Gitlab: SSH-Keys管理(API方式:指定用户)
使用自己的token管理自己的ssh-key是一种常见的使用场景,还有一种就是仅限于GitLab的admin账户,使用Admin的token可以操作所有用户的ssh-key,这篇文章将继续进行说明。
环境准备
docker-compose文件
liumiaocn:gitlab liumiao$ cat docker-compose.yml
version: '2'
services:
# Version Control service: Gitlab
gitlab:
image: gitlab/gitlab-ce:12.10.5-ce.0
ports:
- "32001:80"
volumes:
- ./log/:/var/log/gitlab
- ./data/:/var/opt/gitlab
- ./conf/:/etc/gitlab
restart: "no"
liumiaocn:gitlab liumiao$
事前准备
创建如下目录:
liumiaocn:gitlab liumiao$ ls
docker-compose.yml
liumiaocn:gitlab liumiao$ mkdir -p log data conf
liumiaocn:gitlab liumiao$ ls
conf data docker-compose.yml log
liumiaocn:gitlab liumiao$
启动
启动命令:docker-compose up -d
登录并创建apitoken
登录URL
- http://localhost:32001
注:此处设定root用户密码,由于后续直接使用token进行用户创建,示例说明中不再直接需要使用root设定的密码。
创建api用的token
通过settings菜单或者直接使用如下URL,创建api用的token
- http://localhost:32001/profile/personal_access_tokens
事前准备
添加名为liumiao的用户,也可通过界面操作进行,此步可以跳过
执行命令
access_token=“7F2jdsYyeDsuhGnyTvPz”
gitlab_url=“localhost:32001”
curl -X POST -H “PRIVATE-TOKEN: ${access_token}” http://${gitlab_url}/api/v4/users
-H ‘cache-control: no-cache’
-H ‘content-type: application/json’
-d ‘{ “email”: “[email protected]”,
“username”: “liumiao”,
“password”: “12341234”,
“name”: “liumiao”,
“skip_confirmation”: “true”
}’
执行日志示例:
liumiaocn:~ liumiao$ curl -X POST -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users -H 'cache-control: no-cache' -H 'content-type: application/json' -d '{ "email": "[email protected]",
> "username": "liumiao",
> "password": "12341234",
> "name": "liumiao",
> "skip_confirmation": "true"
> }' |jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 898 100 759 100 139 1785 327 --:--:-- --:--:-- --:--:-- 2112
{
"id": 2,
"name": "liumiao",
"username": "liumiao",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/95c1f7ff72d71b448592a335ba80fb64?s=80&d=identicon",
"web_url": "http://2dba3d4f4dfa/liumiao",
"created_at": "2020-07-19T21:35:27.312Z",
"bio": null,
"location": null,
"public_email": "",
"skype": "",
"linkedin": "",
"twitter": "",
"website_url": "",
"organization": null,
"job_title": "",
"work_information": null,
"last_sign_in_at": null,
"confirmed_at": "2020-07-19T21:35:27.148Z",
"last_activity_on": null,
"email": "[email protected]",
"theme_id": 1,
"color_scheme_id": 1,
"projects_limit": 100000,
"current_sign_in_at": null,
"identities": [],
"can_create_group": true,
"can_create_project": true,
"two_factor_enabled": false,
"external": false,
"private_profile": false,
"is_admin": false
}
liumiaocn:~ liumiao$
设定token的图形方式
通过GitLab的界面操作,可以很容易地设定token,首先登录之后选择用户菜单中的Settings
然后选择SSH Keys左侧菜单项即可通过界面方式对ssh-key进行操作
创建本地用户的ssh-key
liumiaocn:~ liumiao$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/liumiao/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/liumiao/.ssh/id_rsa.
Your public key has been saved in /Users/liumiao/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FgCQGZ5XL0dLvCYw3F34LQzXgR0bePHsNdGe94jPWXk liumiao@liumiaocn
The key's randomart image is:
+---[RSA 3072]----+
| o*.ooooo.==+ ..|
| .o.+..==.+ += o|
| o .o. =* o. ooo|
| . .oo.+ .. o+|
| oS . ...+|
| . . ..E|
| o o.|
| + |
| |
+----[SHA256]-----+
liumiaocn:~ liumiao$
这样在当前用户的HOME下的.ssh目录中就会有如下rsa方式的公钥和私钥,注意设定的是公钥,私钥是需要我们自己妥善保管的,公钥是可以从私钥中取出来的,详细展开内容可以参看:
- https://blog.csdn.net/liumiaocn/category_9573907.html
创建前确认
操作:添加用户ssh-key(指定用户)
使用users/${userid}/keys可以添加当前指定用户的token,执行示例命令与日志如下所示
liumiaocn:~ liumiao$ userid=2
liumiaocn:~ liumiao$ curl -X POST -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid}/keys -H 'cache-control: no-cache' -H 'content-type: application/json' -d '{"title": "ssh key for local mac os setting by admin",
> "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9V0ynK5YE84hoeK8LonTw2zixdrSrbR8yuaK1tGuvWD/OZ/P/zDjLHmcJqrK7tB1pgbWAmne8hhXjgNPNHglPp+epU6rP+a3VfDNA6bmbeMQDs/8IW89lhHE0PhIG4zalntgx2sPlhmqVi0XXn77RFXF8h0kbGPIL/nXwvGXfx7GQBpCmhqioJX7kXTReEEdLA6Ec7LgYYZUTorNlZkw3D+beuezyHt+zE6ggpP3aDDigaeMXlf2yfdClpETCIure4vxvXBHBZt9dy54A+YJNcPgY49Pj4Z6C2KVqTS9kM+fQ1gHZsjP9vbObh0TmsV0Zffy0HXwayNqiIutuk65RdVxTCjdCiz/9Lwxza9P7PcJEmb6tW+me/QROKT1LsJH6gn59ufGiB+OsmBg9lK+CaG+CVi0WGDmPKlh/oJ+noGQGgr0NHxkBqJLTim1HCCS5rb2U+ynjtHSKEKZ5BMqxG4ci6WZOsJg/gedefHA9R5Xd3TJkGas+2P3nfjB5zJM= liumiao@liumiaocn",
> "expires_at": "2020-09-19T00:00:00.000Z"
> }' |jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1379 100 697 100 682 3226 3157 --:--:-- --:--:-- --:--:-- 6384
{
"id": 8,
"title": "ssh key for local mac os setting by admin",
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9V0ynK5YE84hoeK8LonTw2zixdrSrbR8yuaK1tGuvWD/OZ/P/zDjLHmcJqrK7tB1pgbWAmne8hhXjgNPNHglPp+epU6rP+a3VfDNA6bmbeMQDs/8IW89lhHE0PhIG4zalntgx2sPlhmqVi0XXn77RFXF8h0kbGPIL/nXwvGXfx7GQBpCmhqioJX7kXTReEEdLA6Ec7LgYYZUTorNlZkw3D+beuezyHt+zE6ggpP3aDDigaeMXlf2yfdClpETCIure4vxvXBHBZt9dy54A+YJNcPgY49Pj4Z6C2KVqTS9kM+fQ1gHZsjP9vbObh0TmsV0Zffy0HXwayNqiIutuk65RdVxTCjdCiz/9Lwxza9P7PcJEmb6tW+me/QROKT1LsJH6gn59ufGiB+OsmBg9lK+CaG+CVi0WGDmPKlh/oJ+noGQGgr0NHxkBqJLTim1HCCS5rb2U+ynjtHSKEKZ5BMqxG4ci6WZOsJg/gedefHA9R5Xd3TJkGas+2P3nfjB5zJM= liumiao@liumiaocn",
"created_at": "2020-07-19T23:26:27.672Z",
"expires_at": null
}
liumiaocn:~ liumiao$
结果确认:注意用户是liumiao,执行用户的token为root(admin)的
操作: 查询指定用户ssh-key
使用/users/${userid}/keys可查询指定用户,比如:
liumiaocn:~ liumiao$ useridorname=2
liumiaocn:~ liumiao$ curl -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${useridorname}/keys
[{"id":8,"title":"ssh key for local mac os setting by admin","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9V0ynK5YE84hoeK8LonTw2zixdrSrbR8yuaK1tGuvWD/OZ/P/zDjLHmcJqrK7tB1pgbWAmne8hhXjgNPNHglPp+epU6rP+a3VfDNA6bmbeMQDs/8IW89lhHE0PhIG4zalntgx2sPlhmqVi0XXn77RFXF8h0kbGPIL/nXwvGXfx7GQBpCmhqioJX7kXTReEEdLA6Ec7LgYYZUTorNlZkw3D+beuezyHt+zE6ggpP3aDDigaeMXlf2yfdClpETCIure4vxvXBHBZt9dy54A+YJNcPgY49Pj4Z6C2KVqTS9kM+fQ1gHZsjP9vbObh0TmsV0Zffy0HXwayNqiIutuk65RdVxTCjdCiz/9Lwxza9P7PcJEmb6tW+me/QROKT1LsJH6gn59ufGiB+OsmBg9lK+CaG+CVi0WGDmPKlh/oJ+noGQGgr0NHxkBqJLTim1HCCS5rb2U+ynjtHSKEKZ5BMqxG4ci6WZOsJg/gedefHA9R5Xd3TJkGas+2P3nfjB5zJM= liumiao@liumiaocn","created_at":"2020-07-19T23:26:27.672Z","expires_at":null}]liumiaocn:~ liumiao$
liumiaocn:~ liumiao$ useridorname=liumiao
liumiaocn:~ liumiao$ curl -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${useridorname}/keys
[{"id":8,"title":"ssh key for local mac os setting by admin","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9V0ynK5YE84hoeK8LonTw2zixdrSrbR8yuaK1tGuvWD/OZ/P/zDjLHmcJqrK7tB1pgbWAmne8hhXjgNPNHglPp+epU6rP+a3VfDNA6bmbeMQDs/8IW89lhHE0PhIG4zalntgx2sPlhmqVi0XXn77RFXF8h0kbGPIL/nXwvGXfx7GQBpCmhqioJX7kXTReEEdLA6Ec7LgYYZUTorNlZkw3D+beuezyHt+zE6ggpP3aDDigaeMXlf2yfdClpETCIure4vxvXBHBZt9dy54A+YJNcPgY49Pj4Z6C2KVqTS9kM+fQ1gHZsjP9vbObh0TmsV0Zffy0HXwayNqiIutuk65RdVxTCjdCiz/9Lwxza9P7PcJEmb6tW+me/QROKT1LsJH6gn59ufGiB+OsmBg9lK+CaG+CVi0WGDmPKlh/oJ+noGQGgr0NHxkBqJLTim1HCCS5rb2U+ynjtHSKEKZ5BMqxG4ci6WZOsJg/gedefHA9R5Xd3TJkGas+2P3nfjB5zJM= liumiao@liumiaocn","created_at":"2020-07-19T23:26:27.672Z","expires_at":null}]liumiaocn:~ liumiao$
liumiaocn:~ liumiao$
操作:删除用户ssh-key(指定用户)
操作日志如下所示:
liumiaocn:~ liumiao$ keyid=8
liumiaocn:~ liumiao$ userid=2
liumiaocn:~ liumiao$ curl -X DELETE -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid}/keys/${keyid}
liumiaocn:~ liumiao$ echo $?
0
liumiaocn:~ liumiao$
结果确认
liumiaocn:~ liumiao$ useridorname=2
liumiaocn:~ liumiao$ curl -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${useridorname}/keys
[]liumiaocn:~ liumiao$
其他
如果token中为当前用户,使用方式的URL中不必包含userid,详细可参看:
- https://liumiaocn.blog.csdn.net/article/details/107455400