ssh 로 접속을 했더니 Warning 메세지가 나온다면 ?

Linux/기타
ssh 로 접속을 했더니 Warning 메세지가 나온다면 ?

HoyoungEE 2015. 6. 16. 13:39
######################
## openssh 명령어들 ##
######################

# ls /usr/local/openssh/bin
scp  sftp  slogin  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan

# ls /usr/local/openssh/sbin
sshd
# ls /usr/local/openssh/libexec/
sftp-server  ssh-keysign  ssh-pkcs11-helper

==============================================================
OPENSSH-LAB> ssh 로 접속을 했더니 Warning 메세지가 나온다면 ?

!!! 작업은 클라이언트에서 한다 !!!

공개키가 저장되는 파일 : $HOME/.ssh/known_hosts

- 원인 -
1. 서버의 공개키가 변경이된 것이다.
2. 공격(man-in-the-middle attack)일 가능성이 있다.

- 해결방안 -
1. $HOME/.ssh/known_hosts 파일에 해당 호스트에 대한 키를 삭제한다.
2. $HOME/.ssh/known_hosts 파일을 삭제한다.

# ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:f3:19:ee:36:f3:1f:fe:5c:ec:23:e0:c3:ba:3f:26.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.

# cd .ssh
# rm -f known_hosts  <-- 공개키가 담겨있는 파일을 삭제하고 접속한다.
# ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is e9:1f:5f:30:15:6d:e4:b0:1e:32:4d:ec:7c:79:ce:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.


ex2)
- 서버의 공개키가 클라이언트의 저장된 공개키가 동일하므로 
  로그인이 나온다.
# ssh localhost
root@localhost's password:   ^C 취소

- 서버에서 키를 모두 삭제
# rm -f /etc/ssh/ssh_host_*
- sshd 서버를 재시작하면 키를 모두 생성한다. (이전키와 달라진다.)
# /etc/init.d/sshd restart

- 클라이언에서 서버로 접속
- 서버의 공개키가 클라이언트의 저장된 공개키와 다르므로 
  워닝창이 나오는 것이다.
# ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
52:fe:d6:4b:af:46:e4:0f:f2:60:c5:ec:1b:42:5a:b9.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
ECDSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.

- 서버/클라이언트의 공개키가  서로 다르다는 것을 알 수 있다.

- 클라이어트에 저장된 공개키
# cat ~/.ssh/known_hosts 
localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPk2rT0ocZ3clAnhUmfY0FU6/Fa+llyd0s5Lx+ZCRgJ6uNULkd5ng54EodlIeIaiNGlvmDCk3YEqkZaS+0R+7m4=

- 서버에 저장된 공개키
# cat /etc/ssh/ssh_host_ed25519_key.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLfmd7F5zIbe76h16F3DsoyAE9VyX9i9BrVKXTxnZrd root@localhost.localdomain
==============================================================
저작자표시 비영리 변경금지 (새창열림)