IT/Infra. & Arch. & Cloud

VM์˜ ๋กœ๊ทธ์ธ ์…ธ์ด `nologin`์ธ ๊ณ„์ •์— ๋‚ด public key๋ฅผ ์‹ฌ๊ธฐ

Unused 2024. 8. 12. 13:41

์ด ์ž‘์—…์€ ๊ธฐ๋ณธ์ ์œผ๋กœ ssh-copy-id์™€ ์œ ์‚ฌํ•œ ์—ญํ• ์„ ํ•˜๋‚˜, ๋Œ€์ƒ VM์˜ ๊ณ„์ •์˜ ๋กœ๊ทธ์ธ ์…ธ์ด nologin์ด๋ผ์„œ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์—†์„ ๋•Œ ์‹œ๋„ํ•ด๋ณผ ์ˆ˜ ์žˆ๋‹ค.

Public key๋ฅผ ์‹ฌ์„ ๋Œ€์ƒ์ด `zabbix@10.123.0.8`๋ผ ์น˜๊ณ , ํ•ด๋‹น ๊ณ„์ •์˜ ํ™ˆ ๊ฒฝ๋กœ๊ฐ€ ์ƒ์„ฑ๋˜์–ด์žˆ์ง€ ์•Š์„ ๊ฒฝ์šฐ, ์•„๋ž˜์™€ ๊ฐ™์ด ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๋‹ค.

๋‹ค๋งŒ ์ด ์ž‘์—…์„ ์œ„ํ•ด ๋Œ€์ƒ VM์˜ root ๊ถŒํ•œ์ด ํ•„์š”ํ•˜๋‹ค.

ssh root@10.123.0.8 \
  "mkdir -p /var/lib/zabbix;chown zabbix:zabbix /var/lib/zabbix; sudo -u zabbix mkdir -p /var/lib/zabbix/.ssh"

cat ~/.ssh/id_rsa.pub | \
  ssh root@10.123.0.8 \
  "sudo -u zabbix tee -a /var/lib/zabbix/.ssh/authorized_keys"

ssh root@10.123.0.8 \
  "chmod 700 /var/lib/zabbix/.ssh/authorized_keys"

๋˜ํ•œ ์ด๋ ‡๊ฒŒ public key๋ฅผ ์‹ฌ๋”๋ผ๋„, ssh ๋ช…๋ น์–ด ์‚ฌ์šฉ ์‹œ ์–ด์ฐจํ”ผ ์•„๋ž˜์™€ ๊ฐ™์ด nologin ์…ธ์— ์˜ํ•˜์—ฌ ๋ง‰ํžŒ๋‹ค.