ssh host key 초기화
host 정보가 변경되어 아래와 같이 ssh key changed 메시지가 발생되면
두가지 방법으로 키를 초기화 할 수 있다.
1. 첫번째 방법
ssh-keyget 명령으로 known_hosts 파일 내의 해당 호스트 정보를 초기화
[root@myserver-m01 playbook]# ssh 192.215.2.30 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:ApeEYXHbA1R6s6sSjdUEg7PZZb5mtQPxJJivlkJFddI. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:15 ECDSA host key for 192.215.2.30 has changed and you have requested strict checking. Host key verification failed. [root@myserver-m01 playbook]# ssh-keygen -R 192.215.2.30 # Host 192.215.2.30 found: line 15 /root/.ssh/known_hosts updated.
2. 두번째 방법
직접 known_hosts 파일을 변경
[root@myserver-m01 playbook]# vim /root/.ssh/known_hosts 192.215.2.30 ecdsa-sha2-nistp256 AAAAE2VjZHAAAXNoYTItasdzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA+Tqf8jp7rpfrVXBpsnF0cNCL7izLZKuHZJMyaZvW3N2PPDM/F5dc2PvyP6yws5K6+a38WF+RcqpsoLop5jCdo=
--> 직접 해당 라인을 지우고 192.215.2.30 호스트 서버에 ssh 접속한다.
ssh 공개키 전송
나의 공개키를 상대 호스트에 전달하여 비번 입력없이 ssh 접속이 가능하다.
[root@myserver-m01 playbook]# ssh-copy-id root@192.215.2.30 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.215.2.30 (10.215.2.30)' can't be established. ECDSA key fingerprint is SHA256:Imj8KnDME9Rd3et/3mlJk8ze/OzkhHhgKfBUctJ3N3s. ECDSA key fingerprint is MD5:9b:a2:11:54:b4:81:e8:bb:1g:30:8f:aa:68:a6:66:ba. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.215.2.30's password: '192.215.2.30 호스트 서버의 암호입력' Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.215.2.30'" and check to make sure that only the key(s) you wanted were added. 비번 없이 ssh 접속 확인 [root@myserver-m01 playbook]# ssh 192.215.2.30 Last login: Wed Apr 20 14:21:19 2022 from 192.111.125.11
ssh key copy 와 변경된 키 처리