SSH 인증키 원격지 서버에 올려서 암호입력 없이 접속하기



백업 또는 서버관리를 위해서 SSH 사용이 아주 빈번하다. RSYNC 또는 SCP, SFTP 같은 유틸로 파일을 백업하고자 할 때,


CRON에 백업스크립트를 등록하여 자동백업 하고자 할 때 비밀번호 입력 없이 파일 업로드가 가능하다면 아주 편리할 것이다.


아래는 백업서버가 1대(conoha) 운영서버 여러대(linode, vultr, etc) 있고 운영서버의 인증키를 백업서버(원격지)에 올리는 방법이다.



▶ Linode SSH 인증키 생성 및 업로드


[root@linode ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

f9:99:30:0e:8d:cc:a1:44:c6:ac:19:6e:67:19:04:5a root@linode.ivps.kr

The key's randomart image is:

+--[ RSA 2048]----+

|  E=+            |

| o.o+            |

|.. +.o.          |

|  =.++ + .       |

| . o. = S        |

|       o + o     |

|        . +      |

|                 |

|                 |

+-----------------+


[root@linode ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.

ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.

root@conoha.ivps.kr's password:



▶ Linode SSH 인증키 생성 및 업로드


[root@vultr ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

d1:22:15:0c:4e:d5:95:19:fd:c6:c8:4f:8b:5b:f8:01 root@vultr.ivps.kr

The key's randomart image is:

+--[ RSA 2048]----+

|      o++o .o=   |

|     o .... o .  |

|      o o .  . + |

|       . o   Eo =|

|        S     ++.|

|             o +.|

|              + .|

|             . . |

|                 |

+-----------------+


[root@vultr ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.

ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.

root@conoha.ivps.kr's password:



▶ Conoha 에서 인증키가 정상적으로 복사되었는지 확인


[root@conoha ~]# cat ~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3P6CFMztEsGJzLjGhoGNomDKAQ5CgnVW5eV79zRWTGdamxHtJLZS1sq5lCk4oFAslhD4fStQguH4TKVrhFhwczK+mIX7iaycUVJshH2QB4Zce4rM+7loacU1WKOjE1LK4twWggH8LsJHkwRqBaZi/9mXYbBsUpsnR1PvBxZ5ub+61jqujD13jgwMS9tlVSLsM9VFrn/+bMEt8bAwSeVCPlY2QroeL7euu/H6CwW4NYGEPXOEnu6k9W5WKSeBo+WjTsLvip/UziJ6+jjs2z+VGeg2iyOXBG6onXAnfa9vaY+gqQ6X5ZL2/5TFP9T1nYNlask2W6FlQhe09OpDDaVA1 root@linode.ivps.kr

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIacorFIiihlSc8fDOrZNab79w7STxi6ubNOAn+BsnBBKawMlWWEb6gzQTC0BTcZUQpm/s3LFQgQGdu5cfdVi+DfmicOQo9N+bjNLv/NHfoCt0yEWmlWDx2iew37Lv1BzrV/w1T2xssx7KVCrRg+NmcUbP0yPegtGsvjR17vpCafam7jxN2TRxo3uk7ah9z8budaKACMeOpF1JhEpMSahmHvweyUXNIpN3dnBnfZIUqwFFh+RnOY3rR2L2W9c0bc6KQSGpl0BavqeGrSNhYNwVYn2tcCGcDCePqrT4mFkG+QPxhpZmNNeNrlRS5NDB9FgBbVCUMuFtI7aD4qW7itI1 root@vultr.ivps.kr


~/.ssh/authorized_keys 파일에 두 서버의 SSH 인증키가 합쳐져 있다.



▶ SSH 접속 테스트


[root@vultr ~]# ssh -p10022 root@conoha.ivps.kr

Last login: Mon May 30 13:06:06 2016 from 107.191.53.38

[root@conoha ~]# exit

logout

Connection to conoha.ivps.kr closed.

[root@vultr ~]#


[root@linode ~]# ssh -p10022 root@conoha.ivps.kr

Last login: Mon May 30 13:08:51 2016 from 107.191.53.38

[root@conoha ~]# exit

logout

Connection to conoha.ivps.kr closed.

[root@linode ~]#


이제 두 서버 모두 암호 입력없이 로그인이 된다.


scp 예제보기 https://ivps.tistory.com/77


sftp 예제보기 https://ivps.tistory.com/78



블로그 이미지

영은파더♥

가상서버호스팅 VPS 리눅스 서버관리 윈도우 IT

,