问题
如何使用 SSH 密钥身份验证连接到 CH Cloud 服务?
回答
1) 使用 ssh-keygen 创建密钥对。示例
➜ new ssh-keygen \
-t ed25519 \
> -f /Users/testuser/.ssh/ch_key
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/testuser/.ssh/ch_key
Your public key has been saved in /Users/testuser/.ssh/ch_key.pub
.....
2) 使用公钥 (ch_key.pub,如上例所示) 创建用户。
clickhouse-cloud :) CREATE USER abcuser IDENTIFIED WITH ssh_key BY KEY 'AAAABBBcdE1lZDI1NTE5AAAAIISdl4CrGM8mckXBUXLjL3ef9XwnycDWEvBPu3toB40m' TYPE 'ssh-ed25519';
CREATE USER abcuser IDENTIFIED WITH ssh_key BY KEY AAAABBBcdE1lZDI1NTE5AAAAIISdl4CrGM8mckXBUXLjL3ef9XwnycDWEvBPu3toB40m TYPE `ssh-ed25519`
Query id: 34c6aad6-5f88-4c80-af7a-7d37c91ba7d5
Ok.
3) 运行 SHOW users
以确认用户创建。
4) 向用户授予 default_role(可选)。
clickhouse-cloud :) grant default_role to abcuser;
GRANT default_role TO abcuser
Query id: 4a054003-220a-4dea-8e8d-eb1f08ee7b10
Ok.
0 rows in set. Elapsed: 0.137 sec.
5) 现在使用私钥对服务进行身份验证。
➜ new ./clickhouse client --host myhost.us-central1.gcp.clickhouse.cloud --secure --user abcuser --ssh-key-file '/Users/testuser/.ssh/ch_key'
ClickHouse client version 23.12.1.863 (official build).
Enter your private key passphrase (leave empty for no passphrase):
Connecting to myhost.us-central1.gcp.clickhouse.cloud:9440 as user abcuser.
Connected to ClickHouse server version 23.9.2.
clickhouse-cloud :) select currentUser();
SELECT currentUser()
Query id: d4b6bb60-ef45-47d3-8740-db9f2941dcd2
┌─currentUser()─┐
│ abcuser │
└───────────────┘
1 row in set. Elapsed: 0.001 sec.
clickhouse-cloud :)