SSH 인증키 접속

뽀룩꾸 2024. 1. 24. 11:46

0. 환경

1) 서버 : syncmgr@ds1 (192.168.100.12)

2) 클라이언트 1 : user01@dsls (192.168.100.11)

3) 클라이언트 2 : user02@ds2 (192.168.100.13)

4) 최종 클라이언트 3 : user03@cli (192.168.100.14)

1. DSLS (192.168.100.11) - user01 >> syncmgr@192.168.100.12(ds1)

1) ssh-keygen으로 클라이언트에 key 생성

[user01@dsls ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user01/.ssh/id_rsa):
Created directory '/home/user01/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user01/.ssh/id_rsa.
Your public key has been saved in /home/user01/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:AmuwOpGs/6ACCqb8vz21PuZfQ2/sQFJ7zoWty/1RMMo user01@dsls
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|  . .        .o  |
|.. o o     ....= |
|o.. o . S  .E+..+|
|++ .   . .  + *.o|
|@ .     . .  +.B |
|+= .  .. +  ..=o.|
|o oooo..=oo.  o.+|
+----[SHA256]-----+
[user01@dsls ~]$ cd .ssh
[user01@dsls .ssh]$ ls
id_rsa  id_rsa.pub

2) 클라이언트에 id_rsa.pub 키 확인

[user01@dsls .ssh]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dIK+nX0GjYrwFr+2qQ9d+B2sEt8qoJDPh0s2EzDbXeXx15aHo3rjBQcFRxHK+7kxgMRDfp4U3Rle6l+N+T7EbIlnllDJ/mXtdkZN8Mclyw3mHGLXleVx7OXSv/rCYYbuN1pJjJmwVD62dD6YfT0hjem2uPC+DwVcmLezo3lioVIjI42fBB3RI2QwddlUgV+nfTc0I0mJ13ySial0r+xeOx9z+LDMPFg/touSjNobeL4kx9K8gRQiyHxhJ0SDM/GoinJlM09Qd8nJr9S9hPCpcOsgSEYrMYjyhBuG9f2iZR2VYEb8ACPUKAPRAhFTdofRpH/kMlUZBwNcJLQ5kpYJ user01@dsls

3) 클라언트에서 서버로 key 복사 (ssh-copy-id)

[user01@dsls .ssh]$ ssh-copy-id -i ~/.ssh/id_rsa.pub syncmgr@192.168.100.12
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user01/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.12 (192.168.100.12)' can't be established.
ECDSA key fingerprint is SHA256:1kV11rGNrYC1AeGC8g9yrbXYLcPre6gRglsWrm0FpQM.
ECDSA key fingerprint is MD5:82:7d:ab:50:93:36:ad:1b:c2:31:31:c8:a2:d0:ef:65.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
syncmgr@192.168.100.12's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'syncmgr@192.168.100.12'"
and check to make sure that only the key(s) you wanted were added.

4) 클라이언트 ~/.ssh/known_hosts 확인

[user01@dsls .ssh]$ cat known_hosts
192.168.100.12 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFpF1haq3SNUDOAmSwDZANZHcVk9tAJrVRyT79qFckBt4V8qVfl5kDp23VH77gV2kAviMP33DiT8X9oePG4NHWs=

5) 서버에서 인증키 확인

6) 암호 없이 ssh 접속 확인 : OK

[user01@dsls .ssh]$ ssh syncmgr@192.168.100.12
Last login: Mon Jan 22 18:04:34 2024
[syncmgr@ds1 ~]$

2. ds2 (192.168.100.13) - user02 >> syncmgr@192.168.100.12(ds1)

1) ssh-keygen으로 클라이언트에 key 생성 > ~/.ssh/id_rsa.pub 및 known_hosts 확인

[user02@ds2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user02/.ssh/id_rsa):
Created directory '/home/user02/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user02/.ssh/id_rsa.
Your public key has been saved in /home/user02/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KmYEfAxM1z91C+iRUUtZEokgL+SofBsc/DImqhtxdTs user02@ds2
The key's randomart image is:
+---[RSA 2048]----+
| oo +....*==.    |
| .oB o. =.=o.    |
|  +o* oo o.o .   |
|...+oo .+   .    |
|oo.B..E S.       |
|.o+.=  o         |
|o  .+ .          |
|.. o .           |
|o.               |
+----[SHA256]-----+

2) 클라이언트에 id_rsa.pub 키 확인

[user02@ds2 ~]$ cd .ssh
[user02@ds2 .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5fhss+rFiiTqVYfeBPZfyyZyWHuQkFTLwURB3jJei+IWEg4EAtrsYvHoVPl+WnpfwTKd9j9Xb3A4cMahac4QUngGQngoNOgfXddiXBCTJUqre/othlhPMPjehhS4dJXkk5v92P+KQn/OzyXq1F5LbrBoGh6prehSLVssIKUz+COQ0CAIe9WHCJ0FijiVSiXUQeizJGyFli4P98CGQ5Zs/ESvXKn7LqNdlfxWHlxGjrHuRlYAqexk5+kbPXuSkOPIOJmPE8uEr2Wp8NRJzqyPdfrzD7xUH94z+DWC8PdkuO1VKEED3PyQU9cCdzz7IlFUC46s7h+WA8pHyqzQ6sQhx user02@ds2

3) 클라언트에서 서버로 key 복사 (ssh-copy-id)

[user02@ds2 .ssh]$ ssh-copy-id -i ~/.ssh/id_rsa.pub syncmgr@192.168.100.12
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user02/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.12 (192.168.100.12)' can't be established.
ECDSA key fingerprint is SHA256:1kV11rGNrYC1AeGC8g9yrbXYLcPre6gRglsWrm0FpQM.
ECDSA key fingerprint is MD5:82:7d:ab:50:93:36:ad:1b:c2:31:31:c8:a2:d0:ef:65.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
syncmgr@192.168.100.12's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'syncmgr@192.168.100.12'"
and check to make sure that only the key(s) you wanted were added.

4) 클라이언트 ~/.ssh/known_hosts 확인

[user02@ds2 .ssh]$ cat known_hosts
192.168.100.12 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFpF1haq3SNUDOAmSwDZANZHcVk9tAJrVRyT79qFckBt4V8qVfl5kDp23VH77gV2kAviMP33DiT8X9oePG4NHWs=

5) 서버에서 인증키 확인

6) ssh 접속 확인 : ssh 주소 방식은 암호 확인 / ssh id@주소 방식은 접속 OK

[user02@ds2 .ssh]$ ssh 192.168.100.12
user02@192.168.100.12's password:

[user02@ds2 .ssh]$ ssh syncmgr@192.168.100.12
Last login: Wed Jan 24 11:33:29 2024 from dsls
[syncmgr@ds1 ~]$

7) ssh -v 옵션으로 디버그모드

i) 주소로만 접속 시도시 암호 물어보기까지

[user02@ds2 .ssh]$ ssh 192.168.100.12 -v
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.100.12 [192.168.100.12] port 22.
debug1: Connection established.
debug1: identity file /home/user02/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.100.12:22 as 'user02'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1kV11rGNrYC1AeGC8g9yrbXYLcPre6gRglsWrm0FpQM
debug1: Host '192.168.100.12' is known and matches the ECDSA host key.
debug1: Found key in /home/user02/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1001)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1001)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user02/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user02/.ssh/id_dsa
debug1: Trying private key: /home/user02/.ssh/id_ecdsa
debug1: Trying private key: /home/user02/.ssh/id_ed25519
debug1: Next authentication method: password
user02@192.168.100.12's password:

ii) ssh id@주소 : 마지막에 접속 OK 확인

[user02@ds2 .ssh]$ ssh syncmgr@192.168.100.12 -v
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.100.12 [192.168.100.12] port 22.
debug1: Connection established.
debug1: identity file /home/user02/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user02/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.100.12:22 as 'syncmgr'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1kV11rGNrYC1AeGC8g9yrbXYLcPre6gRglsWrm0FpQM
debug1: Host '192.168.100.12' is known and matches the ECDSA host key.
debug1: Found key in /home/user02/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1001)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1001)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user02/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.100.12 ([192.168.100.12]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed Jan 24 11:35:17 2024 from ds2
[syncmgr@ds1 ~]$

3. 환경 정보

1) 클라이언트 .ssh 권한 정보

[user02@ds2 .ssh]$ ls -al
total 12
drwx------. 2 user02 user02   57 Jan 23 21:30 .
drwx------. 6 user02 user02  153 Jan 23 21:27 ..
-rw-------. 1 user02 user02 1675 Jan 23 21:27 id_rsa
-rw-r--r--. 1 user02 user02  392 Jan 23 21:27 id_rsa.pub
-rw-r--r--. 1 user02 user02  176 Jan 23 21:30 known_hosts

2) 서버 .ssh 권한 정보

[syncmgr@ds1 .ssh]$ ls -al
total 8
drwx------. 2 syncmgr syncmgr 29 Jan 24 11:06 .
drwx------. 25 syncmgr syncmgr 4096 Jan 24 11:06 ..
-rw-------. 1 syncmgr syncmgr 785 Jan 24 11:30 authorized_keys

3) 클라이언트 /etc/ssh/sshd_config 설정

# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

4) 서버 /etc/ssh/sshd_config 설정

* 클라이언트 ds2에서 별도의 인증키 생성해서 ds1에 접속 시도 테스트

1. 신규 인증키 id_rsa_temp.pub 생성

[user02@ds2 .ssh]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user02/.ssh/id_rsa): /home/user02/.ssh/id_rsa_temp
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user02/.ssh/id_rsa_temp.
Your public key has been saved in /home/user02/.ssh/id_rsa_temp.pub.
The key fingerprint is:
SHA256:ydoXGFseu4jc1W8y6/jM0xMmF4NzzHvjo0bBMGBOCTE user02@ds2
The key's randomart image is:
+---[RSA 4096]----+
|       Eo+o      |
|        =. o     |
|        ..o ++   |
|       . B +oo*  |
|        S = .o.+ |
|     . = o o.o=..|
|      + + o +=+o.|
|         . +.*oo |
|          .oBo...|
+----[SHA256]-----+

2. 클라이언트에 id_rsa_temp.pub 키 확인

3. 클라언트에서 서버로 key 복사 (ssh-copy-id)

[user02@ds2 .ssh]$ cat id_rsa_temp.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLXigSONXCochz4f66eXX2I6PndbJiDoAzzzBSw+Rb2JLdzLMjst4AtFnIK6W7tRF2KvlD6A0PUPhESLplwniFp/jhjvlcdpUCSwO//q2btx+HMvZXmojrFmMiiE+x3ZhWNiEq7lbX6U+kWdR0DhVjhkRGf2jG0cLcu9Rf7Z1z5796HOWwDp7bD1nTDs1z3/4GYrznAWTYeqGK1aLKsvGu0vWOvtEvyeJ2bkAOeBHaC/19bjF1735dOBXoBXlqgW2dXcJqbe1KPu+aaAhIOuFx9VH7xqSXxY5QJcQ1qIxTje6TLYOchqGtZ+jY/Y3syduuIc7xuvl7v8D/715EsUkZYacoWmL7q22WQWplc/8dvXrVxUc3l+k5AXEcGLy+b5ultmEPVJqbARYfdA4ml+bnv88/1YBPEbzM79wpzvFTt8mhg36QATcHdIlPoKkPBWaxXthvf+rkZ+0Pq8A3hsq/OmZsaCSn8vfL2sZ5vRWYEavmexUIawpsUZo74+0UOgjK1d3FKu8So+TbYT7a82EC9+mAYbg9kdfnBD67VrkTf6vlC9xUdTJXuSs9aEo4WpWGUqGFvc0Khr03ONAsRQ1R5796NLgcSkLH1GZzhDGFaj6YkMvwqz2PhEFcsNWpsFw6mAfF8k71m/jqGbBILLofqd3AOR2CrMnmN5/uZHMF2w== user02@ds2
[user02@ds2 .ssh]$ ssh-copy-id -i ~/.ssh/id_rsa_temp.pub syncmgr@192.168.100.12
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user02/.ssh/id_rsa_temp.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'syncmgr@192.168.100.12'"
and check to make sure that only the key(s) you wanted were added.

4. 클라이언트의 known_hosts 확인 (추가 내용 없음)

5. 서버의 인증키 확인 (마지막 줄에 신규 키 추가됨 확인)

[syncmgr@ds1 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dIK+nX0GjYrwFr+2qQ9d+B2sEt8qoJDPh0s2EzDbXeXx15aHo3rjBQcFRxHK+7kxgMRDfp4U3Rle6l+N+T7EbIlnllDJ/mXtdkZN8Mclyw3mHGLXleVx7OXSv/rCYYbuN1pJjJmwVD62dD6YfT0hjem2uPC+DwVcmLezo3lioVIjI42fBB3RI2QwddlUgV+nfTc0I0mJ13ySial0r+xeOx9z+LDMPFg/touSjNobeL4kx9K8gRQiyHxhJ0SDM/GoinJlM09Qd8nJr9S9hPCpcOsgSEYrMYjyhBuG9f2iZR2VYEb8ACPUKAPRAhFTdofRpH/kMlUZBwNcJLQ5kpYJ user01@dsls
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5fhss+rFiiTqVYfeBPZfyyZyWHuQkFTLwURB3jJei+IWEg4EAtrsYvHoVPl+WnpfwTKd9j9Xb3A4cMahac4QUngGQngoNOgfXddiXBCTJUqre/othlhPMPjehhS4dJXkk5v92P+KQn/OzyXq1F5LbrBoGh6prehSLVssIKUz+COQ0CAIe9WHCJ0FijiVSiXUQeizJGyFli4P98CGQ5Zs/ESvXKn7LqNdlfxWHlxGjrHuRlYAqexk5+kbPXuSkOPIOJmPE8uEr2Wp8NRJzqyPdfrzD7xUH94z+DWC8PdkuO1VKEED3PyQU9cCdzz7IlFUC46s7h+WA8pHyqzQ6sQhx user02@ds2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLXigSONXCochz4f66eXX2I6PndbJiDoAzzzBSw+Rb2JLdzLMjst4AtFnIK6W7tRF2KvlD6A0PUPhESLplwniFp/jhjvlcdpUCSwO//q2btx+HMvZXmojrFmMiiE+x3ZhWNiEq7lbX6U+kWdR0DhVjhkRGf2jG0cLcu9Rf7Z1z5796HOWwDp7bD1nTDs1z3/4GYrznAWTYeqGK1aLKsvGu0vWOvtEvyeJ2bkAOeBHaC/19bjF1735dOBXoBXlqgW2dXcJqbe1KPu+aaAhIOuFx9VH7xqSXxY5QJcQ1qIxTje6TLYOchqGtZ+jY/Y3syduuIc7xuvl7v8D/715EsUkZYacoWmL7q22WQWplc/8dvXrVxUc3l+k5AXEcGLy+b5ultmEPVJqbARYfdA4ml+bnv88/1YBPEbzM79wpzvFTt8mhg36QATcHdIlPoKkPBWaxXthvf+rkZ+0Pq8A3hsq/OmZsaCSn8vfL2sZ5vRWYEavmexUIawpsUZo74+0UOgjK1d3FKu8So+TbYT7a82EC9+mAYbg9kdfnBD67VrkTf6vlC9xUdTJXuSs9aEo4WpWGUqGFvc0Khr03ONAsRQ1R5796NLgcSkLH1GZzhDGFaj6YkMvwqz2PhEFcsNWpsFw6mAfF8k71m/jqGbBILLofqd3AOR2CrMnmN5/uZHMF2w== user02@ds2

6. 클라인트에서 신규키로 서버 ssh 접속 시도 : 암호 물어보면서 키 접속 실패

[user02@ds2 .ssh]$ ssh -i ~/.ssh/id_rsa_temp.pub syncmgr@192.168.100.12
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/user02/.ssh/id_rsa_temp.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/user02/.ssh/id_rsa_temp.pub": bad permissions
syncmgr@192.168.100.12's password:

7. ~/.ssh/*을 600이든 400이든 권한 변경 후 재시도 : 역시 실패

[user02@ds2 .ssh]$ chmod 600 ./*
[user02@ds2 .ssh]$ ssh -i ~/.ssh/id_rsa_temp.pub syncmgr@192.168.100.12
Enter passphrase for key '/home/user02/.ssh/id_rsa_temp.pub':
syncmgr@192.168.100.12's password:
Last login: Wed Jan 24 11:39:26 2024 from ds2
[syncmgr@ds1 ~]$ exit
logout
Connection to 192.168.100.12 closed.
[user02@ds2 .ssh]$ ssh -i ~/.ssh/id_rsa_temp.pub syncmgr@192.168.100.12
Enter passphrase for key '/home/user02/.ssh/id_rsa_temp.pub':

8. -i 옵션으로 id_rsa_temp.pub 파일 지정 안하고 접속하면 default인 id_rsa.pub로 접속 성공

[user02@ds2 .ssh]$ ssh syncmgr@192.168.100.12
Last login: Wed Jan 24 11:57:51 2024 from ds2
[syncmgr@ds1 ~]$