SSH 인증키 원격지 서버에 올려서 암호입력 없이 접속하기

SSH 인증키 원격지 서버에 올려서 암호입력 없이 접속하기

백업 또는 서버관리를 위해서 SSH 사용이 아주 빈번하다. RSYNC 또는 SCP, SFTP 같은 유틸로 파일을 백업하고자 할 때,

CRON에 백업스크립트를 등록하여 자동백업 하고자 할 때 비밀번호 입력 없이 파일 업로드가 가능하다면 아주 편리할 것이다.

아래는 백업서버가 1대(conoha) 운영서버 여러대(linode, vultr, etc) 있고 운영서버의 인증키를 백업서버(원격지)에 올리는 방법이다.

▶ Linode SSH 인증키 생성 및 업로드

[root@linode ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

f9:99:30:0e:8d:cc:a1:44:c6:ac:19:6e:67:19:04:5a root@linode.ivps.kr

The key's randomart image is:

+--[ RSA 2048]----+

|  E=+            |

| o.o+            |

|.. +.o.          |

|  =.++ + .       |

| . o. = S        |

|       o + o     |

|        . +      |

|                 |

|                 |

+-----------------+

[root@linode ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.

ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.

root@conoha.ivps.kr's password:

▶ Linode SSH 인증키 생성 및 업로드

[root@vultr ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

d1:22:15:0c:4e:d5:95:19:fd:c6:c8:4f:8b:5b:f8:01 root@vultr.ivps.kr

The key's randomart image is:

+--[ RSA 2048]----+

|      o++o .o=   |

|     o .... o .  |

|      o o .  . + |

|       . o   Eo =|

|        S     ++.|

|             o +.|

|              + .|

|             . . |

|                 |

+-----------------+

[root@vultr ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.

ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.

root@conoha.ivps.kr's password:

▶ Conoha 에서 인증키가 정상적으로 복사되었는지 확인

[root@conoha ~]# cat ~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3P6CFMztEsGJzLjGhoGNomDKAQ5CgnVW5eV79zRWTGdamxHtJLZS1sq5lCk4oFAslhD4fStQguH4TKVrhFhwczK+mIX7iaycUVJshH2QB4Zce4rM+7loacU1WKOjE1LK4twWggH8LsJHkwRqBaZi/9mXYbBsUpsnR1PvBxZ5ub+61jqujD13jgwMS9tlVSLsM9VFrn/+bMEt8bAwSeVCPlY2QroeL7euu/H6CwW4NYGEPXOEnu6k9W5WKSeBo+WjTsLvip/UziJ6+jjs2z+VGeg2iyOXBG6onXAnfa9vaY+gqQ6X5ZL2/5TFP9T1nYNlask2W6FlQhe09OpDDaVA1 root@linode.ivps.kr

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIacorFIiihlSc8fDOrZNab79w7STxi6ubNOAn+BsnBBKawMlWWEb6gzQTC0BTcZUQpm/s3LFQgQGdu5cfdVi+DfmicOQo9N+bjNLv/NHfoCt0yEWmlWDx2iew37Lv1BzrV/w1T2xssx7KVCrRg+NmcUbP0yPegtGsvjR17vpCafam7jxN2TRxo3uk7ah9z8budaKACMeOpF1JhEpMSahmHvweyUXNIpN3dnBnfZIUqwFFh+RnOY3rR2L2W9c0bc6KQSGpl0BavqeGrSNhYNwVYn2tcCGcDCePqrT4mFkG+QPxhpZmNNeNrlRS5NDB9FgBbVCUMuFtI7aD4qW7itI1 root@vultr.ivps.kr

~/.ssh/authorized_keys 파일에 두 서버의 SSH 인증키가 합쳐져 있다.

▶ SSH 접속 테스트

[root@vultr ~]# ssh -p10022 root@conoha.ivps.kr

Last login: Mon May 30 13:06:06 2016 from 107.191.53.38

[root@conoha ~]# exit

logout

Connection to conoha.ivps.kr closed.

[root@vultr ~]#

[root@linode ~]# ssh -p10022 root@conoha.ivps.kr

Last login: Mon May 30 13:08:51 2016 from 107.191.53.38

[root@conoha ~]# exit

logout

Connection to conoha.ivps.kr closed.

[root@linode ~]#

이제 두 서버 모두 암호 입력없이 로그인이 된다.

scp 예제보기 https://ivps.tistory.com/77

sftp 예제보기 https://ivps.tistory.com/78