AWS EC2에서 지원하는 SSH 키페어는 RSA 또는 ED25519 알고리즘. (DSA 는 지원하지 않음)
1024,2048,4096을 모두 지원하지만, EC2 Instance Connect API용으로는 2048/4096 만 지원함
AWS에서 만드는것이 아닌 외부 도구(openssh, openssl 등) 를 이용해서 생성해도 사용할 수 있음.
AWS EC2 Private Key는 PEM 또는 PPK 형식 이어야함.
예시) ssh-keygen을 활용하여 EC2에 추가 키 삽입
*Local PC에서 만드는 경우
#[1] ssh-keygen 사용시
% ssh-keygen -t rsa -b 2048 -f keyname
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in keyname
Your public key has been saved in keyname.pub
The key fingerprint is:
SHA256:abcdefghijklmnop7/JQbHcD3kkNzcaWKyABCDEFGHIJKLMN gsyoungjae@GSYoungjae-MacBookPro.local
The key's randomart image is:
+---[RSA 2048]----+
| oO=oOB.o |
| .o.*==+=.. |
|. o.= +oo . |
| o * .+ . |
| . +. S. |
| o +o .E |
| = o. |
| . .=.. |
| ..... *o |
+----[SHA256]-----+
# 개인키 keyname, 공개키 keyname.pub 으로 저장
#[2] openssl 사용시
# RSA 또는 ED25519 알고리즘을 선택하여 키 생성
openssl genpkey -algorithm rsa -out keynamessl.pem
#생성된 개인키에서 공개키 추출
openssl pkey -in keynamessl.pem -pubout -out keynamesslpublic.pem
#추출된 OpenSSL 공개키를 OpenSSH 와 함께 사용 가능하도록 변환 (rsa만 변환가능, ed25519는 지원불가)
ssh-keygen -i -m PKCS8 -f ./keynamesslpublic.pem > keynamessh.pub
생성된 공개키([1] 또는 [2] 과정 완료 후) 를 EC2 /home/ubuntu/.ssh/authorized_key 하단에 추가
예시)
ubuntu@ip-10-0-0-196:~/.ssh$ pwd
/home/ubuntu/.ssh
ubuntu@ip-10-0-0-196:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC07ObEv/gOa1TPvPEYH/BzGvtQAGFEDBDF50Ys34XwKCn2h/0zDtkiTx32mKmkvxK3vSMXjlOvvrtJgd9+YKxCJBmhl3HoBrMqQH1ANCDEFGHjmlHs2Bzys4AAp1kxHDIqySumyjy/ABsVF/8ZC6YoeWj4STfFDiSA11hvodU7tLrABCDEFGPgRXFYHf5ofWcMhe0whg5S9OtXNcQWio4tFBKhbeXauFD+Y+JOlVq6x3E87WN3FuA7+3ys+OG4wkBv5wFgNh7qMtquQvltGvPmpSwjK8M+HLQvBThkcbSOYMXb
ubuntu@ip-10-0-0-196:~/.ssh$
EC2 서버에 등록된 공개키와 일치하는 개인키를 이용하여 서버 접속.
14:20:07: gsyoungjae@~% ssh -i "keyname" ubuntu@54.*.*.*
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1012-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Fri Oct 27 05:19:30 UTC 2023
System load: 0.0 Processes: 102
Usage of /: 28.6% of 7.57GB Users logged in: 1
Memory usage: 29% IPv4 address for eth0: 10.0.0.196
Swap usage: 0%
* Ubuntu Pro delivers the most comprehensive open source security and
compliance features.
https://ubuntu.com/aws/pro
Expanded Security Maintenance for Applications is not enabled.
11 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
*** System restart required ***
Last login: Fri Oct 27 05:19:38 2023 from *.*.*.*
ubuntu@ip-10-0-0-196:~$