KeyPair Management Guide(KR) - cloud-barista/cb-spider GitHub Wiki
KeyPair Management Guide
1. CB-Spider KeyPair κ°μ
- μ¬μ©μλ KeyPairλ₯Ό μμ±νμ¬ VMμ μμ νκ² μ μν μ μλ€.
- KeyPairλ 곡κ°ν€(Public Key)μ κ°μΈν€(Private Key)λ‘ κ΅¬μ±λλ©°, VM μμ± μ μ§μ νμ¬ SSH μ μμ μ¬μ©νλ€.
- CB-Spiderλ KeyPair μμ± μ κ°μΈν€(Private Key)λ₯Ό λ°ννλ©°, μ¬μ©μλ μ΄λ₯Ό μμ νκ² λ³΄κ΄ν΄μΌ νλ€.
- KeyPairμ VM κ°μ κ΄κ³λ μλ κ·Έλ¦Όκ³Ό κ°λ€.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CB-Spider KeyPair β
β β
β KeyPair-1 β
β βββ Public Key: (Stored in CSP) β
β βββ Private Key: (User keeps) β
β βββ Used by: VM-1, VM-2, VM-3 β
β β
β KeyPair-2 β
β βββ Public Key: (Stored in CSP) β
β βββ Private Key: (User keeps) β
β βββ Used by: VM-4, VM-5 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
2. CB-Spider KeyPair API λ° μ 곡 μ 보 κ·κ²©
- μ¬μ©μλ λ€μκ³Ό κ°μ CB-Spider REST APIλ₯Ό μ΄μ©νμ¬ KeyPair μ 보λ₯Ό JSON κ·κ²©μΌλ‘ μ 곡λ°λλ€.
2.1 KeyPair κ΄λ¦¬ API
# KeyPair κ΄λ¦¬
POST /spider/keypair - Create KeyPair
GET /spider/keypair - List KeyPairs
GET /spider/keypair/{Name} - Get KeyPair
DELETE /spider/keypair/{Name} - Delete KeyPair
# KeyPair λ±λ‘/ν΄μ (κΈ°μ‘΄ CSP KeyPair μ°λ)
POST /spider/regkeypair - Register KeyPair
DELETE /spider/regkeypair/{Name} - Unregister KeyPair
# KeyPair λͺ©λ‘ μ‘°ν (μ 체)
GET /spider/allkeypair - List All KeyPairs (CB-Spider + CSP)
GET /spider/allkeypairinfo - List All KeyPairs Info
# KeyPair ν΅κ³
GET /spider/countkeypair - Count All KeyPairs
GET /spider/countkeypair/{ConnectionName} - Count KeyPairs by Connection
# CSP KeyPair μ§μ μμ
DELETE /spider/cspkeypair/{Id} - Delete CSP KeyPair
2.2 μ 곡 μ 보 κ·κ²©
KeyPair μ 보 (KeyPairInfo)
| νλ | μ€λͺ | μμ |
|---|---|---|
| IId | KeyPairμ μλ³μ μ 보 (NameId, SystemId) | β {Name: "keypair-01", SystemId: "key-1234abcd"} |
| Fingerprint | KeyPairμ μ§λ¬Έ μ 보 (CSPμμ μ 곡) | β "SHA256:abc123..." |
| PublicKey | 곡κ°ν€ μ 보 (PEM νμ) | β "ssh-rsa AAAAB3NzaC1..." |
| PrivateKey | κ°μΈν€ μ 보 (PEM νμ, μμ± μμλ§ λ°ν) | β "-----BEGIN RSA PRIVATE KEY-----\n..." |
| VMUserID | VM μ μ μ μ¬μ©ν μ¬μ©μ ID | β "cb-user" (CB-Spider μΆμνλ μ¬μ©μ) |
| TagList | KeyPairμ ν λΉλ νκ·Έ 리μ€νΈ | β [{Key: "Environment", Value: "Production"}] |
| KeyValueList | CSPκ° μ 곡νλ μΆκ° μ 보λ₯Ό Key/Value List ννλ‘ μ 곡 | β [{Key: "KeyPairId", Value: "key-1234"}] |
μ£Όμ νλ μ€λͺ :
- PrivateKey: KeyPair μμ± μμλ§ λ°νλλ©°, μ¬μ‘°ν μμλ ν¬ν¨λμ§ μμ
- PublicKey: CSPμ λ°λΌ μ 곡λμ§ μμ μ μμ
- VMUserID: CB-Spiderμμλ νμ "cb-user" μΆμνλ μ¬μ©μ μ¬μ©
- Fingerprint: KeyPairμ κ³ μ μ§λ¬ΈμΌλ‘ κ²μ¦μ μ¬μ©
3. CB-Spider KeyPair API λ° μ 곡 μ 보 μμ
3.1 KeyPair μμ± μμ
- AWSμμ
keypair-webKeyPairλ₯Ό μμ±νλ API νΈμΆ λ° κ²°κ³Ό μμκ° λ€μκ³Ό κ°λ€.
curl -sX 'POST' 'http://localhost:1024/spider/keypair' \
-H 'Content-Type: application/json' \
-d '{
"ConnectionName": "aws-config01",
"ReqInfo": {
"Name": "keypair-web"
}
}' | jq
μλ΅ μμ:
{
"IId": {
"NameId": "keypair-web",
"SystemId": "keypair-web"
},
"Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
"PublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
"PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAr3SDz29ld...\n-----END RSA PRIVATE KEY-----\n",
"VMUserID": "cb-user",
"KeyValueList": [
{
"Key": "KeyPairId",
"Value": "key-0a1b2c3d4e5f67890"
},
{
"Key": "KeyName",
"Value": "keypair-web"
}
]
}
μ€μ: λ°νλ PrivateKeyλ λ°λμ μμ ν μμΉμ μ μ₯ν΄μΌ νλ©°, μ¬μ‘°νκ° λΆκ°λ₯ν©λλ€!
3.2 KeyPair μ‘°ν μμ
- AWS
keypair-webKeyPair μ 보 νΈμΆ API λ° μ 곡 μ 보 μμκ° λ€μκ³Ό κ°λ€.
curl -sX 'GET' 'http://localhost:1024/spider/keypair/keypair-web?ConnectionName=aws-config01' | jq
μλ΅ μμ:
{
"IId": {
"NameId": "keypair-web",
"SystemId": "keypair-web"
},
"Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
"PublicKey": "Hidden for security.",
"PrivateKey": "Hidden for security.",
"VMUserID": "cb-user",
"KeyValueList": [
{
"Key": "KeyPairId",
"Value": "key-0a1b2c3d4e5f67890"
}
]
}
μ°Έκ³ : μ‘°ν μμλ PrivateKeyμ PublicKeyκ° λ³΄μμ μν΄ μ¨κ²¨μ Έ λ°νλ©λλ€.
3.3 KeyPair λͺ©λ‘ μ‘°ν μμ
curl -sX 'GET' 'http://localhost:1024/spider/keypair?ConnectionName=aws-config01' | jq
μλ΅ μμ:
{
"keypair": [
{
"IId": {
"NameId": "keypair-web",
"SystemId": "keypair-web-d60mdhu1pc4mliscb9og"
},
"Fingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f",
"PublicKey": "Hidden for security.",
"PrivateKey": "Hidden for security.",
"VMUserID": "cb-user",
"TagList": [
{
"Key": "Name",
"Value": "keypair-web-d60mdhu1pc4mliscb9og"
}
],
"KeyValueList": [
{
"Key": "KeyFingerprint",
"Value": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f"
},
{
"Key": "KeyName",
"Value": "keypair-web-d60mdhu1pc4mliscb9og"
},
{
"Key": "KeyPairId",
"Value": "key-0a1b2c3d4e5f67890"
}
]
},
{
"IId": {
"NameId": "keypair-admin",
"SystemId": "keypair-admin-e71nehv2qd5nmbjtc0ap"
},
"Fingerprint": "2a:62:bf:39:ca:9a:fa:e9:2a:36:6e:48:3e:8e:c9:db:0a:a6:a2:7a",
"PublicKey": "Hidden for security.",
"PrivateKey": "Hidden for security.",
"VMUserID": "cb-user",
"TagList": [
{
"Key": "Name",
"Value": "keypair-admin-e71nehv2qd5nmbjtc0ap"
}
],
"KeyValueList": [
{
"Key": "KeyFingerprint",
"Value": "2a:62:bf:39:ca:9a:fa:e9:2a:36:6e:48:3e:8e:c9:db:0a:a6:a2:7a"
},
{
"Key": "KeyName",
"Value": "keypair-admin-e71nehv2qd5nmbjtc0ap"
},
{
"Key": "KeyPairId",
"Value": "key-1b2c3d4e5f6789012"
}
]
}
]
}
μ°Έκ³ : λͺ©λ‘ μ‘°ν μμλ 보μμ μν΄ PrivateKeyμ PublicKeyλ μ¨κ²¨μ Έ λ°νλ©λλ€.
3.4 KeyPair μμ μμ
curl -sX 'DELETE' 'http://localhost:1024/spider/keypair/keypair-web' \
-H 'Content-Type: application/json' \
-d '{
"ConnectionName": "aws-config01"
}' | jq
μλ΅ μμ:
{
"Result": "true"
}
3.5 κ°μ μμ (force) μμ
- VM λ±μ΄ μ°κ²°λ KeyPairλ₯Ό κ°μ μμ ν κ²½μ°
force=trueμ΅μ μ μ¬μ©νλ€.
curl -sX 'DELETE' 'http://localhost:1024/spider/keypair/keypair-web?force=true' \
-H 'Content-Type: application/json' \
-d '{
"ConnectionName": "aws-config01"
}' | jq
3.6 κΈ°μ‘΄ CSP KeyPair λ±λ‘ μμ
- CSPμ μ΄λ―Έ μ‘΄μ¬νλ KeyPairλ₯Ό CB-Spiderμ λ±λ‘νλ μμκ° λ€μκ³Ό κ°λ€.
curl -sX 'POST' 'http://localhost:1024/spider/regkeypair' \
-H 'Content-Type: application/json' \
-d '{
"ConnectionName": "aws-config01",
"ReqInfo": {
"Name": "existing-keypair",
"CSPId": "keypair-existing-csp-id"
}
}' | jq
μλ΅ μμ:
{
"IId": {
"NameId": "existing-keypair",
"SystemId": "keypair-existing-csp-id"
},
"Fingerprint": "3b:73:ca:4a:db:ab:ab:fa:3b:47:7f:59:4f:9f:da:ec:1b:b7:b3:8b",
"VMUserID": "cb-user"
}
5. μ£Όμμ¬ν λ° μ μ½μ¬ν
5.1 Private Key κ΄λ¦¬
- μμ± μμλ§ μ 곡: Private Keyλ KeyPair μμ± μ λ¨ ν λ²λ§ λ°νλ¨
- μ¬λ°κΈ λΆκ°: Private Key λΆμ€ μ μ¬μ‘°νλ μ¬λ°κΈ λΆκ°λ₯
- μμ ν λ³΄κ΄ νμ:
- νμΌ κΆν:
chmod 600 keypair.pem - μμ ν μ μ₯μ μ¬μ© (μνΈνλ λ³Όλ₯¨, λΉλ°λ²νΈ κ΄λ¦¬μ λ±)
- λ²μ κ΄λ¦¬ μμ€ν (Git λ±)μ μ λ ν¬ν¨ κΈμ§
- νμΌ κΆν:
- λΆμ€ μ λμ: μλ‘μ΄ KeyPair μμ± ν VMμ μ¬λ±λ‘ νμ
5.2 KeyPair μμ
- VMμ΄ μ¬μ© μ€μΈ KeyPairλ μμ λΆκ° (μΌλΆ CSP)
- κ°μ μμ (force=true) μ μ°κ²°λ VMμ SSH μ μμ΄ λΆκ°λ₯ν΄μ§ μ μμ (μ£Όμ!)
- μμ μ ν΄λΉ KeyPairλ₯Ό μ¬μ©νλ VM λͺ©λ‘ νμΈ κΆμ₯
6. SSH μ μ κ°μ΄λ
6.1 Linux/Macμμ SSH μ μ
# Private Key κΆν μ€μ (μ΅μ΄ 1ν)
chmod 600 ~/.ssh/keypair-web.pem
# SSH μ μ
ssh -i ~/.ssh/keypair-web.pem cb-user@<VM-Public-IP>
# SSH Config νμΌ μ€μ (μ νμ¬ν)
cat >> ~/.ssh/config << EOF
Host my-vm
HostName <VM-Public-IP>
User cb-user
IdentityFile ~/.ssh/keypair-web.pem
EOF
# κ°νΈ μ μ
ssh my-vm
6.2 Windowsμμ SSH μ μ
PowerShell/CMD μ¬μ©:
# SSH μ μ
ssh -i C:\Users\YourName\.ssh\keypair-web.pem cb-user@<VM-Public-IP>
6.3 SSH μ μ λ¬Έμ ν΄κ²°
Permission Denied μ€λ₯:
# Private Key κΆν νμΈ
ls -la ~/.ssh/keypair-web.pem
# κΆνμ΄ λ무 κ°λ°©λμ΄ μμΌλ©΄
chmod 600 ~/.ssh/keypair-web.pem
Host Key Verification Failed:
# known_hosts νμΌμμ ν΄λΉ νΈμ€νΈ μ κ±°
ssh-keygen -R <VM-Public-IP>
Connection Timeout:
- Security Groupμ Inbound Rulesμ SSH(22) ν¬νΈκ° νμ©λμ΄ μλμ§ νμΈ
- VMμ Public IPκ° μ¬λ°λ₯Έμ§ νμΈ