CN113938474B - Virtual machine access method and device, electronic equipment and storage medium - Google Patents
Virtual machine access method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113938474B CN113938474B CN202111193005.7A CN202111193005A CN113938474B CN 113938474 B CN113938474 B CN 113938474B CN 202111193005 A CN202111193005 A CN 202111193005A CN 113938474 B CN113938474 B CN 113938474B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- host
- proxy server
- access
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000003860 storage Methods 0.000 title claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims description 46
- 238000004590 computer program Methods 0.000 claims description 18
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 12
- 239000000284 extract Substances 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005641 tunneling Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a virtual machine access method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine; creating an ssh tunnel of the host corresponding to the host address information; returning access address information of the proxy server to the cloud platform terminal so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel; the data stream of the virtual machine is transmitted by using the ssh tunnel, and the vnc ports of the virtual machine are determined before the data stream transmission is carried out by the ssh tunnel, so that the opening of the vnc ports of all the virtual machines can be avoided, and the access security of the virtual machine is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of networks, in particular to a virtual machine access method, a virtual machine access device, electronic equipment and a storage medium.
Background
The out-of-band management method of the virtual machine refers to that the virtual machine is opened by a console (control console) of a host machine instead of a network of the virtual machine, so that the virtual machine can be controlled by a web mode even if the network of the virtual machine is not enabled. Common access network control implementation of the cloud platform, such as openstack open source project, is implemented by combining websocket protocol proxy forwarding vnc (Virtual Network console ) link based on noVNC front ends.
However, in the current access network control implementation, the host of the virtual machine needs to open the vnc listening ports of all the virtual machines, while the vnc ports of the virtual machine are not fixed within a certain range, and a certain security risk exists in the wide-range open ports.
Disclosure of Invention
The embodiment of the invention provides a virtual machine access method, which aims to solve the problem of low virtual machine access security in the prior art.
Correspondingly, the embodiment of the invention also provides a virtual machine access device which is used for guaranteeing the implementation and application of the method.
In order to solve the above problems, an embodiment of the present invention discloses a virtual machine access method, which is applied to a proxy server, and the method includes:
Receiving a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
Creating an ssh tunnel of the host corresponding to the host address information;
And returning access address information of the proxy server to the cloud platform terminal so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel.
Optionally, the first request information further includes virtual machine address information of a virtual machine, and the creating the ssh tunnel of the host corresponding to the host address information includes:
Randomly selecting an unused proxy server port of the proxy server;
And creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel.
Optionally, the first request information further includes a first user identifier, the host address information includes a host domain name of a host of the virtual machine, an ip address of the host of the virtual machine, and the virtual machine address information includes a universal unique identifier of the virtual machine and the ip address of the virtual machine.
Optionally, after the access address information of the proxy server is returned to the cloud platform terminal, the method further includes:
randomly generating a first identity mark, combining the first identity mark with the first request information into identity verification information, and storing the identity verification information in a cache;
Returning the access address information carrying the identity verification information to the cloud platform terminal;
Receiving a second access request sent by the cloud platform terminal aiming at the access address information, wherein the second access request comprises a second identity and a second user identity;
When the second identity is the same as the first identity in the identity verification information, acquiring the first user identification from the identity verification information;
and when the second user identifier is the same as the first user identifier, establishing a link with the cloud platform terminal.
Optionally, the method further comprises:
And when the second identity is different from the first identity in the identity verification information, or when the second user identity is different from the first user identity, returning error prompt information to the cloud platform terminal.
Optionally, after the link is established with the cloud platform terminal, the method further includes:
Receiving data sent by the cloud platform terminal;
forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel.
Optionally, after the creating the ssh tunnel of the host corresponding to the host address information, the method further includes:
Detecting the link state between the proxy server port and the virtual machine at preset interval time;
And when the link state between the proxy server port and the virtual machine is in a disconnected state, destroying the ssh tunnel, and clearing the identity verification information from the cache.
The embodiment of the invention also discloses a virtual machine access device which is applied to the proxy server, and the device comprises:
The access request receiving module is used for receiving a first access request of the cloud platform terminal to the virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
the ssh tunnel creation module is used for creating the ssh tunnel of the host corresponding to the host address information;
And the access address information return module is used for returning the access address information of the proxy server to the cloud platform terminal so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel.
Optionally, the ssh tunnel creation module is configured to randomly select an unused proxy server port of the proxy server; and creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel.
Optionally, the first request information further includes a first user identifier, the host address information includes a host domain name of a host of the virtual machine, an ip address of the host of the virtual machine, and the virtual machine address information includes a universal unique identifier of the virtual machine and the ip address of the virtual machine.
Optionally, the link establishment module is configured to randomly generate a first identity identifier, combine the first identity identifier with the first request information to form authentication information, and store the authentication information in a cache; returning the access address information carrying the identity verification information to the cloud platform terminal; receiving a second access request sent by the cloud platform terminal aiming at the access address information, wherein the second access request comprises a second identity and a second user identity; when the second identity is the same as the first identity in the identity verification information, acquiring the first user identification from the identity verification information; and when the second user identifier is the same as the first user identifier, establishing a link with the cloud platform terminal.
Optionally, the link establishment module is configured to return an error prompt message to the cloud platform terminal when the second identity identifier is different from the first identity identifier in the authentication information or when the second user identifier is different from the first user identifier.
Optionally, the data transmission module is used for receiving the data sent by the cloud platform terminal; forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel.
Optionally, a link state detection module is configured to detect a link state between the proxy server port and the virtual machine at a preset interval time; and when the link state between the proxy server port and the virtual machine is in a disconnected state, destroying the ssh tunnel, and clearing the identity verification information from the cache.
The embodiment of the invention discloses an electronic device, which comprises a processor, a memory and a computer program stored on the memory and capable of running on the processor, wherein the computer program realizes the steps of the virtual machine access method when being executed by the processor.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the computer program realizes the steps of the virtual machine access method when being executed by a processor.
The embodiment of the invention has the following advantages:
In the embodiment of the invention, a first access request of the cloud platform terminal to the virtual machine is received, and the ssh tunnel of the host machine corresponding to the host machine address information in the first access request is created, so that after the access address information of the proxy server is returned to the cloud platform terminal, the cloud platform terminal can access the proxy server through the access address information, and the proxy server can access the virtual machine of the host machine through the ssh tunnel. According to the embodiment of the invention, the data stream of the virtual machine is transmitted in a ssh tunnel mode, and the vnc ports of the virtual machine are determined before the data stream transmission is carried out by the ssh tunnel, so that the opening of the vnc ports of all the virtual machines can be avoided, and the access security of the virtual machine is improved.
Drawings
FIG. 1 is a schematic flow diagram of an openstack using a network control;
FIG. 2 is a flow chart of steps of an embodiment of a virtual machine access method of the present invention;
FIG. 3 is a schematic diagram of the present invention for creating ssh tunnels;
FIG. 4 is a schematic flow diagram of virtual machine access in accordance with the present invention;
fig. 5 is a block diagram illustrating an embodiment of a virtual machine access apparatus according to the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Common access network control implementation of the cloud platform, such as openstack open source project, is realized by forwarding vnc links based on noVNC front ends and combining websocket protocol agents.
NoVNC is a front-end implementation of a vnc protocol, and a websocket protocol is used to transmit a data stream of vnc to a browser of a user in a Web (World Wide Web) mode, and an openstack cloud platform encapsulates and generates a uuid upper management mode based on the above technology to provide access to a control service for the user. websocket is a protocol for full duplex communication on a single tcp connection, so that data exchange between a client and a server becomes simpler, the server is allowed to actively push data to the client, and a persistent connection can be directly established between the client and the server, and bidirectional data transmission is performed.
Referring to fig. 1, a schematic flow chart of an openstack using a network control is shown, specifically including the following steps:
step 1, a user connects to VNC CLIENT (client) of the virtual machine from a browser;
Step 2, the browser sends a request to the nova-api, requiring to return url (Unifor m Resource Locator ) of the access vnc;
an api (Application Programming Interface, application program interface) is a predefined interface (e.g., function, HTTP interface) or a convention that refers to the joining of different components of a software system. To provide a set of routines that applications and developers can access based on certain software or hardware without having to access source code or understand the details of the internal operating mechanisms.
The nova-api is the only way to access and use various services provided by nova, and serves as an intermediate layer between the client and the nova, and plays a role of a bridge or an intermediate person, and the nova-api transmits a request of the client to the nova, and returns a processing result to the client after the nova processes the request.
Step 3, nova-api calls get vncconsole (get vnc console) method of nova-computer, which requires to return the information of connection vnc;
nova-computer is an entry to manage and configure virtual machines for creating and managing virtual machines; as a service for directly operating the virtual machine, it receives a request and then completes the request by integrating operations of libvirt, openvswitch/bridge, rbd/iscsi, and the like.
The method get vncconsole (get vnc console) is called and the information of the current vnc console can be obtained.
Step 4, nova-computer calls get vncconsole functions of libvirt;
libvirt is an api for managing the open source of a virtualized platform, a daemon and management tools, providing a convenient way to manage a collection of virtual machines and other virtualized functions' software, such as storage and network interface management.
Step 5, libvirt obtains VNC SERVER (server) information by analyzing the virtual machine running/etc/libvirt/qemu/instance-00000011. Xml file;
The VNCSERVER information includes host (host/host) information, port (port) information, etc. of the virtual machine, and after obtaining the information, the host of the virtual machine can be determined, and communication can be performed through the port.
Step 6, libvirt returns the information such as host, port and the like to nova-computer in json (JavaScript Object Notation, JS object numbered musical notation) format;
step 7, randomly generating a uuid as a token by nova-computer;
uuid (Universally Unique Identifier, universal unique identification code), which is a 128-bit value that can be calculated by a certain algorithm. To increase efficiency, the usual uuid can be shortened to 16 bits. uuid is used to identify the attribute type, and is considered a unique identification in all spaces and times. In general, it can be guaranteed that any uuid generated anywhere where this value is truly unique will not have the same value.
Token (computer authentication token), representing the right to perform certain operations, is checked before performing the operations or data transfer, and authorization is obtained only if the token is verified.
Step 8, the nova-computer synthesizes the information returned by libvirt into connection_info (connection information) and returns the connection information to the nova-api;
step 9, the nova-api calls authorize _control function of nova-consoleauth;
Step 10 (A), nova-consoleauth will cache the information of instance > token, token- > connect_info;
wherein nova-consoleauth and authorize _control are interfaces or functions that are self-contained in openstack.
Step 11 (B), the nova-api returns the access url (access database url) information in the connect_info to the browser:
http://192.168.150.10:6080/vnc_auto.htmltoken=7efaee3f-eada-4731-a87c-e173cbd25e98&title=serverA%289169fdb2-5b74-46b1-9803-60d2926bd97c%29
Step 12 (C), the browser will attempt to open the link;
step 13 (D), the link will send a request to nova-novncproxy;
Step 14 (E), nova-novncproxy calling the check_token function of nova-consoleauth;
nova-consoleauth, providing token verification, and maintaining the mapping between the token and the ip address and port number.
Nova-novncproxy an opentack self-contained interface or function, supporting browser-based vnc clients, typically deployed with nova-api.
The check_token function is used for verifying the token and returning a verification result.
Step 15 (F), nova-consoleauth verifies the token and returns the connect_info corresponding to the instance to nova-novncproxy;
Step 16 (G), nova-novncproxy connects VNCSERVER on the nova-computer node through the information of host, port and the like in the connect_info, so as to start the operation of the console agent, i.e. establish a connection with the virtual machine, and transmit data through websocket protocol to operate the virtual machine console.
According to the method, the host machines of the virtual machines need to open the vnc monitoring ports of all the virtual machines, the vnc ports of the virtual machines are non-fixed within a certain range, a certain security risk exists in the case that the large-range ports are opened, the generated uuid is used as a token to be explicitly existing in url, and other cloud platforms such as openstack simply check whether the token exists or not and do not authenticate, so that only returned url is sent to anyone, a con of the virtual machines can be opened, the root authority can be directly used, the uuid cannot be used for cleaning the token immediately after the uuid is used up, the risk of leakage exists, and the security is not high.
Aiming at the problems, the embodiment of the invention provides a virtual machine access method, which uses a ssh tunnel mode to transmit the data stream of the virtual machine, and because the ssh tunnel already determines the vnc ports of the virtual machine before the data stream transmission is carried out, the opening of the vnc ports of all the virtual machines can be avoided, and the security of the virtual machine access is improved.
Referring to fig. 2, a flowchart illustrating steps of an embodiment of a virtual machine access method of the present invention, applied to a proxy server, may include the steps of:
Step 201, receiving a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
The cloud platform terminal can be terminal equipment used by a user, the terminal equipment can be a terminal capable of accessing the cloud platform through a mobile phone, a tablet personal computer, a computer and the like, and the user can access the cloud platform through a browser, a webpage, a front end of the cloud platform and the like.
The first request information further comprises a first user identifier, the host address information comprises a host domain name of a host of the virtual machine and an ip address of the host of the virtual machine, and the virtual machine address information comprises a universal unique identification code of the virtual machine and the ip address of the virtual machine.
Wherein, the user identification can be a user name, a user number or other marks which can distinguish and determine the identity of the user; domain Name (Name), which is the Name of a computer or group of computers on the Internet consisting of a string of names separated by dots, used to identify the electronic orientation (sometimes also referred to as geographic location) of the computer during data transmission; the IP address (Internet Protocol Address) is used to determine each host on the Internet, which is a unique identification of each host. An IP address consists of 32 binary digits, typically divided into 4 segments of 8 bits (1 byte) each, and is represented as follows: the value range of each segment (aaa, bbb, ccc or ddd) of aaa.bbb.ccc.ddd is 0-255, and the segments are separated by dots.
In a specific implementation, a user may access a console of a virtual machine through a cloud platform terminal, and may carry request information when sending an access request to a proxy server, where the request information may include host address information of a host of a target virtual machine. After receiving the access request, the proxy server may extract the request information from the access request, for example, after extracting the host address information, the host where the target virtual machine is located may be determined according to the host address information.
One example is that the cloud platform forwards the request to the vnc proxy server, needs to bring up the url parameter usernames (user names of users applying access to virtual machines confole), hostname (host machine where the virtual machine to be accessed is located, which may be host domain name or ip address), uuid (uuid of virtual machine), vmip (ip address of virtual machine), url instance such as :/vncUsername=<username>&hostname=<hostname>&uuid=<uuid>&vmip=<vmip>.
Step 202, creating an ssh tunnel of the host corresponding to the host address information;
ssh (secure shell protocol), which is a security protocol based on an application layer. ssh is a relatively reliable protocol that provides security specifically for telnet sessions and other network services. The ssh protocol can be utilized to effectively prevent the information leakage problem in the remote management process.
Tunnel (tunneling) is a technique of encapsulating one network protocol into another for transmission, essentially port forwarding, capable of forwarding network data of other tcp ports through ssh links, and automatically providing corresponding encryption and decryption services, where ssh tunnels are usually bound to a local port, and all packets destined for this port are encrypted and transparently transmitted to the remote system.
In a specific implementation, after receiving the request, the proxy server may extract the hostname of the host of the virtual machine from the request information, then randomly extract an unused port from the local area, and create the ssh tunnel link with the host.
And 203, returning access address information of the proxy server to the cloud platform terminal, so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel.
After the ssh tunnel is established with the host machine of the virtual machine, the proxy server can generate an access address and return the access address to the cloud platform terminal, wherein the access address information can contain verification information for verifying the user. After receiving the access address, the cloud platform terminal can jump to access the address. When the cloud platform terminal is accessed, the information to be verified corresponding to the verification information in the access address information can be carried on for verification by the proxy server. After the verification is passed, the user can access the virtual machine through the ssh tunnel between the proxy server and the host machine of the virtual machine at the cloud platform terminal.
In the embodiment of the invention, a first access request of the cloud platform terminal to the virtual machine is received, and the ssh tunnel of the host machine corresponding to the host machine address information in the first access request is created, so that after the access address information of the proxy server is returned to the cloud platform terminal, the cloud platform terminal can access the proxy server through the access address information, and the proxy server can access the virtual machine of the host machine through the ssh tunnel. According to the embodiment of the invention, the data stream of the virtual machine is transmitted in a ssh tunnel mode, and the vnc ports of the virtual machine are determined before the data stream transmission is carried out by the ssh tunnel, so that the opening of the vnc ports of all the virtual machines can be avoided, and the access security of the virtual machine is improved.
In an exemplary embodiment, the first request information further includes virtual machine address information of a virtual machine, and the creating the ssh tunnel of the host corresponding to the host address information in step 202 includes:
Randomly selecting an unused proxy server port of the proxy server;
And creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel.
Ssh tunneling, or ssh port forwarding, is a method of creating encrypted ssh connections between a client and a server machine. The data can realize the encryption effect by means of the ssh tunnel, and the safety of communication between the server and the client can be improved by means of the ssh tunnel.
Referring to FIG. 3, a schematic diagram of creating a ssh tunnel for one virtual machine access embodiment of the present invention is shown;
As shown in fig. 3, after receiving the request, the proxy server may extract the hostname of the host of the virtual machine from the request information, then randomly extract an unused port from the local, and create an ssh tunnel link with the host, and vnc listens to the hostname and the randomly extracted local port, so as to access "127.0.0.1 locally: in the case of random port ", the vnc port of the target virtual machine can be reached through the tunnel.
In the embodiment of the invention, the unused proxy server port of the proxy server is selected randomly; creating an ssh tunnel of the host machine corresponding to the proxy server port and the host machine address information, so that the proxy server port is connected with a virtual machine port of the virtual machine corresponding to the host machine address information through the ssh tunnel, and communication between the proxy server and the host machine can be encrypted through the ssh tunnel, so that the safety of communication is improved.
In order to make it easier for those skilled in the art to understand the virtual machine access method of the present invention, the following description is provided in detail with reference to fig. 4, where the steps in the drawing are simplified, and the details do not conflict with the following description.
Referring to fig. 4, a flow chart of a virtual machine access embodiment of the present invention is shown, which may specifically include the following steps:
step 401, receiving a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
step 402, creating an ssh tunnel of the host corresponding to the host address information;
step 403, randomly generating a first identity identifier, combining the first identity identifier and the first request information into identity verification information, and storing the identity verification information in a cache;
the first identity identifier may be a token, a uuid generated randomly may be used as the token, or other unique verification methods may be used as the token, which is not limited in this aspect of the present invention.
In a specific implementation, the proxy server may generate a random token, and the random token and the user identifier may be a user name (username), a uuid, vmip of a virtual machine, a host domain name or an ip address (hostname) of a host of the virtual machine, and a randomly selected port are combined into authentication information to be cached, and one possible caching format is as follows with the token as a key:
{token:{"username":<username>,"uuid":<uuid>,"vmip":<vmip>,"hostname":<hostname>,"port":< Random port > }
The cached authentication information can take a token as a key, that is, one token corresponds to a group of authentication information, the token can be verified a priori when the authentication is performed, when the authentication information corresponding to the token exists, the token can acquire the corresponding authentication information, and one or more pieces of information to be authenticated are selected from the corresponding authentication information to be authenticated.
Step 404, returning the access address information carrying the identity verification information to the cloud platform terminal;
After receiving the access request sent by the cloud platform terminal, the proxy server needs to return an access address (url) to the cloud platform terminal, so that the cloud platform terminal can be connected with the proxy server through the access address, and then is connected and communicated with the target virtual machine.
The proxy server can combine the identity verification information and the access address into access address information, and then return the access address information to the cloud platform terminal, so that when the cloud platform terminal jumps to open the access address, the proxy server carries corresponding verification information for verification. A combination of access address information may be: "/vnc_lite htmltken= < token >", where "/vnc_lite.html" is an access address, "token= < token >" is authentication information.
Step 405, receiving a second access request sent by the cloud platform terminal aiming at the access address information, wherein the second access request comprises a second identity and a second user identity;
After receiving the access address returned by the proxy server, the cloud platform terminal automatically jumps to open the link, sends a second access request to the proxy server, and brings authentication information of the cloud platform terminal in the access request, wherein the authentication information can comprise an identity identifier and a user identifier. Of course, the authentication information may also include other information, specifically, information corresponding to the access address information returned by the proxy server. Specifically, authentication information is attached to the headers of the request, headers is a header parsing file in the http request, and basic information of the http access request is stored. The proxy server can compare the second user identifier which is analyzed according to the authentication information in headers with the cached first user identifier, and establish a link after the comparison is passed, otherwise return error prompt information.
Step 406, when the second identity is the same as the first identity in the authentication information, acquiring the first user identifier from the authentication information; when the second user identifier is the same as the first user identifier, a link is established with the cloud platform terminal; when the second identity is different from the first identity in the identity verification information, or when the second user identity is different from the first user identity, returning error prompt information to the cloud platform terminal;
After receiving the second access request of the cloud platform terminal, the proxy server can extract the carried authentication information from the second access request, for example, the authentication information can be a second identity and a second user identity. Wherein the second identity may actually be extracted from the access address information, i.e. the same as the first identity of the authentication information in the proxy server cache. Because the identity is a unique identification code generated randomly, the second identity is verified, and the access address returned by the proxy server can be prevented from being tampered.
In the specific implementation, the proxy server firstly verifies the identity, extracts the second identity from the second request, compares the second identity with the first identity in the cache, and returns error information to the cloud platform terminal if the first identity corresponding to the second identity is not found in the cache. And if the first identity corresponding to the second identity is found in the cache, acquiring the identity verification information corresponding to the first identity.
One example is that the access address information returned by the proxy server is "/vnc_lite.html1234= < authentication information a >", where "1234" is the identity, and "< authentication information a >" is the authentication information corresponding to the identity; when verifying the information, if the second identity is '1234', the identity which is the same as the second identity can be searched from the cache, and then the corresponding 'identity verification information A >' is obtained; otherwise, the access address information or the second identity mark is possibly tampered, and error prompt information is returned.
When the identity authentication is passed and the corresponding identity authentication information is obtained, whether the second access request comes from the same user as the first access request can be further verified, and other people can be prevented from accessing the virtual machine due to the leakage of the access address. The user name (username) in the second access request may be verified, or other information in the authentication information may be verified.
One example is that the authentication information corresponding to identity "1234" is {1234:{"username":<Tony>,"uuid":<uuid>,"vmip":<vmip>,"hostname":<hostname>,"port":< random port > }; the usernames in the first request can be obtained as verification basis, the user identifier in the second request is assumed to be a user name, and if the user name is 'Tony', the user name is the user applying for accessing the virtual machine in the first access request, and verification is passed; and if the user name is inconsistent with the user name in the identity verification information, returning error prompt information.
When the authentication is passed, the proxy server can establish a link with the cloud platform terminal, and the established link can be a websocket link.
Step 407, receiving data sent by the cloud platform terminal; forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel;
After the proxy server establishes a link with the cloud platform terminal, the data can be forwarded to a proxy server port, and the port actually establishes a link with a vnc port of a corresponding virtual machine on the host machine through the ssh tunnel, so that the data forwarding is realized, and a user can normally open webconsole of the virtual machine through the cloud platform terminal, so that the safe access to the virtual machine is realized.
Step 408, detecting a link state between the proxy server port and the virtual machine at a preset interval time;
And when the link state between the proxy server port and the virtual machine is in a disconnected state, destroying the ssh tunnel, and clearing the identity verification information from the cache.
After the proxy server establishes a link with a host machine of the virtual machine, automatically starting a subprocess to detect whether the link is active or not at preset time intervals, namely whether a sending request or data transmission exists or not; if the time interval is set to 60 seconds, the state of the link is detected every 60 seconds.
When the cloud platform terminal is disconnected, the subprocess detects that the link between the proxy server port and the virtual machine does not have data transmission, then the created ssh tunnel is destroyed, the resources of the ssh tunnel are recovered, and the identity verification information in the cache is cleared, so that the identity verification information is ensured to be effective in one-time link only.
In the embodiment of the invention, the data flow of the virtual machine is opened by using the ssh tunnel, and the virtual machine only needs to monitor the address of 127.0.0.1 because the ssh tunnel determines the vnc ports of the virtual machine before the data flow transmission, so that the opening of the vnc ports of all the virtual machines can be avoided, and the proxy server selects the ports locally; the access request is authenticated, so that the access address can be used only by the applicant, the risk of leakage of the access address is avoided, the identity verification information is automatically cleared after the link is disconnected because the access address carries the identity verification information, the access address information is ensured to be used only once, the resources are recycled, the system resources are saved, and the security of virtual machine access is improved.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Referring to fig. 5, a block diagram of an embodiment of a virtual machine access device according to the present invention is shown, where the embodiment of the present invention may specifically include the following modules:
The access request receiving module 501 is configured to receive a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
A ssh tunnel creation module 502, configured to create a ssh tunnel of the host corresponding to the host address information;
And the access address information returning module 503 is configured to return access address information of the proxy server to the cloud platform terminal, so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel.
In an exemplary embodiment, the ssh tunnel creation module 502 is configured to randomly select an unused proxy port of the proxy server; and creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel.
In an exemplary embodiment, the first request information further includes a first user identifier, the host address information includes a host domain name of a host of the virtual machine, an ip address of the host of the virtual machine, and the virtual machine address information includes a universally unique identification code of the virtual machine and the ip address of the virtual machine.
In an exemplary embodiment, the link establishment module is configured to randomly generate a first identity identifier, combine the first identity identifier with the first request information to form authentication information, and store the authentication information in a cache; returning the access address information carrying the identity verification information to the cloud platform terminal; receiving a second access request sent by the cloud platform terminal aiming at the access address information, wherein the second access request comprises a second identity and a second user identity; when the second identity is the same as the first identity in the identity verification information, acquiring the first user identification from the identity verification information; and when the second user identifier is the same as the first user identifier, establishing a link with the cloud platform terminal.
In an exemplary embodiment, the link establishment module is configured to return an error prompt message to the cloud platform terminal when the second identity is different from the first identity in the authentication information, or when the second user identity is different from the first user identity.
In an exemplary embodiment, the data transmission module is configured to, when receiving data sent by the cloud platform terminal; forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel.
In an exemplary embodiment, a link state detection module is configured to detect a link state between the proxy port and the virtual machine at a preset interval time; and when the link state between the proxy server port and the virtual machine is in a disconnected state, destroying the ssh tunnel, and clearing the identity verification information from the cache.
In summary, in the embodiment of the present invention, a first access request of a cloud platform terminal to a virtual machine is received, and an ssh tunnel of a host machine corresponding to host machine address information in the first access request is created, so that after access address information of a proxy server is returned to the cloud platform terminal, the cloud platform terminal can access the proxy server through the access address information, and then the proxy server accesses the virtual machine of the host machine through the ssh tunnel. According to the embodiment of the invention, the data stream of the virtual machine is transmitted in a ssh tunnel mode, and the vnc ports of the virtual machine are determined before the data stream transmission is carried out by the ssh tunnel, so that the opening of the vnc ports of all the virtual machines can be avoided, and the access security of the virtual machine is improved.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
The embodiment of the invention discloses an electronic device, which comprises a processor, a memory and a computer program stored on the memory and capable of running on the processor, wherein the computer program realizes the steps in the embodiment of the virtual machine access method when being executed by the processor.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the computer program realizes the steps in the virtual machine access method embodiment when being executed by a processor.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.
The above description of the virtual machine access method, the virtual machine access device, the electronic device and the storage medium provided by the present invention applies specific examples to illustrate the principles and embodiments of the present invention, and the above description of the examples is only used to help understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (8)
1. A virtual machine access method, applied to a proxy server, comprising:
Receiving a first access request of a cloud platform terminal to a virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
creating an ssh tunnel of the host corresponding to the host address information; the ssh tunnel is used for establishing a link with a vnc port of the virtual machine;
returning access address information of the proxy server to the cloud platform terminal so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel;
the first request information further includes virtual machine address information of a virtual machine, and the creating the ssh tunnel of the host machine corresponding to the host machine address information includes:
Randomly selecting an unused proxy server port of the proxy server;
Creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel;
the method further comprises the steps of:
Receiving data sent by the cloud platform terminal;
forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel.
2. The method of claim 1, wherein the first request information further comprises a first user identification, wherein the host address information comprises a host domain name of a host of the virtual machine, an ip address of the host of the virtual machine, and wherein the virtual machine address information comprises a universally unique identification code of the virtual machine and the ip address of the virtual machine.
3. The method according to claim 2, wherein after the returning of the access address information of the proxy server to the cloud platform terminal, the method further comprises:
randomly generating a first identity mark, combining the first identity mark with the first request information into identity verification information, and storing the identity verification information in a cache;
Returning the access address information carrying the identity verification information to the cloud platform terminal;
Receiving a second access request sent by the cloud platform terminal aiming at the access address information, wherein the second access request comprises a second identity and a second user identity;
When the second identity is the same as the first identity in the identity verification information, acquiring the first user identification from the identity verification information;
and when the second user identifier is the same as the first user identifier, establishing a link with the cloud platform terminal.
4. A method according to claim 3, further comprising:
And when the second identity is different from the first identity in the identity verification information, or when the second user identity is different from the first user identity, returning error prompt information to the cloud platform terminal.
5. The method of claim 3, wherein after the creating the ssh tunnel of the host corresponding to the host address information, further comprising:
Detecting the link state between the proxy server port and the virtual machine at preset interval time;
And when the link state between the proxy server port and the virtual machine is in a disconnected state, destroying the ssh tunnel, and clearing the identity verification information from the cache.
6. A virtual machine access apparatus for use with a proxy server, the apparatus comprising:
The access request receiving module is used for receiving a first access request of the cloud platform terminal to the virtual machine; the first access request comprises first request information, wherein the first request information comprises host address information of a host of the virtual machine;
The ssh tunnel creation module is used for creating the ssh tunnel of the host corresponding to the host address information; the ssh tunnel is used for establishing a link with a vnc port of the virtual machine;
The access address information return module is used for returning the access address information of the proxy server to the cloud platform terminal so that the cloud platform terminal accesses the proxy server through the access address information, and the proxy server accesses the virtual machine of the host machine through the ssh tunnel;
The ssh tunnel creation module is further configured to randomly select an unused proxy server port of the proxy server; creating an ssh tunnel of the host machine, corresponding to the host machine address information, of the proxy server port, so that the proxy server port is connected with a virtual machine port of the virtual machine, corresponding to the virtual machine address information of the host machine, through the ssh tunnel;
The apparatus further comprises:
The data transmission module is used for receiving the data sent by the cloud platform terminal; forwarding the data to the proxy port to cause the proxy port to forward the data to the virtual machine port through the ssh tunnel.
7. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the virtual machine access method of any one of claims 1 to 5 when executed by the processor.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the virtual machine access method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111193005.7A CN113938474B (en) | 2021-10-13 | 2021-10-13 | Virtual machine access method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111193005.7A CN113938474B (en) | 2021-10-13 | 2021-10-13 | Virtual machine access method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113938474A CN113938474A (en) | 2022-01-14 |
| CN113938474B true CN113938474B (en) | 2024-05-10 |
Family
ID=79278901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111193005.7A Active CN113938474B (en) | 2021-10-13 | 2021-10-13 | Virtual machine access method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113938474B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117591248B (en) * | 2024-01-18 | 2024-05-03 | 杭州筋斗腾云科技有限公司 | Terminal system processing method based on containerized virtual machine and electronic equipment |
| CN117591246B (en) * | 2024-01-18 | 2024-05-03 | 杭州优云科技股份有限公司 | Method and device for realizing WEB terminal of KVM (keyboard video mouse) virtual machine |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8607067B1 (en) * | 2011-03-01 | 2013-12-10 | Amazon Technologies, Inc. | Techniques for attesting to information |
| CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
| CN106302504A (en) * | 2016-08-31 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Xenserver security-based vnc implementation method |
| CN107193634A (en) * | 2017-05-23 | 2017-09-22 | 郑州云海信息技术有限公司 | The access method and device of a kind of virtual machine |
| CN107634892A (en) * | 2017-09-08 | 2018-01-26 | 郑州云海信息技术有限公司 | A kind of Xenserver realizes the method and device of console based on novnc |
| WO2019237576A1 (en) * | 2018-06-13 | 2019-12-19 | 平安科技(深圳)有限公司 | Method and apparatus for verifying communication performance of virtual machine |
| CN112165532A (en) * | 2020-10-14 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Node access method, device, equipment and computer readable storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2813945A1 (en) * | 2013-06-14 | 2014-12-17 | Tocario GmbH | Method and system for enabling access of a client device to a remote desktop |
| US11900138B2 (en) * | 2020-01-17 | 2024-02-13 | Vmware, Inc. | Remote access control of VM console located in cloud from on-premises computer device |
-
2021
- 2021-10-13 CN CN202111193005.7A patent/CN113938474B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8607067B1 (en) * | 2011-03-01 | 2013-12-10 | Amazon Technologies, Inc. | Techniques for attesting to information |
| CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
| CN106302504A (en) * | 2016-08-31 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Xenserver security-based vnc implementation method |
| CN107193634A (en) * | 2017-05-23 | 2017-09-22 | 郑州云海信息技术有限公司 | The access method and device of a kind of virtual machine |
| CN107634892A (en) * | 2017-09-08 | 2018-01-26 | 郑州云海信息技术有限公司 | A kind of Xenserver realizes the method and device of console based on novnc |
| WO2019237576A1 (en) * | 2018-06-13 | 2019-12-19 | 平安科技(深圳)有限公司 | Method and apparatus for verifying communication performance of virtual machine |
| CN112165532A (en) * | 2020-10-14 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Node access method, device, equipment and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 面向Microsoft Virtual PC的虚拟机远程检测方法;韩玲;蔡皖东;;计算机技术与发展(12);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113938474A (en) | 2022-01-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3142327B1 (en) | Intermediate network entity | |
| CN113938474B (en) | Virtual machine access method and device, electronic equipment and storage medium | |
| US20230247013A1 (en) | User authentication in communication systems | |
| US9882897B2 (en) | Method and system for transmitting and receiving data, method and device for processing message | |
| CN107426339A (en) | A kind of cut-in method, the apparatus and system of data interface channel | |
| CN107172001B (en) | Control method and device of website proxy server and key proxy server | |
| CN103168450B (en) | The method of accesses virtual dedicated network, device and gateway device | |
| CN110601902A (en) | Interactive data processing method and device based on block chain network | |
| EP3442195B1 (en) | Reliable and secure parsing of packets | |
| US20200245136A1 (en) | Method for identifying encrypted data stream, device, storage medium and system | |
| CN110392128A (en) | The quasi- zero-address IPv6 method and system for disclosing web services are provided | |
| CN105722072A (en) | Business authorization method, device, system and router | |
| CN112087412B (en) | Service access processing method and device based on unique token | |
| CN109547281B (en) | Tor network tracing method | |
| JP2010532126A (en) | Network and method for initializing trust center link key | |
| CN114390524A (en) | Method and device for realizing one-key login service | |
| CN112491836B (en) | Communication system, method, device and electronic equipment | |
| CN111404884B (en) | Secure communication method, client and non-public server | |
| CN117354032A (en) | Multiple authentication method based on code server | |
| CN115664738A (en) | Communication method, communication device, electronic device, and computer storage medium | |
| CN105610667B (en) | The method and apparatus for establishing Virtual Private Network channel | |
| CN105554170A (en) | DNS message processing method, device and system | |
| CN112437098A (en) | Data message transmission method and device | |
| CN107066874B (en) | Method and device for interactively verifying information between container systems | |
| CN107528813B (en) | System, method, control server and proxy server for accessing private cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |