Spring Jsch SSH Private Key, Dockerfile 복사, Jsch kubernetes pod

Spring Jsch java ssh 접속

 

SSH Authentication 동작 방식

1. Client → Server : SSH connection을 요청
2. Server → Client : Random message 전송
3. Client → Server : Private Key를 사용하여 message를 encrypt
4. Server : public key를 사용해 message를 decrypt
5. Server → Client : message가 일치하면 client의 접근을 허용

 

connectSSH() 수정

public void connectSSH() throws JSchException {
    JSch jsch = new JSch();
    session = jsch.getSession(username, host, port);
    jsch.addIdentity(privateKeyPath);
    session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
    session.setConfig("StrictHostKeyChecking", "no");

    session.connect();
}

 

key 생성

ssh-keygen -t rsa -f ./gcp_id_rsa -C solbiko9482 -m PEM

-m PEM 옵션 안주면 rsa말고 openssh로 만들어짐

 

Server에 Public Key 복사하기

만들어진 private key로 ssh 접속, id_rsa.pub (공개)키 값을 ~/.ssh/authorized_keys에 저장

ssh-copy-id -i ~/path/id_rsa[private_key_path] user_name@remote_ip

cat ~/path/id_rsa[private_key_path] | ssh user_name@remote_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys

 

Build command

k8s pod 내에서 접속하는 경우

docker build -t example --build-arg ssh_prv_key="$(cat $HOME\.ssh\id_rsa)" --build-arg ssh_pub_key="$(cat C$HOME\.ssh\id_rsa.pub)" --squash .

 

Dockerfile

도커파일에 .ssh 복사

ARG ssh_pub_key

RUN apt-get update && \
    apt-get install -y \
        git \
        openssh-server \
        libmysqlclient-dev

# Authorize SSH Host
RUN mkdir -p /root/.ssh && \
    chmod 0700 /root/.ssh
# See: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
COPY known_hosts > /root/.ssh/known_hosts

# Add the keys and set permissions
RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && \
    echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub && \
    chmod 600 /root/.ssh/id_rsa && \
    chmod 600 /root/.ssh/id_rsa.pub \
.
.
.

 

파드접속

 kubectl exec --stdin --tty pod/demo-app-fdcdb8df8-9bbs4 -- /bin/sh