KeyPair Management Guide(KR) - cloud-barista/cb-spider GitHub Wiki

KeyPair Management Guide

Language: English | ν•œκ΅­μ–΄

1. CB-Spider KeyPair κ°œμš”

  • μ‚¬μš©μžλŠ” KeyPairλ₯Ό μƒμ„±ν•˜μ—¬ VM에 μ•ˆμ „ν•˜κ²Œ 접속할 수 μžˆλ‹€.
  • KeyPairλŠ” κ³΅κ°œν‚€(Public Key)와 κ°œμΈν‚€(Private Key)둜 κ΅¬μ„±λ˜λ©°, VM 생성 μ‹œ μ§€μ •ν•˜μ—¬ SSH 접속에 μ‚¬μš©ν•œλ‹€.
  • CB-SpiderλŠ” KeyPair 생성 μ‹œ κ°œμΈν‚€(Private Key)λ₯Ό λ°˜ν™˜ν•˜λ©°, μ‚¬μš©μžλŠ” 이λ₯Ό μ•ˆμ „ν•˜κ²Œ 보관해야 ν•œλ‹€.
  • KeyPair와 VM κ°„μ˜ κ΄€κ³„λŠ” μ•„λž˜ κ·Έλ¦Όκ³Ό κ°™λ‹€.
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                   CB-Spider KeyPair                         β”‚
β”‚                                                             β”‚
β”‚  KeyPair-1                                                  β”‚
β”‚  β”œβ”€β”€ Public Key: (Stored in CSP)                            β”‚
β”‚  β”œβ”€β”€ Private Key: (User keeps)                              β”‚
β”‚  └── Used by: VM-1, VM-2, VM-3                              β”‚
β”‚                                                             β”‚
β”‚  KeyPair-2                                                  β”‚
β”‚  β”œβ”€β”€ Public Key: (Stored in CSP)                            β”‚
β”‚  β”œβ”€β”€ Private Key: (User keeps)                              β”‚
β”‚  └── Used by: VM-4, VM-5                                    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

2. CB-Spider KeyPair API 및 제곡 정보 규격

  • μ‚¬μš©μžλŠ” λ‹€μŒκ³Ό 같은 CB-Spider REST APIλ₯Ό μ΄μš©ν•˜μ—¬ KeyPair 정보λ₯Ό JSON 규격으둜 μ œκ³΅λ°›λŠ”λ‹€.

2.1 KeyPair 관리 API

# KeyPair 관리
POST   /spider/keypair                  - Create KeyPair
GET    /spider/keypair                  - List KeyPairs
GET    /spider/keypair/{Name}           - Get KeyPair
DELETE /spider/keypair/{Name}           - Delete KeyPair

# KeyPair 등둝/ν•΄μ œ (κΈ°μ‘΄ CSP KeyPair 연동)
POST   /spider/regkeypair               - Register KeyPair
DELETE /spider/regkeypair/{Name}        - Unregister KeyPair

# KeyPair λͺ©λ‘ 쑰회 (전체)
GET    /spider/allkeypair               - List All KeyPairs (CB-Spider + CSP)
GET    /spider/allkeypairinfo           - List All KeyPairs Info

# KeyPair 톡계
GET    /spider/countkeypair             - Count All KeyPairs
GET    /spider/countkeypair/{ConnectionName} - Count KeyPairs by Connection

# CSP KeyPair 직접 μ‚­μ œ
DELETE /spider/cspkeypair/{Id}          - Delete CSP KeyPair

2.2 제곡 정보 규격

KeyPair 정보 (KeyPairInfo)

ν•„λ“œ μ„€λͺ… μ˜ˆμ‹œ
IId KeyPair의 μ‹λ³„μž 정보 (NameId, SystemId) ● {Name: "keypair-01", SystemId: "key-1234abcd"}
Fingerprint KeyPair의 μ§€λ¬Έ 정보 (CSPμ—μ„œ 제곡) ● "SHA256:abc123..."
PublicKey κ³΅κ°œν‚€ 정보 (PEM ν˜•μ‹) ● "ssh-rsa AAAAB3NzaC1..."
PrivateKey κ°œμΈν‚€ 정보 (PEM ν˜•μ‹, 생성 μ‹œμ—λ§Œ λ°˜ν™˜) ● "-----BEGIN RSA PRIVATE KEY-----\n..."
VMUserID VM 접속 μ‹œ μ‚¬μš©ν•  μ‚¬μš©μž ID ● "cb-user" (CB-Spider μΆ”μƒν™”λœ μ‚¬μš©μž)
TagList KeyPair에 ν• λ‹Ήλœ νƒœκ·Έ 리슀트 ● [{Key: "Environment", Value: "Production"}]
KeyValueList CSPκ°€ μ œκ³΅ν•˜λŠ” μΆ”κ°€ 정보λ₯Ό Key/Value List ν˜•νƒœλ‘œ 제곡 ● [{Key: "KeyPairId", Value: "key-1234"}]

μ£Όμš” ν•„λ“œ μ„€λͺ…:

  • PrivateKey: KeyPair 생성 μ‹œμ—λ§Œ λ°˜ν™˜λ˜λ©°, 재쑰회 μ‹œμ—λŠ” ν¬ν•¨λ˜μ§€ μ•ŠμŒ
  • PublicKey: CSP에 따라 μ œκ³΅λ˜μ§€ μ•Šμ„ 수 있음
  • VMUserID: CB-Spiderμ—μ„œλŠ” 항상 "cb-user" μΆ”μƒν™”λœ μ‚¬μš©μž μ‚¬μš©
  • Fingerprint: KeyPair의 고유 μ§€λ¬ΈμœΌλ‘œ 검증에 μ‚¬μš©

3. CB-Spider KeyPair API 및 제곡 정보 μ˜ˆμ‹œ

3.1 KeyPair 생성 μ˜ˆμ‹œ

  • AWSμ—μ„œ keypair-web KeyPairλ₯Ό μƒμ„±ν•˜λŠ” API 호좜 및 κ²°κ³Ό μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'POST' 'http://localhost:1024/spider/keypair' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01",
    "ReqInfo": {
      "Name": "keypair-web"
    }
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "keypair-web",
    "SystemId": "keypair-web"
  },
  "Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
  "PublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
  "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAr3SDz29ld...\n-----END RSA PRIVATE KEY-----\n",
  "VMUserID": "cb-user",
  "KeyValueList": [
    {
      "Key": "KeyPairId",
      "Value": "key-0a1b2c3d4e5f67890"
    },
    {
      "Key": "KeyName",
      "Value": "keypair-web"
    }
  ]
}

μ€‘μš”: λ°˜ν™˜λœ PrivateKeyλŠ” λ°˜λ“œμ‹œ μ•ˆμ „ν•œ μœ„μΉ˜μ— μ €μž₯ν•΄μ•Ό ν•˜λ©°, μž¬μ‘°νšŒκ°€ λΆˆκ°€λŠ₯ν•©λ‹ˆλ‹€!

3.2 KeyPair 쑰회 μ˜ˆμ‹œ

  • AWS keypair-web KeyPair 정보 호좜 API 및 제곡 정보 μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'GET' 'http://localhost:1024/spider/keypair/keypair-web?ConnectionName=aws-config01' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "keypair-web",
    "SystemId": "keypair-web"
  },
  "Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
  "PublicKey": "Hidden for security.",
  "PrivateKey": "Hidden for security.",
  "VMUserID": "cb-user",
  "KeyValueList": [
    {
      "Key": "KeyPairId",
      "Value": "key-0a1b2c3d4e5f67890"
    }
  ]
}

μ°Έκ³ : 쑰회 μ‹œμ—λŠ” PrivateKey와 PublicKeyκ°€ λ³΄μ•ˆμ„ μœ„ν•΄ 숨겨져 λ°˜ν™˜λ©λ‹ˆλ‹€.

3.3 KeyPair λͺ©λ‘ 쑰회 μ˜ˆμ‹œ

curl -sX 'GET' 'http://localhost:1024/spider/keypair?ConnectionName=aws-config01' | jq

응닡 μ˜ˆμ‹œ:

{
  "keypair": [
    {
      "IId": {
        "NameId": "keypair-web",
        "SystemId": "keypair-web-d60mdhu1pc4mliscb9og"
      },
      "Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
      "PublicKey": "Hidden for security.",
      "PrivateKey": "Hidden for security.",
      "VMUserID": "cb-user",
      "TagList": [
        {
          "Key": "Name",
          "Value": "keypair-web-d60mdhu1pc4mliscb9og"
        }
      ],
      "KeyValueList": [
        {
          "Key": "KeyFingerprint",
          "Value": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f"
        },
        {
          "Key": "KeyName",
          "Value": "keypair-web-d60mdhu1pc4mliscb9og"
        },
        {
          "Key": "KeyPairId",
          "Value": "key-0a1b2c3d4e5f67890"
        }
      ]
    },
    {
      "IId": {
        "NameId": "keypair-admin",
        "SystemId": "keypair-admin-e71nehv2qd5nmbjtc0ap"
      },
      "Fingerprint": "2a:62:bf:39:ca:9a:fa:e9:2a:36:6e:48:3e:8e:c9:db:0a:a6:a2:7a",
      "PublicKey": "Hidden for security.",
      "PrivateKey": "Hidden for security.",
      "VMUserID": "cb-user",
      "TagList": [
        {
          "Key": "Name",
          "Value": "keypair-admin-e71nehv2qd5nmbjtc0ap"
        }
      ],
      "KeyValueList": [
        {
          "Key": "KeyFingerprint",
          "Value": "2a:62:bf:39:ca:9a:fa:e9:2a:36:6e:48:3e:8e:c9:db:0a:a6:a2:7a"
        },
        {
          "Key": "KeyName",
          "Value": "keypair-admin-e71nehv2qd5nmbjtc0ap"
        },
        {
          "Key": "KeyPairId",
          "Value": "key-1b2c3d4e5f6789012"
        }
      ]
    }
  ]
}

μ°Έκ³ : λͺ©λ‘ 쑰회 μ‹œμ—λ„ λ³΄μ•ˆμ„ μœ„ν•΄ PrivateKey와 PublicKeyλŠ” 숨겨져 λ°˜ν™˜λ©λ‹ˆλ‹€.

3.4 KeyPair μ‚­μ œ μ˜ˆμ‹œ

curl -sX 'DELETE' 'http://localhost:1024/spider/keypair/keypair-web' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01"
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "Result": "true"
}

3.5 κ°•μ œ μ‚­μ œ (force) μ˜ˆμ‹œ

  • VM 등이 μ—°κ²°λœ KeyPairλ₯Ό κ°•μ œ μ‚­μ œν•  경우 force=true μ˜΅μ…˜μ„ μ‚¬μš©ν•œλ‹€.
curl -sX 'DELETE' 'http://localhost:1024/spider/keypair/keypair-web?force=true' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01"
  }' | jq

3.6 κΈ°μ‘΄ CSP KeyPair 등둝 μ˜ˆμ‹œ

  • CSP에 이미 μ‘΄μž¬ν•˜λŠ” KeyPairλ₯Ό CB-Spider에 λ“±λ‘ν•˜λŠ” μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'POST' 'http://localhost:1024/spider/regkeypair' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01",
    "ReqInfo": {
      "Name": "existing-keypair",
      "CSPId": "keypair-existing-csp-id"
    }
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "existing-keypair",
    "SystemId": "keypair-existing-csp-id"
  },
  "Fingerprint": "3b:73:ca:4a:db:ab:ab:fa:3b:47:7f:59:4f:9f:da:ec:1b:b7:b3:8b",
  "VMUserID": "cb-user"
}

5. μ£Όμ˜μ‚¬ν•­ 및 μ œμ•½μ‚¬ν•­

5.1 Private Key 관리

  • 생성 μ‹œμ—λ§Œ 제곡: Private KeyλŠ” KeyPair 생성 μ‹œ 단 ν•œ 번만 λ°˜ν™˜λ¨
  • μž¬λ°œκΈ‰ λΆˆκ°€: Private Key λΆ„μ‹€ μ‹œ μž¬μ‘°νšŒλ‚˜ μž¬λ°œκΈ‰ λΆˆκ°€λŠ₯
  • μ•ˆμ „ν•œ 보관 ν•„μˆ˜:
    • 파일 κΆŒν•œ: chmod 600 keypair.pem
    • μ•ˆμ „ν•œ μ €μž₯μ†Œ μ‚¬μš© (μ•”ν˜Έν™”λœ λ³Όλ₯¨, λΉ„λ°€λ²ˆν˜Έ κ΄€λ¦¬μž λ“±)
    • 버전 관리 μ‹œμŠ€ν…œ(Git λ“±)에 μ ˆλŒ€ 포함 κΈˆμ§€
  • λΆ„μ‹€ μ‹œ λŒ€μ‘: μƒˆλ‘œμš΄ KeyPair 생성 ν›„ VM에 μž¬λ“±λ‘ ν•„μš”

5.2 KeyPair μ‚­μ œ

  • VM이 μ‚¬μš© 쀑인 KeyPairλŠ” μ‚­μ œ λΆˆκ°€ (일뢀 CSP)
  • κ°•μ œ μ‚­μ œ(force=true) μ‹œ μ—°κ²°λœ VM의 SSH 접속이 λΆˆκ°€λŠ₯ν•΄μ§ˆ 수 있음 (주의!)
  • μ‚­μ œ μ „ ν•΄λ‹Ή KeyPairλ₯Ό μ‚¬μš©ν•˜λŠ” VM λͺ©λ‘ 확인 ꢌμž₯

6. SSH 접속 κ°€μ΄λ“œ

6.1 Linux/Macμ—μ„œ SSH 접속

# Private Key κΆŒν•œ μ„€μ • (졜초 1회)
chmod 600 ~/.ssh/keypair-web.pem

# SSH 접속
ssh -i ~/.ssh/keypair-web.pem cb-user@<VM-Public-IP>

# SSH Config 파일 μ„€μ • (선택사항)
cat >> ~/.ssh/config << EOF
Host my-vm
    HostName <VM-Public-IP>
    User cb-user
    IdentityFile ~/.ssh/keypair-web.pem
EOF

# κ°„νŽΈ 접속
ssh my-vm

6.2 Windowsμ—μ„œ SSH 접속

PowerShell/CMD μ‚¬μš©:

# SSH 접속
ssh -i C:\Users\YourName\.ssh\keypair-web.pem cb-user@<VM-Public-IP>

6.3 SSH 접속 문제 ν•΄κ²°

Permission Denied 였λ₯˜:

# Private Key κΆŒν•œ 확인
ls -la ~/.ssh/keypair-web.pem
# κΆŒν•œμ΄ λ„ˆλ¬΄ κ°œλ°©λ˜μ–΄ 있으면
chmod 600 ~/.ssh/keypair-web.pem

Host Key Verification Failed:

# known_hosts νŒŒμΌμ—μ„œ ν•΄λ‹Ή 호슀트 제거
ssh-keygen -R <VM-Public-IP>

Connection Timeout:

  • Security Group의 Inbound Rules에 SSH(22) ν¬νŠΈκ°€ ν—ˆμš©λ˜μ–΄ μžˆλŠ”μ§€ 확인
  • VM의 Public IPκ°€ μ˜¬λ°”λ₯Έμ§€ 확인

7. 참고 자료