µÎ NAS °£¿¡ ½ºÄÉÁì·¯ ½ºÅ©¸³Æ®·Î Ÿ°Ù NASÀÇ ÀÚµ¿Àü¿øÁ¾·á¸¦ ½Ãų ¸ñÀûÀ¸·Î ½ÃÀÛÇߴµ¥
¾ÏÈ£¾øÀÌ Á¦¾î°¡ µÇ¾î¾ßÇÒ Çʿ伺ÀÌ ÀÖ¾î¼ ÀÎÅͳݿ¡¼ ÇÏ·ç °øºÎÇÏ°í ¾Ë°ÔµÈ ³»¿ëÀ» ¿ä¾àÁ¤¸®ÇÑ °ÍÀÔ´Ï´Ù.
Á¦°¡ »ç¿ëÇÏ°í ÀÖ´Â ¸ÅŲÅä½Ã¿¡´Â Å͹̳ξÛÀÌ ±âº» ¼³Ä¡µÇ¾î ÀÖ¾î¼
¸Æ±âÁØÀ¸·Î ¼³¸íµÇ¾î ÀÖÁö¸¸, À©µµ¿ì¿¡¼´Â ¾Æ·¡°¡À̵å´ë·Î PuttyGenµîÀ¸·Î ÀÀ¿ëÇϼŵµ ¹«¹æÇÕ´Ï´Ù.
https://dreamholic.tistory.com/111?category=790008
SSH Pub Key¸¦ »ý¼ºÇؼ ¾ÏÈ£¾øÀÌ Á¢¼ÓÇÏ´Â ¾Æ·¡ 3°¡Áö ¹æ¹ýÀ» Â÷·Ê·Î ¼³¸íµå¸®°Ú½À´Ï´Ù.
Á¦ ¸ÞÀ㪽º NAS4, µÎ¹ø° ¹é¾÷³ª½ºÀÎ NAS5 ¸¦ ±âÁØÀ¸·Î ¼³¸íµå¸³´Ï´Ù.
1. MAC PC -> ½Ã³î·ÎÁö NAS4 Passwordless login
2.½Ã³î·ÎÁö NAS4 -> ½Ã³î·ÎÁö NAS5 Passwordless login
3.SUDO Passwordless login
1. [MAC yousuk-> NAS4 ¼³Á¤ ]
ssh-keygen
( ¾ÏÈ£¸¦ ÀÔ·ÂÇ϶ó°í ÇÏ¸é ºó »óÅ·ΠµÎ°í °è¼Ó ¿£Å͸¦ ÀÔ·ÂÇÕ´Ï´Ù. ¾Æ·¡ ¸í·É¾î·Î Mac ·ÎÄðèÁ¤ .sshÆú´õÀÇ ±ÇÇÑ ¼³Á¤À» ÇÕ´Ï´Ù.)
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
( ¸Æ ·ÎÄà ~/.ssh Æú´õ¿¡´Â ¿¡´Â ¾Æ·¡Ã³·³ Key ÆÄÀÏÀÌ Á¸ÀçÇÕ´Ï´Ù. )
( ¸Æ ·ÎÄÿ¡ »ý¼ºµÈ PUB KEY ÆÄÀÏÀÎ .ssh/id_rsa.pub ¸¦ NAS 1ÀÇ admin °èÁ¤ÀÇ .ssh/authorized_keys ÆÄÀÏ·Î ssh-copy-id Ä¿¸Çµå¸¦ »ç¿ëÇؼ º¹»çÇÕ´Ï´Ù. )
( À̸§¸¸ ´Ù¸¦»Ó µÎ ÆÄÀÏÀÇ ³»¿ëÀº °°½À´Ï´Ù.)
( [Sousce id_rsa.pub file] -> [Target authorized_keys file] copy )
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 32022 admin@192.168.35.9
( Key ÆÄÀÏ º¹»çÈÄ admin Æú´õ¿Í .ssh Æú´õ ¹× ³»¿ëÀÇ ±ÇÇÑ Á¶Á¤À» ÇÕ´Ï´Ù.)
chmod 755 /var/services/homes/admin
chmod 700 /var/services/homes/admin/.ssh
chmod 600 /var/services/homes/admin/.ssh/authorized_keys
(Á¢¼Ó½ÃÇèÀ» ÇÕ´Ï´Ù. óÀ½¿¡ Çѹø¸¸ ¾ÏÈ£¸¦ ¹¯½À´Ï´Ù. ±×µÚ¿£ ÀԷ¾øÀÌ ³Ñ¾î°¡¾ß ÇÕ´Ï´Ù.)
ssh -p 32022 admin@192.168.35.9
2.[NAS4 admin -> NAS5 admin ¼³Á¤]
( ¸Æ¿¡¼¿Í ¸¶Âù°¡Áö·Î ½Ã³î·ÎÁö NAS 1 ¿¡¼µµ KeyÆÄÀÏÀ» »ý¼ºÇÕ´Ï´Ù. °úÁ¤Àº °°½À´Ï´Ù. sshÆú´õÀÇ ±ÇÇÑ ¼³Á¤Àº ÀÌ¹Ì À§¿¡¼ Á¶Á¤Ç߱⿡ µû·Î ÇÊ¿ä¾ø½À´Ï´Ù.)
ssh-keygen
(½Ã³î·ÎÁö¿¡´Â SSH-COPY-ID À¯Æ¿ÀÌ ³»ÀåµÇ¾î ÀÖÁö ¾Ê¾Æ¼ µû·Î vi ¿¡µðÅÍ·Î ³»¿ëÀ» º¹»çÇؼ ¸¸µé¾ú½À´Ï´Ù.)
(SSH-COPY-ID ¸¦ µû·Î ¼³Ä¡ÇÏ´Â ¹æ¹ýÀº ¾Æ·¡ ´ñ±Û·Î ³²°å½À´Ï´Ù..)
[Sousce id_rsa.pub file] -> [Target authorized_keys file] copy
cat .ssh/id_rsa.pub
(Äֿܼ¡ »Ñ·ÁÁø °ªÀ» ¸¶¿ì½º µå·¡±× ÇÏ°í Ŭ¸³º¸µå COPY ÇصӴϴÙ.)
(NAS5 ·Î Á¢¼ÓÇÕ´Ï´Ù)
ssh -p 32022 admin@192.168.35.11
(.ssh µð·ºÅ丮¸¦ »ý¼ºÇÏ°í authorized_keys ÆÄÀÏÀ» »ý¼ºÇÕ´Ï´Ù.)
mkdir .ssh
cd .ssh
vi authorized_keys
i
(paste clipboard key value)
(press esc key and file save)
:wq!
(¸¶Âù°¡Áö·Î NAS 2¿¡ »ý¼ºµÈ µð·ºÅ丮¿Í ÆÄÀϵéÀÇ ±ÇÇÑÀ» Á¶Á¤ÇÕ´Ï´Ù.
chmod 755 /var/services/homes/admin
chmod 700 /var/services/homes/admin/.ssh
chmod 600 /var/services/homes/admin/.ssh/authorized_keys
(NAS4ÀÇ .ssh ¿¡´Â PC->NAS4 ·Î Á¢¼ÓÀ» À§ÇÑ KEY ÆÄÀÏ authorized_keys ¿Í NAS4->NAS5·Î Á¢¼ÓÀ» À§ÇÑ id_rsa.pub ÆÄÀÏÀÌ µÑ´Ù Á¸ÀçÇÏ°Ô µË´Ï´Ù.)
(Á¢¼Ó½ÃÇèÀ» ÇÕ´Ï´Ù. óÀ½¿¡ Çѹø¸¸ ¾ÏÈ£¸¦ ¹¯½À´Ï´Ù. ±×µÚ¿£ ÀԷ¾øÀÌ ³Ñ¾î°¡¾ß ÇÕ´Ï´Ù.)
ssh -p 32022 admin@192.168.35.11
3. [NAS5 root sudo ¼³Á¤]
(¾Æ·¡ Ä¿¸Çµå¸¦ µû·Î º¯°æÇÒ°Í ¾øÀÌ admin °èÁ¤¿¡¼ ±×´ë·Î ÀÔ·ÂÇÕ´Ï´Ù. rootÀÇ /etc/sudoers ÆÄÀÏ¿¡ ¾ÏÈ£ÀԷ¾øÀÌ ·Î±×ÀÎÀÌ µÇµµ·Ï 1ÁÙ Ãß°¡µË´Ï´Ù.)
echo -e "\n$USER ALL=(ALL) NOPASSWD: ALL\n" | sudo tee -a /etc/sudoers
(¼³Á¤ÀÌ Àß Àû¿ëµÇ¾ú´ÂÁö È®ÀÎÇÕ´Ï´Ù)
sudo -l
— °á°ú·Î ¾Æ·¡ ¶óÀÎÀÌ ´õ Ãß°¡µÇ¾î º¸¿©¾ß ÇÕ´Ï´Ù.
(ALL) NOPASSWD: ALL
(sudo Á¢¼Ó ½ÃÇèÀ» ÇÕ´Ï´Ù.)
sudo -i
--------------------------------------------------
(NAS4 ¿¡¼ NAS5¸¦ Á¾·á½ÃÅ°´Âµ¥, NAS5 ÀÇ admin ¾ÏÈ£ÀԷ°úÁ¤ SUDO ¾ÏÈ£ÀԷ°úÁ¤ 2°¡Áö°¡ ¸ðµÎ »ý·«µÇ¸é¼ poweroff ¸í·ÉÀÌ Àü´ÞµË´Ï´Ù.)
admin@NAS4:~$ ssh -p 32022 admin@192.168.35.11 sudo "poweroff"
poweroff ¸»°íµµ ´Ù¾çÇ× ÀÀ¿ëÀÌ °¡´ÉÇÒ °Í °°½À´Ï´Ù.
°¨»çÇÕ´Ï´Ù.^^ |
³ª½º ÆÄ¿ö¿ÀÇÁ ½ºÄÉÁÙ »ç¿ëÇÒ²¨¶ó¸é crontab ¾Ë¾Æº¸¼Å¿ä.
ÀÚü·Î ½ºÄÉÁÙ°É¾î ¿ÀÇÁÇÒ¼ö ÀÖ¾î¿ä.
±»ÀÌ ssh·Î Á¢¼ÓÇÒ ÇÊ¿ä¾øÁÒ
½º½º·Î Á¾·áÇÏ·Á¸é CRONTAB ¼³Ä¡ÇҰ͵µ ¾øÀÌ ½Ã³î·ÎÁö ³»ÀåµÈ ÀÛ¾÷½ºÄÉÁì·¯¿¡ POWEROFF ¸í·É¸¸ Á־ ÃæºÐÇÏ´Ù´Â°Ç ¾Ë°í ÀÖ½À´Ï´Ù.