SSH 인증키 원격지 서버에 올려서 암호입력 없이 접속하기
백업 또는 서버관리를 위해서 SSH 사용이 아주 빈번하다. RSYNC 또는 SCP, SFTP 같은 유틸로 파일을 백업하고자 할 때,
CRON에 백업스크립트를 등록하여 자동백업 하고자 할 때 비밀번호 입력 없이 파일 업로드가 가능하다면 아주 편리할 것이다.
아래는 백업서버가 1대(conoha) 운영서버 여러대(linode, vultr, etc) 있고 운영서버의 인증키를 백업서버(원격지)에 올리는 방법이다.
▶ Linode SSH 인증키 생성 및 업로드
[root@linode ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f9:99:30:0e:8d:cc:a1:44:c6:ac:19:6e:67:19:04:5a root@linode.ivps.kr
The key's randomart image is:
+--[ RSA 2048]----+
| E=+ |
| o.o+ |
|.. +.o. |
| =.++ + . |
| . o. = S |
| o + o |
| . + |
| |
| |
+-----------------+
[root@linode ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.
ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.
root@conoha.ivps.kr's password:
▶ Linode SSH 인증키 생성 및 업로드
[root@vultr ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d1:22:15:0c:4e:d5:95:19:fd:c6:c8:4f:8b:5b:f8:01 root@vultr.ivps.kr
The key's randomart image is:
+--[ RSA 2048]----+
| o++o .o= |
| o .... o . |
| o o . . + |
| . o Eo =|
| S ++.|
| o +.|
| + .|
| . . |
| |
+-----------------+
[root@vultr ~]# cat ./.ssh/id_rsa.pub | ssh -p10022 root@conoha.ivps.kr "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
The authenticity of host '[conoha.ivps.kr]:10022 ([133.130.126.29]:10022)' can't be established.
ECDSA key fingerprint is d1:33:b1:93:a0:7c:5b:7e:3b:e1:5b:2b:13:8a:27:01.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[conoha.ivps.kr]:10022,[133.130.126.29]:10022' (ECDSA) to the list of known hosts.
root@conoha.ivps.kr's password:
▶ Conoha 에서 인증키가 정상적으로 복사되었는지 확인
[root@conoha ~]# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3P6CFMztEsGJzLjGhoGNomDKAQ5CgnVW5eV79zRWTGdamxHtJLZS1sq5lCk4oFAslhD4fStQguH4TKVrhFhwczK+mIX7iaycUVJshH2QB4Zce4rM+7loacU1WKOjE1LK4twWggH8LsJHkwRqBaZi/9mXYbBsUpsnR1PvBxZ5ub+61jqujD13jgwMS9tlVSLsM9VFrn/+bMEt8bAwSeVCPlY2QroeL7euu/H6CwW4NYGEPXOEnu6k9W5WKSeBo+WjTsLvip/UziJ6+jjs2z+VGeg2iyOXBG6onXAnfa9vaY+gqQ6X5ZL2/5TFP9T1nYNlask2W6FlQhe09OpDDaVA1 root@linode.ivps.kr
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIacorFIiihlSc8fDOrZNab79w7STxi6ubNOAn+BsnBBKawMlWWEb6gzQTC0BTcZUQpm/s3LFQgQGdu5cfdVi+DfmicOQo9N+bjNLv/NHfoCt0yEWmlWDx2iew37Lv1BzrV/w1T2xssx7KVCrRg+NmcUbP0yPegtGsvjR17vpCafam7jxN2TRxo3uk7ah9z8budaKACMeOpF1JhEpMSahmHvweyUXNIpN3dnBnfZIUqwFFh+RnOY3rR2L2W9c0bc6KQSGpl0BavqeGrSNhYNwVYn2tcCGcDCePqrT4mFkG+QPxhpZmNNeNrlRS5NDB9FgBbVCUMuFtI7aD4qW7itI1 root@vultr.ivps.kr
~/.ssh/authorized_keys 파일에 두 서버의 SSH 인증키가 합쳐져 있다.
▶ SSH 접속 테스트
[root@vultr ~]# ssh -p10022 root@conoha.ivps.kr
Last login: Mon May 30 13:06:06 2016 from 107.191.53.38
[root@conoha ~]# exit
logout
Connection to conoha.ivps.kr closed.
[root@vultr ~]#
[root@linode ~]# ssh -p10022 root@conoha.ivps.kr
Last login: Mon May 30 13:08:51 2016 from 107.191.53.38
[root@conoha ~]# exit
logout
Connection to conoha.ivps.kr closed.
[root@linode ~]#
이제 두 서버 모두 암호 입력없이 로그인이 된다.
scp 예제보기 https://ivps.tistory.com/77
sftp 예제보기 https://ivps.tistory.com/78