Users authentication

(Daniel Ruiz Molina) #1


I need to create 50 users that will connect to OpenNebula using Sunstone interface. However, they need to be able to connect using SSH through ONE server terminal because they want to connect in terminal mode.
I have a question:
if I create them using Sunstone and “core” authentication method, they won’t be able to connect to server using SSH, right? So I need to create them in both places: into Sustone interface with “core” authentication and in linux system (adduser)… Or am I wrong?

Because if I don’t create them in linux system, what is the purpose of their public key? How can they connect to their instance in first boot (previously root password has been changed)?


(Ruben S. Montero) #2

You don’t need to create an account to each user, as long as they have access to the API endpoint. In oned.conf you can expose this API and use the terminal tools to connect to there (e.g. setting ONE_XMLRPC)

(Daniel Ruiz Molina) #3

but these terminal tools are system linux tools like “ssh” and similar? or are they a OpenNebula CLI tools only for that purposes?

(Daniel Ruiz Molina) #4

After reading these documents:

I haven’t understood if I’m able to get a user for login into Sunstone interface but not creating him into OpenNebula, but creating into authentication linux system (adduser)…
If I create 50 users into Sunstone I would like to be able to allow them connecting from their remote PC to my server using SSH but ALSO Sunstone. I know I can solve this problem creating them into Sunstone and doing 50 “adduser” in my linux server, but is there a way for only create them in one scenario but allowing login in other one (creating in Sunstone and allowing in SSH or creating in system and allowing login in Sunstone)


(Daniel Ruiz Molina) #5

I think if I create users with “ssh” authentication, that users can’t login into Sunstone, but they only can use OpenNebula with Command-Line-Interface (CLI).
What I would like to get is allowing authentication in both Sunstone and ssh with the same users (not duplicate).