ssh-keygen -t rsa임베디드 대상(imx6)을 사용하여 SSH 키를 생성 하고 공개 키를 호스트 시스템에 복사했습니다.
대상 시스템 IMX6: OpenSSH: 7.1p2 IP: 192.168.2.31
호스트 머신: 오픈SSH: OpenSSH_5.9p1 IP: 192.168.2.11
대상 A에서 머신 B까지 대상에서 호스트 연결을 시도했는데 제대로 작동했습니다. 아래 로그를 찾아보세요.
mx6q:~# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'pnallathambi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6hGhaP5vujRRSDEE7e6unEHBXIkPgx9Q6f0U9zvXt1E
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x15e3c28),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-025 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:VaQIZBXXXq8H7m6Um+/hfEllTx3VsgygYZhwUd/i1dY
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.2.11 ([192.168.2.11]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: callback start
debug1: X11 forwarding requested but DISPLAY not set
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-95-generic x86_64)
* Documentation: https://help.ubuntu.com/
35 packages can be updated.
35 updates are security updates.
Your Hardware Enablement Stack (HWE) is supported until April 2017.
Last login: Fri Sep 23 15:42:05 2016 from 192.168.2.31
pnallathambi@vmlxhi-025:~$ exit
logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.2.11 closed.
Transferred: sent 3564, received 3364 bytes, in 2.7 seconds
Bytes per second: sent 1309.0, received 1235.5
debug1: Exit status 0
타겟 C에서 머신 D로: 동일한 키를 다른 컴퓨터 쌍, 즉 다른 대상에 복사하고 공개 키를 연결된 호스트 컴퓨터에 추가했습니다. 이번에는 작동하지 않았고 이유를 좁힐 수 없었습니다.
아래 로그를 찾아보세요.
mx6q:/home/root# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'brinda.mc'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:GAh4JM8Gft7dIgC7nqT+8k5LCpTFJ1hy6t20xQ+hcbc
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x12e5c18),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-079 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/root/.ssh/id_dsa
debug1: Trying private key: /home/root/.ssh/id_ecdsa
debug1: Trying private key: /home/root/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
답변1
하나의 키가 여러 호스트에서 작동하도록 하려면 키를 다르게 작성해야 합니다.
키를 만든 방식 때문에 해당 사용자/호스트 조합에만 유효합니다. 원한다면 A에서 B로, A에서 C로, A에서 D로 이동할 수 있지만 A에서 id_rsa를 복사하여 C에 넣은 다음 C에서 D로 SSH를 실행할 수는 없습니다. .
그들은 그렇게 지어지지 않았습니다. 그것이 그들이 안전한 이유입니다.
매뉴얼 페이지, 특히 인증서에 관한 부분을 다시 읽으십시오.