Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
HD-Node:SophiaAntipolis
Description
The region staff team are responsible of the virtual machines instantiated on their servers. Therefore each region staff should have the control of who access the virtual machines for support purposes and set and enforce the corresponding policy. It is not possible if the public keys are shared among all the regions. Additionally, it is also extremely insecure and a problem when a region leaves the federation.
A new service, called aiakos and deployed aiakos.lab.fiware.org, has been deployed in FIWARE Lab to manage support region ssh and gpg keys.
As region administrator, you should create your ssh, and gpg keys and upload it into the aikos service (you can obtain information about how create your keys in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key).
To upload your keys into the aiakos service, you should use just a POST operation
POST: https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
You can find information about why ssh and gpg keys are needed in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#why-a-ssh-key-and-a-gpg-key-are-needed
Activity
Hello Henar,
1)
We did the POST request with
URL: http://cloud.lab.fi-ware.org:4731/v2.0/tokens
Headers: Accept: text/plain
Content-Type: application/json
and
Payload:
{
"auth":{
"passwordCredentials":
,
"tenantName":"admin"
}
}
and we are able to retrieve the token-id, which in our opinion in the following piece of text is the "id". Is our assumption correct?
token": {
"issued_at": "2016-03-18T11:03:43.029503"
"expires": "2016-03-19T11:03:42Z"
"id": "79c846445c524c56bc608c35c93ab12c"
2) Now, we are doing in this url: http://aiakos.lab.fiware.org:3000/v1/support/
a POST request with
Headers:
X-Auth-Token: 79c846445c524c56bc608c35c93ab12c
Accept: text/plain
Content-Type: text/plain
and Payload a key that was generated by puttygen and is this one:
AAAAB3NzaC1yc2EAAAADAQABAAABAQC3wWf8ENv1+USgRh0x9EvlczhbOoqfHGXR
zV1rlkE0I61HM6D6QY3edTGoQLsKyk1QTSo954q/ULBP7KY2/7YucTaDOsJgS0Ff
Yxnhs5faljmrccApyD1a09rMv9OtCQHdLRpnM3WoyiApIIXBXvpxX4gC6yZVXnCw
7TcKkFejyeWUsWIsf1PaNKuG8CAKtwQah4L81VrhGGr8vCh8wjreIJCEUV73alcJ
y5FaxbeasBs5GGlgP4vedzLxsbQpiK3kl/P/gNVPzdGKprjst9urb/k36v82cXy+
jGQ2HCYGqCSFw6kOXuURrmEjkk0Sk2WSH7hhBGMENHgMf8vY3IFB
and we get as a Response 400 Bad Request with reason : Error: invalid key
Could you tell us please what is wrong in the whole procedure that we did?
Best regards,
Sophia Antipolis Team
Hi,
a valid ssh key is something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3wWf8ENv1+USgRh0x9EvlczhbOoqfHGXR
zV1rlkE0I61HM6D6QY3edTGoQLsKyk1QTSo954q/ULBP7KY2/7YucTaDOsJgS0Ff
Yxnhs5faljmrccApyD1a09rMv9OtCQHdLRpnM3WoyiApIIXBXvpxX4gC6yZVXnCw
7TcKkFejyeWUsWIsf1PaNKuG8CAKtwQah4L81VrhGGr8vCh8wjreIJCEUV73alcJ
y5FaxbeasBs5GGlgP4vedzLxsbQpiK3kl/P/gNVPzdGKprjst9urb/k36v82cXy+
jGQ2HCYGqCSFw6kOXuURrmEjkk0Sk2WSH7hhBGMENHgMf8vY3IFB admin@mydomain.com
Please use a string like this in your payload.
Regards
Jesus.
You can have a look at https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key
about how to generate keys.
Hi Jésus,
Thanks. With these :
- endpoint : http://aiakos.lab.fiware.org:3000/v1/support/
- headers : (X-Auth-Token: 79c846445c524c56bc608c35c93ab12c, Accept: text/plain, Content-Type: text/plain)
- and payload : ssh-rsa "SSH Key" admin.xifi@com4innov.com
It worked: we get back "201 Created". At your side, can you see the key?
Regards,
Sophia Antipolis team
It is ok
HI
I think it has not been uploaded. I can see that I cannot obtain the public key with http://aiakos.lab.fiware.org:3000/v1/support/SophiaAntipolis/sshkey
Please, have you had any problem to upload the keys?
regards,
Henar