ssh host key 초기화

host 정보가 변경되어 아래와 같이 ssh key changed 메시지가 발생되면

두가지 방법으로 키를 초기화 할 수 있다.

1. 첫번째 방법
ssh-keyget 명령으로 known_hosts 파일 내의 해당 호스트 정보를 초기화

[root@myserver-m01 playbook]# ssh 192.215.2.30 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:ApeEYXHbA1R6s6sSjdUEg7PZZb5mtQPxJJivlkJFddI.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:15
ECDSA host key for 192.215.2.30 has changed and you have requested strict checking.
Host key verification failed.

[root@myserver-m01 playbook]# ssh-keygen -R 192.215.2.30
# Host 192.215.2.30 found: line 15
/root/.ssh/known_hosts updated.

2. 두번째 방법

직접 known_hosts 파일을 변경

[root@myserver-m01 playbook]# vim /root/.ssh/known_hosts

192.215.2.30 ecdsa-sha2-nistp256 AAAAE2VjZHAAAXNoYTItasdzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA+Tqf8jp7rpfrVXBpsnF0cNCL7izLZKuHZJMyaZvW3N2PPDM/F5dc2PvyP6yws5K6+a38WF+RcqpsoLop5jCdo=

--> 직접 해당 라인을 지우고 192.215.2.30 호스트 서버에 ssh 접속한다.

 

ssh 공개키 전송

나의 공개키를 상대 호스트에 전달하여 비번 입력없이 ssh 접속이 가능하다.

[root@myserver-m01 playbook]# ssh-copy-id root@192.215.2.30

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.215.2.30 (10.215.2.30)' can't be established.
ECDSA key fingerprint is SHA256:Imj8KnDME9Rd3et/3mlJk8ze/OzkhHhgKfBUctJ3N3s.
ECDSA key fingerprint is MD5:9b:a2:11:54:b4:81:e8:bb:1g:30:8f:aa:68:a6:66:ba.
Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.215.2.30's password: '192.215.2.30 호스트 서버의 암호입력'

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.215.2.30'"
and check to make sure that only the key(s) you wanted were added.




비번 없이 ssh 접속 확인

[root@myserver-m01 playbook]# ssh 192.215.2.30
Last login: Wed Apr 20 14:21:19 2022 from 192.111.125.11
ssh key copy 와 변경된 키 처리

답글 남기기

이메일 주소는 공개되지 않습니다.