|
|
|
|
|
À̸§ : È£¼® (220.¢½.198.142) |
|
³¯Â¥ : 2007-06-18 22:28:48 |
|
Á¦¸ñ : [GOOD] SSH»ç¿ëÇϱâ - OpenSSH ÀÌ¿ë Linux °Á |
|
[Á¦87°][¸®´ª½º ±âÃÊ º¸¾È]SSH»ç¿ëÇϱâ - OpenSSH ÀÌ¿ë Linux °ÁÂ(º¸¾È½©)
2007/05/21 16:58
http://blog.naver.com/coffsje76/140038037353
Ãâó : ´ëÀü±¹Á¦IT±³À°¼¾ÅÍ Á¤¼ºÀç °»ç
1. ssh¿¡ ´ëÇÏ¿©
ssh´Â Secure shellÀÇ ¾àÀÚ·Î ¿ø°Ý ¸Ó½Å¿¡ ·Î±äÇÏ¿© ±× ¾È¿¡ ÀÖ´Â ¸í·ÉµéÀ» ½ÇÇàÇÏ´Â ÇÁ·Î±×·¥ÀÌ´Ù.
±âº»ÀûÀ¸·Î »ç¿ë¹ýÀº telnet°ú À¯»çÇÏÁö¸¸, telnetÀº Ŭ¶óÀ̾ðÆ®¿Í ¼¹ö°£ÀÇ µ¥ÀÌÅÍÀü¼Û½Ã ÀϹÝÅؽº
Æ®ÇüÅ·ΠÆÐŶÀ» Àü´ÞÇÏ¿© ÆÐŶÀÇ ³»¿ëÀ» À¯Ãâ´çÇÒ ¼ö ÀÖÁö¸¸, ssh´Â ÆÐŶÀü¼Û½Ã ¾ÏȣȽÃÅ°¹Ç·Î ¾È
ÀüÇÏ°Ô Àü¼ÛÇÒ ¼ö ÀÖ´Ù.
ÇöÀç ssh´Â ssh2¿Í ssh1 µÎ °¡Áö ÇÁ·ÎÅäÄÝÀÌ Àִµ¥, ssh2´Â ssh1À» °³¼±ÇÑ °ÍÀ¸·Î ȣȯÀº µÇÁö¸¸
±âº»ÀûÀ¸·Î ȣȯ¼ºÀ» Æ÷ÇÔÇÏ°í ÀÖ´Â °ÍÀÌ ¾Æ´Ï´Ù. ssh2¼¹ö È¥ÀÚ¼´Â ssh1 ¿¬°áÀ» °ü¸®ÇÒ ¼ö ¾øÀ¸¹Ç
·Î ssh1 ¼¹ö°¡ ¹Ýµå½Ã ÀÖ¾î¾ß ÇÑ´Ù.
ssh1°ú ssh2ÀÇ Â÷ÀÌÁ¡À» ±â¼úÀûÀ¸·Î º¸¸é SSH2´Â ÀÌÁß-¾ÏÈ£È RSAÅ° ±³È¯À» ºñ·ÔÇÏ¿© ´Ù¾çÇÑ Å°-±³
ȯ ¹æ¹ýÀ» Áö¿øÇÑ´Ù.
2. SSH¼³Ä¡Çϱâ
(1) °³¿ä: ¸®´ª½º¿¡¼ »ç¿ëÇÏ´Â ssh´Â µÎ°¡Áö°¡ ÀÖ´Ù. Çϳª´Â ¿ø Á¦ÀÛóÀÎ www.ssh.com¿¡¼ Á¦ÀÛÇÑ
°Í°ú www.openssh.org°¡ Á¦ÀÛÇÑ °ÍÀÌ ÀÖ´Ù. ´ëºÎºÐÀÇ ¹èÆ÷ÆÇ¿¡¼ openssh¿¡¼ Á¦ÀÛÇÑ °ÍÀ»
±âº»À¸·Î Áö¿øÇϹǷΠopenssh¸¦ »ç¿ëÇϵµ·Ï ÇÑ´Ù.
(2) ±¸¼º: SSHÀÇ ±âº» ±¸¼ºÀº SSH ¼¹ö¿Í SSHŬ¶óÀ̾ðÆ®·Î ±¸ºÐµÈ´Ù. SSH·Î Á¢¼ÓÀ» ÇÏ·Á¸é SSH¼¹ö
¼³Ä¡µÇ¾î ÀÖ¾î¾ß Çϸç, Ŭ¶óÀ̾ðÆ®¿¡¼µµ SSH°¡ Áö¿øµÇ´Â ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¿© Á¢¼ÓÇؾß
ÇÑ´Ù.
(3) ¼³Ä¡: ÇöÀç ´ëºÎºÐÀÇ ¹èÆ÷ÆÇ ¸®´ª½º¿¡ Openssh°¡ ±âº»À¸·Î ¼³Ä¡µÇ¾î ÀÖÀ¸¹Ç·Î ¼³Ä¡ºÎºÐÀº ÀÏ´Ü
»ý·«Çϵµ·Ï ÇÑ´Ù.
3. OpenSSH¸¦ ÀÌ¿ëÇÏ¿© ssh¼¹ö ¼³Á¤Çϱâ
(1) ¼¹ö¼³Á¤Çϱâ
1) ¼³¸í: ¼¹ö°ü·Ã ÁÖ ¼³Á¤ÆÄÀÏÀº /etc/ssh/sshd_config ÀÌ´Ù. º¸Åë ±âº» ¼³Á¤ÆÄÀÏ ±×´ë·Î »ç¿ëÇØ
µµ »ó°ü¾øÁö¸¸ ±×·ìÀ̳ª »ç¿ëÀÚµéÀ» Á¦ÇÑÇÏ·Á¸é ¸î°¡Áö Áö½ÃÀÚ¸¦ °Çµå·Á¾ß ÇÑ´Ù.
2) ȯ°æ¼³Á¤(sshd_config)ÆÄÀÏÀÇ ÁÖ¿äÇ׸ñ ºÐ¼®
# $OpenBSD: sshd_config,v 1.34 2001/02/24 10:37:26 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22 // ssh°¡ »ç¿ëÇÏ´Â Æ÷Æ®¸¦ ÁöÁ¤
Protocol 2,1 // openssh´Â ÇÁ·ÎÅäÄÝ ¹öÀüÀ» ¿øÇÏ´Â ´ë·Î ¼±ÅÃÇÒ ¼ö ÀÖ´Ù. SSH´Â
//SSH1°ú SSH2°¡ Àִµ¥ ÇöÀç¿Í °°ÀÌ ¼³Á¤Çϸé SSH1, SSH2 ¸ðµÎ
//Á¢¼ÓÀÌ °¡´ÉÇÏ´Ù.
#ListenAddress 0.0.0.0 // sshd µ¥¸óÀÌ ±Í¸¦ ±â¿ïÀÏ ÁÖ¼ÒÀÌ´Ù. 0.0.0.0Àº ¸ðµç °÷À» ¸»ÇÑ
#ListenAddress :: //´Ù.
HostKey /etc/ssh/ssh_host_key // SSH1ÀÇ È£½ºÆ®Å° À§Ä¡¸¦ ÁöÁ¤ÇÑ´Ù.
HostKey /etc/ssh/ssh_host_rsa_key // SSH2ÀÇ RSA¾Ïȣȹæ½ÄÀÇ È£½ºÆ®Å° À§Ä¡¸¦ ÁöÁ¤ÇÑ´Ù.
HostKey /etc/ssh/ssh_host_dsa_key // SSH2ÀÇ DSA¾Ïȣȹæ½ÄÀÇ È£½ºÆ®Å° À§Ä¡¸¦ ÁöÁ¤ÇÑ´Ù.
ServerKeyBits 768 // ¼¹ö Å°ÀÇ ºñÆ®¼ö¸¦ Á¤ÀÇÇÑ´Ù. ÃÖ¼Ò°ªÀº 512ÀÌ°í, ±âº»
//°ªÀº 768ÀÌ´Ù.
LoginGraceTime 600 // À¯Àú°¡ ·Î±×Àο¡ ½ÇÆÐÇßÀ» °æ¿ì ¼¹ö°¡ ¿¬°áÀ» ²÷´Â
//½Ã°£ÀÌ´Ù. °ªÀÌ 0À̸é Á¦ÇÑÀÌ ¾ø´Ù.
KeyRegenerationInterval 3600 // ¼¹öÀÇ Å°´Â Çѹø Á¢¼ÓÀÌ ÀÌ·ç¾îÁø µÚ¿¡ ÀÚµ¿ÀûÀ¸·Î
//´Ù½Ã ¸¸µé¾îÁø´Ù. ´Ù½Ã ¸¸µå´Â ¸ñÀûÀº ³ªÁß¿¡ È£½ºÆ®ÀÇ
//¼¼¼Ç¿¡ ÀÖ´Â Å°¸¦ ĸóÇؼ ¾ÏÈ£¸¦ Çص¶Çϰųª ÈÉģ۸¦
//»ç¿ëÇÏÁö ¸øÇϵµ·Ï Çϱâ À§ÇÔÀÌ´Ù. °ªÀÌ 0À̸é Å°´Â ´Ù
//½Ã ¸¸µé¾îÁöÁö ¾Ê´Â´Ù .±âº»°ªÀº 3600ÃÊÀÌ´Ù.
PermitRootLogin yes // root ·Î±×ÀÎ Çã¿ë¿©ºÎ¸¦ °áÁ¤ÇÏ´Â °ÍÀÌ´Ù. yes, no, wi
//thout-password¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. ÇöÀç yes´Â Á÷Á¢
//root·Î Á¢¼ÓÀÌ °¡´ÉÇÏ´Ù. ÀÌ°ÍÀ» Çã¿ëÇÏÁö ¾ÊÀ¸·Á¸é no
//³ª without-password·Î ¹Ù²Û´Ù.
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes // .rhosts ÆÄÀÏÀ» ¹«½ÃÇÒ °ÍÀ̳Ĵ ¼³Á¤ÀÌ´Ù. ±âº»°ªÀº
//.rhostsÆÄÀÏÀ» ¹«½ÃÇÑ´Ù.
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes // ·Î±×ÀÎÀ» Çã¿ëÇϱâ Àü¿¡ ÆÄÀϸðµå, »ç¿ëÀÚ È¨µð·ºÅ丮
//¼ÒÀ¯±Ç, ¿ø°Ý È£½ºÆ®ÀÇ ÆÄÀϵéÀ» SSHµ¥¸óÀÌ Ã¼Å©ÇÒ ¼ö
//ÀÖµµ·Ï ÇØÁÖ´Â ¼³Á¤ÀÌ´Ù.
X11Forwarding yes // ¿ø°Ý¿¡¼ X11 Æ÷¿öµùÀ» Çã¿ëÇÏ´Â °ÍÀÌ´Ù. ÀÌ ¿É¼ÇÀ»
//yes·Î ¼³Á¤Çϸé xhostº¸´Ù ¾ÈÀüÇÑ ¹æ¹ýÀ¸·Î ¿ø°Ý¿¡ ÀÖ´Â
//XÇÁ·Î±×·¥À» »ç¿ëÇÒ ¼ö ÀÖ´Ù.
X11DisplayOffset 10 // X11 Æ÷¿öµùµÉ ¶§ µð½ºÇ÷¹ÀÌ ¹øÈ£¸¦ ÁöÁ¤ÇØÁØ´Ù.
PrintMotd yes // SSH·Î±×Àνÿ¡ /etc/motdÆÄÀÏÀÇ ³»¿ëÀ» ÇÁ¸°Æ®µÇµµ·Ï
//¼³Á¤ÇÑ´Ù.
KeepAlive yes // Ŭ¶óÀ̾ðÆ®ÀÇ Á¢¼ÓÀÌ ²÷¾îÁ³´ÂÁö üũ¸¦ À§ÇØ ¼¹ö°¡
//ÀÏÁ¤½Ã°£ ¸Þ½ÃÁö¸¦ Àü´ÞÇÑ´Ù.
# Logging
SyslogFacility AUTHPRIV // syslog°ü·Ã facilityÄÚµåÀÌ´Ù.
LogLevel INFO // ·Î±×·¹º§À» ÁöÁ¤ÇÑ´Ù. ±âº»°ªÀº INFOÀ̸ç, ±× ¿ÜÀÇ °ª
//À¸·Î QUIET(±â·ÏÇÏÁö ¾ÊÀ½), FATAL(Ä¡¸íÀûÀÎ ¿À·ù),
//ERROR, VERBOSE, DEBUGS µîÀÌ ÀÖ´Ù.
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no // rhost°ü·Ã ÀÎÁõÇã°¡¿©ºÎ¸¦ ÁöÁ¤ÇÑ´Ù.
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no // rhost³ª /etc/hosts.equivÆÄÀÏÀÌ ÀÖÀ¸¸é ÀÌ°ÍÀ» »ç¿ëÇØ
//ÀÎÁõÀ» ÇÑ´Ù. ÀÌ°ÍÀº º¸¾È»ó ÁÁÁö ¾ÊÀº ¹æ¹ýÀ̹ǷΠ±âº»
//°ªÀº noÀÌ´Ù.
#
RSAAuthentication yes // RSAÀÎÁõÀ» »ç¿ëÇÑ´Ù.
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes // Æнº¿öµå ÀÎÁõÀ» Çã¿ëÇÑ´Ù. ÀÌ ¿É¼ÇÀº ÇÁ·ÎÅäÄÝ ¹öÀü 1
//°ú 2 ¸ðµÎ Àû¿ëµÈ´Ù.
PermitEmptyPasswords no // Æнº¿öµå ÀÎÁõÇÒ ¶§ ¼¹ö°¡ ºñ¾îÀÖ´Â Æнº¿öµå¸¦ ÀÎÁ¤
//ÇÏ´Â °ÍÀÌ´Ù. ±âº»°ªÀº noÀÌ´Ù.
# Comment to enable s/key passwords or PAM interactive authentication
# NB. Neither of these are compiled in by default. Please read the
# notes in the sshd(8) manpage before enabling this on a PAM system.
ChallengeResponseAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/libexec/openssh/sftp-server
// sftp´Â ÇÁ·ÎÅäÄÝ ¹öÀü 2¿¡¼ »ç¿ëµÇ´Â °ÍÀ¸·Î ssh¿Í °°ÀÌ ftpÀÇ º¸¾ÈÀ» °ÈÇϱâ À§ÇØ »ç¿ëµÇ
//´Â º¸¾È ftpÇÁ·Î±×·¥ÀÌ´Ù. sftp¼¹ö¸¦ »ç¿ëÇϱâ À§ÇÑ Ç׸ñÀÌ´Ù.
(2) Ŭ¶óÀ̾ðÆ® ¼³Á¤Çϱâ
1) ¼³¸í: Ŭ¶óÀ̾ðÆ®ÀÇ ÀüüÀ¯Àú ¼³Á¤ÆÄÀÏÀº /etc/ssh/ssh_config·Î ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. HostÁö½ÃÀÚ
¸¦ »ç¿ëÇÏ¿© Á¢¼ÓÇÒ ¼¹ö¸¶´Ù ´Ù¸¥ ¿É¼ÇÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. SSH¼¹ö¿¡ Á¢¼ÓÇϴµ¥ ÀÖ¾î¼
²À ÇÊ¿äÇÑ ¼³Á¤Àº ¾Æ´Ï´Ù.
2) ÁÖ¿äȯ°æ ¼³Á¤ÆÄÀÏ(ssh_config) ºÐ¼®
# $OpenBSD: ssh_config,v 1.9 2001/03/10 12:53:51 deraadt Exp $
# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.
# Configuration data is parsed as follows: // Ŭ¶óÀ̾ðÆ® ¼³Á¤ÆÄÀÏÀº 3°¡Áö ¹æ¹ýÀ¸·Î ¼³Á¤
# 1. command line options // command line options
# 2. user-specific file // À¯Àúº° ¼³Á¤ÆÄÀÏ ÁöÁ¤($HOME/.ssh/config)
# 3. system-wide file // ½Ã½ºÅÛ Àüü ¼³Á¤ ÆÄÀÏ(/etc/ssh/ssh_config)
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host * // ¸ðµç È£½ºÆ®¿¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù.
# ForwardAgent no // ÀÎÁõ¿¡ÀÌÀüÆ®ÀÇ ¿¬°áÀ» ¿ø°Ý È£½ºÆ®¿¡ Æ÷¿öµåÇÒ ¼ö ÀÖ´Ù.
# ForwardX11 no // X11 Ä¿³Ø¼ÇÀÌ ÀÚµ¿À¸·Î µÈ´Ù. ¸Å¹ø ¼¹ö¿¡ ¿¬°áÇÒ ¶§ command
//line¿¡¼ -X¿É¼Ç¾øÀÌ ±âº»ÀûÀ¸·Î XÆ÷¿öµù±â´ÉÀ» »ç¿ëÇÒ ¼ö
//ÀÖ´Ù.
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes // ÀÌ ºÎºÐÀÌ yes°¡ µÇ¾î ÀÖÀ¸¸é Á¢¼ÓÇÒ ¶§¸¶´Ù ¸®¸ðÆ® ¼
//¹öÀÇ IPÁÖ¼Ò¸¦ know_hostsÆÄÀÏ°ú ´ëÁ¶Çغ»´Ù. ÀÌ°ÍÀº
//DNS Spoofing¿¡ ÀÇÇØ È£½ºÆ®Å°ÀÇ º¯°æÀ» ¾Ë ¼ö ÀÖ´Ù.
# StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity // »ç¿ëÀÚÀÇ RSAÀÎÁõ identity¸¦ Àд´Ù. ±âº»ÀûÀ¸·Î »ç¿ë
//ÀÚÀÇ È¨µð·ºÅ丮¿¡ $HOME/.ssh/identity¿¡ ÀúÀåµÇ¾î ÀÖ
//´Ù.
# IdentityFile ~/.ssh/id_dsa // »ç¿ëÀÚÀÇ DSAÀÎÁõ identity¸¦ Àд´Ù. ±âº»ÀûÀ¸·Î »ç¿ë
//Ȩµð·ºÅ丮ÀÇ $HOME/.ssh/id_dsa¿¡ ÀÖ´Ù.
# IdentityFile ~/.ssh/id_rsa1
# IdentityFile ~/.ssh/id_rsa2
# Port 22
# Protocol 2,1
# Cipher blowfish // ÇÁ·ÎÅäÄÝ ¹öÀü1¿¡¼ ¼¼¼ÇÀ» ¾ÏÈ£ÈÇϱâ À§ÇÑ ¾ÏÈ£¾Ë°í¸®
//ÁòÀ» ÁöÁ¤ÇÑ´Ù. blowfish, 3des¸¦ ÁöÁ¤ÇÒ ¼ö ÀÖ´Ù.
# EscapeChar ~
Host *
ForwardX11 yes
Protocol 2,1
// ¸ðµç È£½ºÆ®¿¡ Á¢¼ÓÇÒ ¶§ ssh2¿Í ssh1À» »ç¿ëÇϸç X11 Æ÷¿öµùÀ» Çã°¡ÇÑ´Ù.
3) »ç¿ë¿¹
¤¡. Host *.mybestone.com
Protocol 1
=> mybestone.com ¼¹ö¿¡ Á¢¼ÓÇÒ ¶§´Â ssh1 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÑ´Ù.
¤¤. Host kldp.org
Protocol 2
Compression yes
CompressionLevel 9
=> kldp.org¿¡ Á¢¼ÓÇÒ ¶§´Â ssh2¿Í ¾ÐÃà ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
4. Ŭ¶óÀ̾ðÆ®¿¡¼ SSH »ç¿ëÇϱâ
(1) ¸®´ª½ºÅ¬¶óÀ̾ðÆ®¿¡¼ ¼¹ö·Î Á¢¼ÓÇϱâ
1) ¼³¸í: ¸®´ª½º¿¡¼ ¸®´ª½º·Î Á¢¼ÓÇÑ´Ù¸é º°µµÀÇ ¼³Á¤À̳ª ÇÁ·Î±×·¥ÀÇ ¼³Ä¡¾øÀÌ °¡´ÉÇÏ´Ù. ´ëºÎ
ºÐÀÇ ¹èÆ÷ÆÇÀº openssh°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. À©µµ¿ì¿¡¼ ¸®´ª½º¼¹ö·Î Á¢¼ÓÇÑ´Ù¸é sshŬ¶óÀÌ
¾ðÆ®¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù.
2) ¸®´ª½º Ŭ¶óÀ̾ðÆ®¿¡¼ ¸®´ª½º ¼¹ö·Î Á¢¼ÓÇϱâ
¤¡. Á¢¼ÓÇÏ´Â ¹æ¹ý:
a. ssh °èÁ¤¸í@µµ¸ÞÀθí
b. ssh -l °èÁ¤ µµ¸ÞÀθí
¤¤. »ç¿ë¿¹
a. ssh posein@mybestone.com
b. ssh -l posein mybestone.com
¤§. Á¢¼Ó
[posein@www posein]$ ssh posein@mybestone.com
The authenticity of host 'mybestone.com (203.247.40.252)' can't be established.
RSA key fingerprint is 89:41:93:58:5c:6d:bb:01:84:cb:3d:81:68:80:56:7b.
Are you sure you want to continue connecting (yes/no)? yes
=> óÀ½ ssh·Î ÇØ´ç ¼¹ö¿¡ Á¢¼ÓÇÏ¸é ³ªÅ¸³ª´Â ¸Þ½ÃÁö·Î Á¢¼ÓÇÒ ¼¹öÀÇ È£½ºÆ®Å°°¡
~/.ssh/known_hosts(ssh2ÀÎ °æ¿ì¿¡´Â known_hosts2)ÆÄÀÏ¿¡ ÀúÀåµÈ´Ù. yes·Î ´ë´äÇÑ´Ù.
Warning: Permanently added 'mybestone.com,203.247.40.252' (RSA) to the list of known
hosts.
posein@mybestone.com's password:
=> yes¶ó°í ´ë´äÇÏ¸é ¿ø·¡ ¼¹öÀÇ Æнº¿öµå¸¦ ¹°¾î¿À°í, Æнº¿öµå¸¦ ÀÔ·ÂÇϸé Åڳݰú µ¿ÀÏ
ÇÑ ÀÛ¾÷À» ÇÒ ¼ö ÀÖ´Ù.
(2) À©µµ¿ì¿¡¼ ¸®´ª½º ¼¹ö·Î Á¢¼ÓÇϱâ
=> À©µµ¿ì¿¡¼ ssh¸¦ »ç¿ëÇÏ·Á¸é sshŬ¶óÀ̾ðÆ® ÇÁ·Î±×·¥ÀÇ ¼³Ä¡°¡ ÇÊ¿äÇÏ´Ù. ´ëÇ¥ÀûÀÎ ÇÁ·Î±×
·¥À¸·Î SecureCRT°¡ ÀÖ´Ù. »ó¿ëÀ¸·Î ¼º´ÉÀÌ ¸Å¿ì ¿ì¼öÇÏ´Ù. °ü·Ã»çÀÌÆ®´Â http://www.vandyke.
comÀÌ´Ù.
5. Ŭ¶óÀ̾ðÆ®¿¡¼ SSH¼¹ö·Î Á¢¼ÓÇϱâ
(1) ¸®´ª½ºÅ¬¶óÀ̾ðÆ®¿¡¼ Á¢¼ÓÇϱâ
[posein@neuro posein]$ ssh posein@mybestone.com
The authenticity of host 'mybestone.com (203.247.40.252)' can't be established.
RSA key fingerprint is a8:69:69:83:67:8b:50:27:41:ad:b8:e9:0d:b2:a8:88.
Are you sure you want to continue connecting (yes/no)? yes // yes¶ó°í ÀÔ·Â
Warning: Permanently added 'mybestone.com,203.247.40.252' (RSA) to the list of .
posein@mybestone.com's password: // ÇØ´ç ¼¹öÀÇ Æнº¿öµå¸¦ ÀÔ·ÂÇÑ´Ù.
[posein@mybestone posein]$
=> Á¢¼ÓµÇ¾ú´Ù.
(2) À©µµ¿ìŬ¶óÀ̾ðÆ®¿¡¼ ¼¹ö¿¡ Á¢¼ÓÇϱâ
1) ¼³¸í: À©µµ¿ì¿¡¼´Â ssh¸¦ ÀÌ¿ëÇÏ·Á¸é º°µµÀÇ Àü¿ë ÇÁ·Î±×·¥ÀÌ ÇÊ¿äÇÏ´Ù. http://www.openssh.
org/windows.html¿¡ °¡¸é À©µµ¿ì¿ë Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥ÀÇ ¸ñ·ÏÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ±×·¯
³ª ÀÌ ÆäÀÌÁö¿¡ ÀÖ´Â ÇÁ·Î±×·¥µéÀº ´ëºÎºÐ ssh1¸¸ Áö¿øÇÑ´Ù. ¿©±â¼´Â »ó¿ëÇÁ·Î±×·¥ÀÎ
SecureCRT¶ó´Â ÇÁ·Î±×·¥À¸·Î Çغ»´Ù.
2) »ç¿ë¿¹
¤¡. SecureCRT¸¦ ¼±ÅÃÇÑ´Ù.
¤¤. 'Quick Connect'¾ÆÀÌÄÜÀ» ¼±ÅÃÇÑ´Ù.
¤§. 'Quick Connect'¸Þ´º¿¡¼
Protocol ssh1
Hostname Á¢¼ÓÇÏ°íÀÚÇÏ´Â_µµ¸ÞÀÎ
Port 22
Username »ç¿ëÀÚ
¸¦ ÀÔ·ÂÇÏ°í [connect]¸¦ ´©¸¥´Ù.
¤©. óÀ½ Á¢¼ÓÇϸé 'New Host Key'¶ó´Â âÀÌ ¶ß´Âµ¥ [Accept & Save]¸¦ Ŭ¸¯ÇÑ´Ù.
¤±. 'Enter Password'¶ó´Â âÀÌ ³ª¿À¸é »ç¿ëÀÚÆнº¿öµå¸¦ ÀÔ·ÂÇÏ°í [ok]¸¦ ´©¸¥´Ù.
6. ÀÎÁõÅ°¸¦ ÀÌ¿ëÇÏ¿© SSH¼¹ö·Î Á¢¼ÓÇϱâ
(1) °³¿ä: SSH¼¹ö·Î Á¢¼ÓÇÒ ¶§ ÀϹÝÀûÀ¸·Î´Â Æнº¿öµå¸¦ ÀÔ·ÂÇÏ¿© Á¢¼ÓÇÏÁö¸¸ ÀÎÁõÅ°¸¦ ÀÌ¿ëÇÏ¿©
Á¢¼ÓÇÒ ¼öµµ ÀÖ´Ù. ÀÌ ¹æ¹ýÀ» »ç¿ëÇÏ¸é ·Î±×ÀÎÇÒ ¶§¸¶´Ù ¾ÏÈ£¸¦ Á÷Á¢ ÀÔ·ÂÇÏÁö ¾Ê°í »ý¼º
µÈ ÀÎÁõÅ°·Î¸¸ ·Î±×ÀÎÇÒ ¼ö ÀÖ´Ù.
(2) »ç¿ë¿¹
1) ÀÎÁõÅ°¸¦ ¸¸µé±â: ssh-keygen¸í·ÉÀ» ÀÌ¿ëÇÑ´Ù.
[posein@www posein]$ ssh-keygen -t rsa // RSA ¾Ïȣȹæ¹ýÀ¸·Î ÀÎÁõÅ°¸¦ »ý¼ºÇÑ´Ù.
//Protocol 1 ¹öÀü¿ë rsa1¿Í Protocol 2 ¹öÀü¿ë
//rsa, dsa ¸¦ -t¿É¼ÇÀ» »ç¿ëÇÏ¿© ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/posein/.ssh/id_rsa):
=> Å°°¡ ÀúÀåµÉ °÷°ú ÆÄÀϸíÀ» ¹°¾îº¸´Âµ¥ µðÆúÆ®·Î ±×³É ¿£Å͸¦ ³Ñ¾î°¡µµ µÈ´Ù. ³Ñ¾î°¡¸é
´ÙÀ½°ú °°ÀÌ ÀÎÁõÅ° ¾ÏÈ£¸¦ ¹°¾î¿Â´Ù.
Created directory '/home/posein/.ssh'. // °ü·Ã µð·ºÅ丮¸¦ »ý¼ºÇÑ´Ù.
Enter passphrase (empty for no passphrase):
=> ¿øÇÏ´Â ¾ÏÈ£¸¦ µÎ¹ø ÀÔ·ÂÇÑ´Ù.
Your identification has been saved in /home/posein/.ssh/id_rsa.
Your public key has been saved in /home/posein/.ssh/id_rsa.pub.
The key fingerprint is:
7b:60:56:eb:82:d2:43:40:48:a6:d0:8e:f4:7a:8c:f1 posein@xxx.com
=> ~/.ssh µð·ºÅ丮¿¡ Å°°¡ »ý¼ºµÈ´Ù. Âü°í·Î ÀÎÁõÅ° »ý¼º½Ã ÀÎÁõÅ° ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾ÊÀ¸¸é
ssh Á¢¼Ó½Ã ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê¾Æµµ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª º¸¾È»ó À§ÇèÇϹǷΠÇÇÇϵµ·Ï
ÇÑ´Ù.
2) ÆÛºí¸¯ Å° »ç¿ëÇϱâ
¤¡. ¼³¸í: ÀÎÁõÅ°¸¦ »ý¼ºÇϸé ~/.ssh µð·ºÅ丮¾È¿¡ ÇѽÖÀÇ Å°(¿¹¸¦ µé¸é id_rsa id_rsa.pub)°¡
»ý¼ºµÇ¾î ÀÖ´Ù. ¿©±â¼ ÆÛºí¸¯Å°ÀÎ id_rsa.pubÀ» Á¢¼ÓÇÒ ¸®¸ðÆ® ¼¹ö¿¡ ~/.sshµð·ºÅä
¸®¿¡ authorized_keys¶ó´Â À̸§À¸·Î º¹»çÇÑ´Ù.
¤¤. »ç¿ë¿¹
[posein@neuro posein]$ scp ~/.ssh/id_rsa.pub posein@mybestone.com:.ssh/authorized_keys
posein@mybestone.com's password: // ÇØ´ç ¼¹öÀÇ Æнº¿öµå¸¦ ÀÔ·ÂÇÑ´Ù.
id_rsa.pub 100% |*************************************************| 235 00:00
3) Á¢¼ÓÇϱâ
[posein@neuro posein]$ ssh posein@mybestone.com
=> ¸¸¾à ÀÎÁõÅ°»ý¼º½Ã¿¡ Æнº¿öµå¸¦ ÀÔ·ÂÇÏÁö ¾ÊÀ¸¸é Æнº¿öµå¾øÀÌ Áï½Ã ·Î±×ÀεȴÙ.
7. SSH°ü·Ã À¯Æ¿¸®Æ¼
(1) scp(secure copy)
1) ¼³¸í: ¿ø°ÝÁöÀÇ ¼¹ö¿¡ ÀÖ´Â ÆÄÀÏÀ» sshÀÎÁõ°ú ¾ÏÈ£ÈµÈ ±â¹ýÀ» ÀÌ¿ëÇÏ¿© º¹»çÇϰųª º¹»çÇØ
¿Ã ¼ö ÀÖµµ·Ï ÇØÁØ´Ù. ÀüüÀûÀÎ »ç¿ë¹ýÀº º¹»ç¸í·ÉÀÎ cp¿Í À¯»çÇÏ´Ù.
2) »ç¿ë¹ý
scp [option] º¹»çÇÏ°íÀÚÇÏ´Â_ÆÄÀÏ¸í »ç¿ëÀÚ¾ÆÀ̵ð@¿ø°ÝÁöÁÖ¼Ò:ÆÄÀϸí
=> ¿ø°ÝÁöÁÖ¼ÒÀÇ ÆÄÀÏÀ» º¹»çÇÏ°íÀÚ ÇÒ¶§´Â ¹Ý´ë·Î ÁöÁ¤ÇÏ¸é µÈ´Ù.
3) option: ´ëüÀûÀ¸·Î cp¸í·ÉÀÇ ¿É¼Ç°ú À¯»çÇÏ´Ù.
-r : ƯÁ¤µð·ºÅ丮ÀÇ ÇÏÀ§µð·ºÅ丮±îÁö ¸ðµÎ º¹»çÇØÁØ´Ù.
4) »ç¿ë¿¹
¤¡. scp a.txt posein@mybestone.com:test
=> ·ÎÄÿ¡ ÀÖ´Â a.txt¸¦ ¿ø°ÝÁö¼¹ö¿¡ test¶ó´Â À̸§À¸·Î º¹»çÇÑ´Ù. ¸¸¾à test°¡ µð·ºÅ丮
À̸ç test¶ó´Â µð·ºÅ丮¾È¿¡ a.txt¶ó´Â À̸§À¸·Î º¹»çµÈ´Ù.
¤¤. scp posein@mybestone.com:pds/sample.c .
=> ¿ø°ÝÁö¼¹öÀÇ poseinÀ̶ó´Â »ç¿ëÀÚÀÇ È¨µð·ºÅ丮¿¡¼ ~/pds/sample.c¸¦ ÇöÀç µð·ºÅ丮¿¡
º¹»çÇÑ´Ù.
5) ÀÀ¿ë¿¹: °³ÀΠȨµð·ºÅ丮ÀÇ .ssh/config ÆÄÀÏ¿¡ Á¢¼ÓÇÏ°íÀÚÇÏ´Â SSH¼¹ö¿¡ °üÇÑ Á¤º¸¸¦ ÀÔ·Â
Çϸé /etc/hostsÆÄÀÏÀÇ ¿ªÇÒó·³ °£´ÜÈ÷ ÀԷ¸¸À¸·Îµµ Á¢¼ÓÀÌ °¡´ÉÇÏ´Ù.
[posein@neuro posein]$ cat ~/.ssh/config
Host *bestone // Á¢¼ÓÇÏ°íÀÚÇÏ´Â ¼¹öÀÇ °£´ÜÇÑ À̸§À» ÁöÁ¤ÇÑ´Ù.
HostName www.mybestone.com // ½ÇÁ¦ È£½ºÆ®³×ÀÓÀ» ±â·ÏÇÑ´Ù.
User posein // ¼¹ö °èÁ¤À» Àû´Â´Ù.
ForwardAgent yes // ÀÎÁõ´ë¸®ÀÎÀÌ Æ÷¿öµå°¡ µÇµµ·Ï ÁöÁ¤ÇÑ´Ù.
[posein@neuro posein]$ scp passwd.txt bestone:.
=> ÇöÀç µð·ºÅ丮ÀÇ passwd.txt¸¦ bestone(www.mybestone.comÀÇ poseinÀ̶ó´Â »ç¿ëÀÚÀÇ È¨µð·º
Å丮)ÀÇ ÁöÁ¤µÈ Àå¼Ò¿¡ º¹»çÇÑ´Ù.
(2) sftp
1) ¼³¸í: ¿ø°ÝÁö ¼¹ö¿¡ ÆÄÀÏÀ» Àü¼ÛÇÒ ¶§ ½Å·ÚÇÒ ¼ö ÀÖ´Â ¾ÏÈ£ÈµÈ ±â¹ýÀ» ÀÌ¿ëÇÏ¿© Àü¼ÛÇϰųª
Àü¼Û¹Þ´Â´Ù. ÀüüÀûÀÎ »ç¿ë¹ýÀº ftp¸í·É°ú À¯»çÇÏ´Ù.
2) »ç¿ë¹ý
sftp »ç¿ëÀÚ¾ÆÀ̵ð@¿ø°ÝÁöÁÖ¼Ò
3) »ç¿ë¿¹
sftp posein@mybestone.com
| |
|
|
|
|