본문 바로가기
Ansible

ansible 2일차

고동 클라우드 2024. 2. 7. 15:30 
su kildong

ssh-keygen

sftp kdhong@192.168.110.20

mkdir .ssh

cd .ssh

put id_rsa.pub

=====================================

mv id_rsa.pub authorized_keys

cd ..

chmod 700 .ssh

[kdhong@node1 ~]$ ll -a
total 16
drwx------. 3 kdhong kdhong  92 Feb  7 01:29 .
drwxr-xr-x. 5 root   root    49 Feb  7 01:06 ..
-rw-r--r--. 1 kdhong kdhong  18 Apr  1  2020 .bash_logout
-rw-r--r--. 1 kdhong kdhong 193 Apr  1  2020 .bash_profile
-rw-r--r--. 1 kdhong kdhong 231 Apr  1  2020 .bashrc
-rw-r--r--. 1 kdhong kdhong 409 Feb  7 01:30 id_rsa.pub
drwx------. 2 kdhong kdhong  29 Feb  7 01:33 .ssh

 

http://twoseven.kr/class803/security/gpg.txt 

 

============================================================================================

rngd

 

~]# yum install rng-tools

~]# systemctl start rngd

~]# systemctl status rngd

~]# rngd --rng-device=/dev/hwrng

[kildong@control ~]$ rdate time.bora.net

[kildong@control ~]$ sudo gpg --gen-key



                     ┌─────────────────────────────────────────────────────┐
                     │ Enter passphrase                                    │
                     │                                                     │
                     │                                                     │
                     │ Passphrase ________________________________________ │
                     │                                                     │
                     │       <OK>                             <Cancel>     │
                     └─────────────────────────────────────────────────────┘

 

============================================================================================

[kildong@control ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: kildong
Email address: kildong@naver.com
Comment:
You selected this USER-ID:
    "kildong <kildong@naver.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 13FD938A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   2048R/13FD938A 2024-02-07
      Key fingerprint = 8135 0F1D F01B 8FA3 1D04  ABAB EFC4 300D 13FD 938A
uid                  kildong <kildong@naver.com>
sub   2048R/D4DC19C0 2024-02-07

[kildong@control ~]$ gpg --list-keys
/home/kildong/.gnupg/pubring.gpg
--------------------------------
pub   2048R/95FA9DC8 2024-02-07
uid                  kildong <kildong@gmail.com>
sub   2048R/08CCE2D1 2024-02-07

pub   2048R/13FD938A 2024-02-07
uid                  kildong <kildong@naver.com>
sub   2048R/D4DC19C0 2024-02-07

[kildong@control ~]$ gpg --list-secret-keys
/home/kildong/.gnupg/secring.gpg
--------------------------------
sec   2048R/95FA9DC8 2024-02-07
uid                  kildong <kildong@gmail.com>
ssb   2048R/08CCE2D1 2024-02-07

sec   2048R/13FD938A 2024-02-07
uid                  kildong <kildong@naver.com>
ssb   2048R/D4DC19C0 2024-02-07

[kildong@control ~]$ gpg --export -a --output killdong.gpg
[kildong@control ~]$ ls
killdong.gpg  to_kildong.txt

 

============================================================================================

[kildong@control ~]$ gpg --export -a --output killdong.gpg

[kildong@control ~]$ ls
killdong.gpg  to_kildong.txt

[kildong@control ~]$ cp killdong.gpg /tmp

[kildong@control ~]$ su younghee
Password:

[younghee@control tmp]$ cd

[younghee@control ~]$ cp /tmp/killdong.gpg .

[younghee@control ~]$ ls
killdong.gpg

[younghee@control ~]$ gpg --import killdong.gpg
gpg: key 95FA9DC8: public key "kildong <kildong@gmail.com>" imported
gpg: key 13FD938A: public key "kildong <kildong@naver.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)

[younghee@control ~]$ vi test.txt

[younghee@control ~]$ gpg --import killdong.gpg test.txt
gpg: key 95FA9DC8: "kildong <kildong@gmail.com>" not changed
gpg: key 13FD938A: "kildong <kildong@naver.com>" not changed
gpg: no valid OpenPGP data found.
gpg: Total number processed: 2
gpg:              unchanged: 2

[younghee@control ~]$ ls
killdong.gpg  test.txt

[younghee@control ~]$ gpg -ear kildong@gmail.com test.txt
gpg: 08CCE2D1: There is no assurance this key belongs to the named user

pub  2048R/08CCE2D1 2024-02-07 kildong <kildong@gmail.com>
 Primary key fingerprint: 4B02 6D65 867C 05FE 861D  22A9 5637 F856 95FA 9DC8
      Subkey fingerprint: 3C47 87FA 4A40 2B8C 2F45  5327 7565 37D3 08CC E2D1

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

[younghee@control ~]$ ls
killdong.gpg  test.txt  test.txt.asc

[younghee@control ~]$ cp test.txt.asc /tmp

[younghee@control ~]$ su kildong
Password:

[kildong@control younghee]$ cd /tmp

[kildong@control tmp]$ cd

[kildong@control ~]$ cp /tmp/test.txt.asc .

[kildong@control ~]$ ls
killdong.gpg  test.txt.asc  to_kildong.txt

[kildong@control ~]$ gpg -d test.txt.asc

You need a passphrase to unlock the secret key for
user: "kildong <kildong@gmail.com>"
2048-bit RSA key, ID 08CCE2D1, created 2024-02-07 (main key ID 95FA9DC8)

gpg: encrypted with 2048-bit RSA key, ID 08CCE2D1, created 2024-02-07
      "kildong <kildong@gmail.com>"
ㅁㄴㅇㄻㄴㅇㄹasdf:

 

============================================================================================

gpg signature

 

'Ansible' 카테고리의 다른 글

ansible 에러  (0) 2024.02.14
ansible 기본 환경설정  (2) 2024.02.13
ansible 수요일  (1) 2024.02.07
ansible 사전준비 2  (1) 2024.02.06
Ansible 준비  (2) 2024.02.06

'Ansible' Related Articles

티스토리툴바