좌측은 local-client이고, 우측은 remote-server로 호스트명을 변경 후 진행한다.
[2]local-client
[root@local-client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 홈디렉터리를 일반계정으로 줘도 된다.
Enter passphrase (empty for no passphrase):
여기서 패스워드를 주게 되면 더욱 더 보안을 강화할 수 있다. 엔터만 치게 되면 패스워드 없이 접속 가능함
Enter same passphrase again: 패스워드를 주었더라면 동일하게 치고, 패스워드를 주지않고 엔터 쳤다면 또 다시 엔터 입력한다.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bhydWo19vSroWgjX01flbPv76PymqhlR557cqHPGcHQ root@local-client
The key's randomart image is:
+---[RSA 2048]----+
| .|
| o.|
| . ..+|
| ...* oooE|
| . .So*.oooo.|
| oo.+..o+.+o|
| .=.o +=.o|
| ... +.o=.o|
| .o.o.+B==+|
+----[SHA256]-----+
[root@local-client ~]# ls -alrt /root/.ssh/
id_rsa id_rsa.pub known_hosts <<기존에 없던 private key(=id_rsa)와 public key(=id_rsa.pub)가 생김
[root@local-client ~]# ls -alrt /root/.ssh/
total 16
-rw-r--r-- 1 root root 525 Nov 12 06:52 known_hosts
dr-xr-x---. 14 root root 4096 Dec 29 01:51 ..
-rw-r--r-- 1 root root 399 Mar 15 01:14 id_rsa.pub
-rw------- 1 root root 1675 Mar 15 01:14 id_rsa << 중요한 개인키 이므로 유저에게만 권한을 주고 나머지 Group, Other 또한 접근할 수 없다.
drwx------ 2 root root 57 Mar 15 01:14 .
[root@local-client .ssh]# rsync -avzhP id_rsa.pub test1@192.168.111.250:/home/test1/id_rsa.pub
test1@192.168.111.250's password:
sending incremental file list
id_rsa.pub
399 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 426 bytes received 35 bytes 102.44 bytes/sec
total size is 399 speedup is 0.87
[3] remote-server(192.168.111.250)
[root@remote-server test1]# cat id_rsa.pub
ssh-rsa AAAAB3N8mP7BcMSpxzAGLRIYwl7Z4tpOdp8aD8zN431Rd
... ~~ root@local-client
[root@remote-server test1]# pwd
/home/test1
[root@remote-server test1]# ls -alrt
total 32
-rw-r--r-- 1 test1 test1 231 Aug 3 2017 .bashrc
-rw-r--r-- 1 test1 test1 193 Aug 3 2017 .bash_profile
-rw-r--r-- 1 test1 test1 18 Aug 3 2017 .bash_logout
drwxr-xr-x. 4 root root 32 Oct 9 19:36 ..
drwx------ 2 test1 test1 25 Oct 9 19:40 .ssh
drwx------ 3 test1 test1 25 Oct 26 11:32 .dbus
drwx------ 3 test1 test1 19 Oct 26 11:32 .local
-rw------- 1 test1 test1 16 Oct 26 11:32 .esd_auth
drwxr-xr-x 2 test1 test1 6 Oct 26 11:32 Desktop
drwx------ 10 test1 test1 146 Oct 26 19:28 .config
drwx------ 9 test1 test1 274 Nov 11 18:30 .cache
-rw------- 1 test1 test1 51 Nov 12 01:18 .Xauthority
-rw------- 1 test1 test1 930 Mar 14 21:23 .ICEauthority
-rw------- 1 test1 test1 1422 Mar 14 23:35 .bash_history
-rw-r--r-- 1 test1 test1 399 Mar 15 01:14 id_rsa.pub
drwx------ 8 test1 test1 241 Mar 15 01:35 .
[root@remote-server test1]# cat id_rsa.pub >> .ssh/authorized_keys
[root@remote-server test1]# ls -alrt ./.ssh/
total 8
-rw-r--r-- 1 test1 test1 348 Oct 19 18:05 known_hosts
drwx------ 8 test1 test1 264 Mar 15 02:02 ..
drwx------ 2 test1 test1 48 Mar 15 02:02 .
-rw-r--r-- 1 root root 399 Mar 15 02:02 authorized_keys
[root@remote-server test1]# cat ./.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzY/+cKF6HdJhJI4ZfYuqDhKuXgPSA+xB
... ~~ root@local-client
[4]local-client
해당 호스트에 아이피 및 호스트가 없어서 발생한 것이므로, local 클라이언트에 192.168.111.250 이라는 remote-server를 넣어준다.
#vi /etc/hosts
그럼 local client에서 remote-server로 패스워드 없이도 접속 할 수있게 된다.
태그는 출처이며, 해당 내용 참고하면서 유익하게 활용하였다.
https://www.youtube.com/watch?v=qkGaUqlH47s&t=31s