESB Enterprise - Configuring and Running Fuse ESB Enterprise - Connecting to a Container Using the SSH Command-Line Utility

Connecting to a Container Using the SSH Command-Line Utility

Overview

You can also use the ssh command-line utility (a standard utility on UNIX-like operating systems) to log in to the Fuse ESB Enterprise container, where the authentication mechanism is based on public key encryption (the public key must first be installed in the container). For example, given that the container is configured to listen on IP port 8101, you could log in as follows:

ssh -p 8101 jdoe@localhost

	Important
	Key-based login is currently supported only on standalone containers, not on Fabric containers.

Prerequisites

To use key-based SSH login, the following prerequisites must be satisfied:

The container must be standalone (Fabric is not supported) with the PublickeyLoginModule installed.
You must have created an SSH key pair (see Creating a new SSH key pair).
You must install the public key from the SSH key pair into the container (see Installing the SSH public key in the container).

Default key location

The ssh command automatically looks for the private key in the default key location. It is recommended that you install your key in the default location, because it saves you the trouble of specifying the location explicitly.

On a *NIX operating system, the default locations for an RSA key pair are:

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

On a Windows operating system, the default locations for an RSA key pair are:

C:\Documents and Settings\Username\.ssh\id_rsa
C:\Documents and Settings\Username\.ssh\id_rsa.pub

	Note
	Fuse ESB Enterprise supports only RSA keys. DSA keys do not work.

Creating a new SSH key pair

Generate an RSA key pair using the ssh-keygen utility. Open a new command prompt and enter the following command:

ssh-keygen -t rsa -b 2048

The preceding command generates an RSA key with a key length of 2048 bits. You will then be prompted to specify the file name for the key pair:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/Username/.ssh/id_rsa):

Type return to save the key pair in the default location. You will then be prompted for a pass phrase:

Enter passphrase (empty for no passphrase):

You can optionally enter a pass phrase here or type return twice to select no pass phrase.

	Note
	If you want to use the same key pair for running Fabric console commands, it is recommended that you select no pass phrase, because Fabric does not support using encrypted private keys.

Installing the SSH public key in the container

To use the SSH key pair for logging into the Fuse ESB Enterprise container, you must install the SSH public key in the container by creating a new user entry in the InstallDir/etc/keys.properties file. Each user entry in this file appears on a single line, in the following format:

Username=PublicKey,Role1,Role2,...

For example, given that your public key file, ~/.ssh/id_rsa.pub, has the following contents:

ssh-rsa AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7
gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnfqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCX
YFCPFSMLzLKSuYKi64QL8Fgc9QAAAnEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
FhO3zwkyjMim4TwWeotifI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACB
AKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53Jj7uyk31drV2qxhIOsLDC9dGCWj4
7Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx jdoe@doemachine.local

You can create the jdoe user with the admin role by adding the following entry to the InstallDir/etc/keys.properties file (on a single line):

jdoe=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7
gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnfqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCX
YFCPFSMLzLKSuYKi64QL8Fgc9QAAAnEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
FhO3zwkyjMim4TwWeotifI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACB
AKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53Jj7uyk31drV2qxhIOsLDC9dGCWj4
7Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin

	Important
	Do not insert the entire contents of the `id_rsa.pub` file here. Insert just the block of symbols which represents the public key itself.

Checking that public key authentication is supported

After starting the container, you can check whether public key authentication is supported by running the jaas:realms console command, as follows:

Index Realm                Module Class                                                                    
    1 karaf                org.apache.karaf.jaas.modules.properties.PropertiesLoginModule                  
    2 karaf                org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule

You should see that the PublickeyLoginModule is installed. With this configuration you can log in to the container using either username/password credentials or public key credentials.

Logging in using key-based SSH

You are now ready to login to the container using the key-based SSH utility. For example:

$ ssh -p 8101 jdoe@localhost
______                   _____  _____ ______ 
|  ___|                 |  ___|/  ___|| ___ \
| |_  _   _  ___   ___  | |__  \ `--. | |_/ /
|  _|| | | |/ __| / _ \ |  __|  `--. \| ___ \
| |  | |_| |\__ \|  __/ | |___ /\__/ /| |_/ /
\_|   \__,_||___/ \___| \____/ \____/ \____/

  Fuse ESB (7.1.0.fuse-036)
  http://fusesource.com/products/fuse-esb-enterprise/

Hit '<tab>' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown Fuse ESB.

FuseESB:fbolton@root>

	Note
	If you are using an encrypted private key, the `ssh` utility will prompt you to enter the pass phrase.

Comments powered by Disqus