OpenV** 实现用户密码接入认证(2)
OpenV** 实现用户密码接入认证(2)
Kevin song
发布于 2020-02-19 12:38:16
发布于 2020-02-19 12:38:16
OpenV** 部署架构
OpenV** 用户认证脚本
[root@ecs-open1 ~]# cat /etc/openV**/checkpsw.sh
#!/bin/sh
###########################################################
# checkpsw.sh (C) 2004 Mathias Sundman#
# This script will authenticate OpenV** users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.
PASSFILE="/etc/openV**/psw-file"
LOG_FILE="/etc/openV**/openV**-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
###########################################################
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
赋予认证脚本权限
chmod 755 /etc/openV**/checkpsw.sh
修改 OpenV** 服务端配置文件
cat >>/etc/openV**/server/server.conf<<EOF
script-security 3
auth-user-pass-verify /etc/openV**/checkpsw.sh via-env #指定用户认证脚本
username-as-common-name
verify-client-cert none
EOF
重启 openV**-server 服务
systemctl restart openV**-server@server
配置用户密码文件
前面为用户名,后面为密码。中间使用空格分开
[root@ecs-open1 openV**]# cat /etc/openV**/psw-file
songhongpeng 123456
userA passwdA
修改客户端配置文件
注释掉cert和key(客户端不需要crt和key文件,但是需要服务器的CA证书)
client
dev tun
;proto tcp
proto udp
remote 192.168.1.105 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
#cert client1.crt
#key client1.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
comp-lzo
auth-user-pass
auth-nocache
Windows 客户端登录
Linux 客户端登录
cp /usr/share/doc/openV**-2.4.8/sample/sample-config-files/client.conf /etc/openV**/client/client.oV**
[root@zabbix-server client]# pwd
/etc/openV**/client
[root@zabbix-server client]# ls -ll
total 24
-rw------- 1 root root 1168 Feb 13 00:10 ca.crt
-rw------- 1 root root 4431 Feb 13 00:10 client1.crt
-rw------- 1 root root 1708 Feb 13 00:11 client1.key
-rw-r--r-- 1 root root 271 Feb 13 00:27 client.oV**
-rw------- 1 root root 636 Feb 13 00:09 ta.key
[root@zabbix-server client]# ls -ll
total 24
-rw------- 1 root root 1168 Feb 13 00:10 ca.crt
-rw------- 1 root root 4431 Feb 13 00:10 client1.crt
-rw------- 1 root root 1708 Feb 13 00:11 client1.key
-rw-r--r-- 1 root root 271 Feb 13 00:27 client.oV**
-rw------- 1 root root 636 Feb 13 00:09 ta.key
[root@zabbix-server client]# pwd
/etc/openV**/client
[root@zabbix-server client]# cat client.oV**
client
dev tun
;proto tcp
proto udp
remote 192.168.99.233 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
#cert client1.crt
#key client1.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
comp-lzo
auth-user-pass
auth-nocache
Linux 客户端参数
linux客户端,重新连接需要kill掉进程
[root@zabbix-server client]# ps -ef |grep openV**
root 19549 1 0 00:28 ? 00:00:00 openV** --daemon --cd /etc/openV**/client --config client.oV** --log-append /var/log/openV**.log
root 19661 19259 0 00:44 pts/0 00:00:00 grep --color=auto openV**
[root@zabbix-server client]# kill -9 19549
[root@zabbix-server client]# ps -ef |grep openV**
root 19680 19259 0 00:44 pts/0 00:00:00 grep --color=auto openV**
Linux Client OpenV** 连接
openV** --daemon --cd /etc/openV**/client --config client.oV** --log-append /var/log/openV**.log
Enter Auth Username: songhongpeng
Enter Auth Password: ******
查看Linux 网卡信息
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2020-02-13,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读