본문 바로가기

리눅스

[리눅스] SSH Key 배포(ssh 키 교환)

728x90

SSH Key 배포(ssh 키 교환) 

[server 작업 : ssh key 생성]

ssh-keygen -t rsa

ssh-keygen 사용법 

usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                  [-N new_passphrase] [-C comment] [-f output_keyfile]
       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
       ssh-keygen -i [-m key_format] [-f input_keyfile]
       ssh-keygen -e [-m key_format] [-f input_keyfile]
       ssh-keygen -y [-f input_keyfile]
       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
       ssh-keygen -B [-f input_keyfile]
       ssh-keygen -D pkcs11
       ssh-keygen -F hostname [-f known_hosts_file] [-l]
       ssh-keygen -H [-f known_hosts_file]
       ssh-keygen -R hostname [-f known_hosts_file]
       ssh-keygen -r hostname [-f input_keyfile] [-g]
       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
                  [-j start_line] [-K checkpt] [-W generator]
       ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
                  [-O option] [-V validity_interval] [-z serial_number] file ...
       ssh-keygen -L [-f input_keyfile]
       ssh-keygen -A
       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
                  file ...
       ssh-keygen -Q -f krl_file file ...
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YGLwjAT0CEmsKssvyCQlKIL3Klh9BVlyae6h6tDNj6U user1@test7
The key's randomart image is:
+---[RSA 2048]----+
|*=o   .oo.       |
|ooo=  ooo        |
|+...= o+         |
|B o. o .+        |
|++ o   +S.       |
|+...ooo .        |
|Oo...oo .        |
|=+...  =         |
| .oo. E .        |
+----[SHA256]-----+

[server 작업 : ssh key 배포](public key 복사)

ssh-copy-id 사용법

Usage: /bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
	-f: force mode -- copy keys without trying to check if they are already installed
	-n: dry run    -- no keys are actually copied
	-h|-?: print this help
ssh-copy-id user1@10.1.1.14
$ ssh-copy-id user1@10.1.1.14
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user1/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warnning!!
This system is for the use of authorized users only.
user1@10.1.1.14's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user1@10.1.1.14'"
and check to make sure that only the key(s) you wanted were added.

** .ssh 디렉터리 안에 authorized_keys 파일에 키가 생성됨

 

또는 [client 작업 : .ssh 디렉토리 생성]

mkdir -m 700 /home/user1/.ssh

[server 작업 : ssh key 배포](public key 복사)

scp id_rsa.pub user1@10.1.1.15:~/.ssh/authorized_keys
scp id_rsa.pub user1@10.1.1.16:~/.ssh/authorized_keys

[server 작업 : 패스워드 없이 원격 서버에게 명령어 전송]

$ ssh user1@10.1.1.14 free -m

$ ssh user1@10.1.1.14 free -m
              total        used        free      shared  buff/cache   available
Mem:           7.6G        467M        5.8G        123M        1.4G        6.7G
Swap:          8.0G         32M        8.0G

 

 

 

728x90