diff --git a/docs/.vitepress/config.ts b/docs/.vitepress/config.ts index 800fe8a1..919f4959 100644 --- a/docs/.vitepress/config.ts +++ b/docs/.vitepress/config.ts @@ -124,6 +124,14 @@ export default defineConfig({ ] } ], + "/deploy/":[ + { + text: "部署任务", + items: [ + { text: "部署到ESXi", link: "/deploy/ESXi/index.md" }, + ] + } + ], "/comm/": [ { text: "商业版", diff --git a/docs/deploy/ESXi/images/ssh.png b/docs/deploy/ESXi/images/ssh.png new file mode 100644 index 00000000..ecdfea3d Binary files /dev/null and b/docs/deploy/ESXi/images/ssh.png differ diff --git a/docs/deploy/ESXi/index.md b/docs/deploy/ESXi/index.md new file mode 100644 index 00000000..7d041537 --- /dev/null +++ b/docs/deploy/ESXi/index.md @@ -0,0 +1,17 @@ +# 部署证书到ESXi + +使用`部署证书到主机插件`即可 + + +## 开启ssh +登陆ESXi Web后台,点击 主机 -> 操作 -> 服务 -> 启用 Secure Shell(SSH)打开SSH + +## 添加部署到主机任务 + +![img.png](./images/ssh.png) + +## 配置重启脚本 +```bash +/etc/init.d/hostd restart +/etc/init.d/vpxa restart +``` diff --git a/packages/plugins/plugin-lib/src/ssh/ssh-access.ts b/packages/plugins/plugin-lib/src/ssh/ssh-access.ts index 228bd1e0..0c759de1 100644 --- a/packages/plugins/plugin-lib/src/ssh/ssh-access.ts +++ b/packages/plugins/plugin-lib/src/ssh/ssh-access.ts @@ -1,5 +1,6 @@ import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline"; import { ConnectConfig } from "ssh2"; +import { SshClient } from "./ssh.js"; @IsAccess({ name: "ssh", @@ -101,6 +102,37 @@ export class SshAccess extends BaseAccess implements ConnectConfig { }, }) encoding: string; + + @AccessInput({ + title: "测试", + component: { + name: "api-test", + type: "access", + typeName: "ssh", + action: "TestRequest", + }, + mergeScript: ` + return { + component:{ + form: ctx.compute(({form})=>{ + return form + }) + }, + } + `, + helper: "点击测试", + }) + testRequest = true; + + async onTestRequest() { + const client = new SshClient(this.ctx.logger); + + await client.exec({ + connectConf: this, + script: "echo hello", + }); + return "ok"; + } } new SshAccess(); diff --git a/packages/plugins/plugin-lib/src/ssh/ssh.ts b/packages/plugins/plugin-lib/src/ssh/ssh.ts index 40930de0..34e678c9 100644 --- a/packages/plugins/plugin-lib/src/ssh/ssh.ts +++ b/packages/plugins/plugin-lib/src/ssh/ssh.ts @@ -1,5 +1,7 @@ // @ts-ignore import ssh2, { ConnectConfig, ExecOptions } from "ssh2"; + +import ssh2Constants from "ssh2/lib/protocol/constants.js"; import path from "path"; import * as _ from "lodash-es"; import { ILogger } from "@certd/basic"; @@ -50,6 +52,8 @@ export class AsyncSsh2Client { this.logger.info("代理连接成功"); this.connConf.sock = info.socket; } + + const { SUPPORTED_KEX, SUPPORTED_SERVER_HOST_KEY, SUPPORTED_CIPHER, SUPPORTED_MAC } = ssh2Constants; return new Promise((resolve, reject) => { try { const conn = new ssh2.Client(); @@ -63,15 +67,23 @@ export class AsyncSsh2Client { this.conn = conn; resolve(this.conn); }) + .on("keyboard-interactive", (name, descr, lang, prompts, finish) => { + // For illustration purposes only! It's not safe to do this! + // You can read it from process.stdin or whatever else... + const password = this.connConf.password; + return finish([password]); + + // And remember, server may trigger this event multiple times + // and for different purposes (not only auth) + }) .connect({ ...this.connConf, + tryKeyboard: true, algorithms: { - kex: [ - "ecdh-sha2-nistp256", - "diffie-hellman-group1-sha1", - "diffie-hellman-group14-sha1", // 示例:添加服务器支持的旧算法 - "diffie-hellman-group-exchange-sha256", - ], + serverHostKey: SUPPORTED_SERVER_HOST_KEY, + cipher: SUPPORTED_CIPHER, + hmac: SUPPORTED_MAC, + kex: SUPPORTED_KEX, }, }); } catch (e) {