1.客户端生成秘钥文件
[root@model /]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f4:b3:7f:7f:9c:8a:04:ab:9a:8b:44:1d:b6:85:9d:e0 root@model
The key's randomart image is:
+--[ RSA 2048]----+
| ..oo.|
| . ...|
| .. = Eo |
| .... o |
| .. o.o+ . |
| = . .+o= |
| ..==O ..|
| . o.=.. .o|
| . ... .o. |
+-----------------+
[root@model /]#
[root@model ~]# cd /root/.ssh/
[root@model .ssh]#
[root@model .ssh]# ls
authorized_keys id_rsa id_rsa.pub
[root@model .ssh]#
复制id_rsa.pub 公钥文件,并导入到防火墙
2.防火墙设置用户 并且 关联秘钥
ssh user username service-type stelnet authentication-type publickey assign publickey 4026pubkey
3.php代码
function sshloginfw($fwip='',$fwsshport='')
{
$connection=ssh2_connect("192.168.0.18",22,array('hostkey' => 'ssh-rsa'));
if (ssh2_auth_pubkey_file($connection, 'username',
'/root/.ssh/id_rsa.pub',
'/root/.ssh/id_rsa', '')) {
echo "Public Key Authentication Successful\n";
} else {
die('Public Key Authentication Failed');
}
$cmd="sys\n
user-group psy_system_auto_add\n
identity-member user {$add_vpn_info['username']}\n
exit\n
local-user {$add_vpn_info['username']} class network\n
password simple {$add_vpn_info['password']}\n
access-limit 1\n
service-type sslvpn\n
group psy_system_auto_add\n
authorization-attribute user-role network-operator\n\n
authorization-attribute sslvpn-policy-group SSLVPNZIYUA\n
identity-group psy_system_auto_add\n
description {$add_vpn_info['username']}-{$add_vpn_info['email']}\n
exit\n
save\n
y\n\n
y\n
";
($cmdinfo = ssh2_exec($connection,$cmd));
return $cmdinfo;
}