[Java][SSH] Jsch Java SSH 라이브러리 사용 주의 사항

Programming/스프링.유틸 / / 2022. 11. 28. 16:49

가장 중요한 메시지

1. 개요 

 Tmax사 Anylink 제품을 설정 하던 중 이슈가 발생하였다.

 Anylink 전문 연계 중 파일 업로드 관련을 SSH + SFTP으로 업/다운로드를 하는 서비스가 존재하여, 

 기존 비밀번호 기간 만료로 인해 OS AIX, LINUX 등 Pam 모듈 제한이 발생하였다.

 임시 조치 → 서비스 정상화 확인 후 대안 방안을 고민하던 중 RSA Public, Private 인증 방식을 떠올라 적용하고자 한다.

 

2. 이슈

 1) ssh-keygen 기본 모듈로 하면 안된다!  (정상케이스는 하단 참조)

#잘못된 예시 -- OPEN SSH 로 생성된 RSA 인증서 파일은 정식 모듈이 아니다!

ssh-keygen -t rsa 

$ cat /c/Users/YYH-G/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhAbV3hpeTXoy0h2MjYnqtsMqzw9PhMOwszpWOk+GT9fr+QfOZbTuxRkmkbx0pcrPruDRYhgPCDTtz3sLqqnoGvD8sSESc+4v4HJqj+KIPmxAnIYw6nBK3PbNkI/pnR3/V/fIrkGW+zm8W0Zons82uHdXzvi4cfj/oZCC+vUSxeWW11qwe0wbyBB9oOmuqTcdIzYPu5NXyQQRDZyLptcG6Swi/es1OmV+T+Eb513jtxy2NnH/X8Fhv+E5SOvP1RtlpB+mRUw7w2fJC31DKgke4z8n/mzfKjRoc8dYTBiJTMifB0yzh6uWbKdiROcDv30UXf8Z3Ixqs4tnJJ5ppODzOYWzpfz++zAIhKLlO4/E+QZ6bhVRxrPTS65nvTJIk0Zc+HGTJG18nHywT0Am2zzeQ/EqEzPT2rr1zb9NbUBChZ1yxasWJc/1kCLo9m1kwNfQgJM2ky145FuJaPnTthJPqTLNyniYyAe3QsKNwRrwjiX9NPiE04LfImC3wvkfOTjE= YYH-G@YYH-G

$ cat /c/Users/YYH-G/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA4QG1d4aXk16MtIdjI2J6rbDKs8PT4TDsLM6VjpPhk/X6/kHzmW07
sUZJpG8dKXKz67g0WIYDwg07c97C6qp6Brw/LEhEnPuL+Byao/iiD5sQJyGMOpwStz2zZC
P6Z0d/1f3yK5Blvs5vFtGaJ7PNrh3V874uHH4/6GQgvr1EsXlltdasHtMG8gQfaDprqk3H
SM2D7uTV8kEEQ2ci6bXBuksIv3rNTplfk/hG+dd47cctjZx/1/BYb/hOUjrz9UbZaQfpkV
MO8NnyQt9QyoJHuM/J/5s3yo0aHPHWEwYiUzInwdMs4erlmynYkTnA799FF3/GdyMarOLZ
ySeaaTg8zmFs6X8/vswCISi5TuPxPkGem4VUcaz00uuZ70ySJNGXPhxkyRtfJx8sE9AJts
83kPxKhMz09q69c2/TW1AQoWdcsWrFiXP9ZAi6PZtZMDX0ICTNpMteORbiWj507YST6kyz
cp4mMgHt0LCjcEa8I4l/TT4hNOC3yJgt8L5Hzk4xAAAFgGCUN9lglDfZAAAAB3NzaC1yc2
EAAAGBAOEBtXeGl5NejLSHYyNieq2wyrPD0+Ew7CzOlY6T4ZP1+v5B85ltO7FGSaRvHSly
s+u4NFiGA8INO3Pewuqqega8PyxIRJz7i/gcmqP4og+bECchjDqcErc9s2Qj+mdHf9X98i
uQZb7ObxbRmiezza4d1fO+Lhx+P+hkIL69RLF5ZbXWrB7TBvIEH2g6a6pNx0jNg+7k1fJB
BENnIum1wbpLCL96zU6ZX5P4RvnXeO3HLY2cf9fwWG/4TlI68/VG2WkH6ZFTDvDZ8kLfUM
qCR7jPyf+bN8qNGhzx1hMGIlMyJ8HTLOHq5Zsp2JE5wO/fRRd/xncjGqzi2cknmmk4PM5h
bOl/P77MAiEouU7j8T5BnpuFVHGs9NLrme9MkiTRlz4cZMkbXycfLBPQCbbPN5D8SoTM9P
auvXNv01tQEKFnXLFqxYlz/WQIuj2bWTA19CAkzaTLXjkW4lo+dO2Ek+pMs3KeJjIB7dCw
o3BGvCOJf00+ITTgt8iYLfC+R85OMQAAAAMBAAEAAAGAUlY7v4djBCx/NLiuUI6C8fhV1L
5+VFOAuUzHcasvyuMie9RKfgR46YAdBq0acMZmjIWVsicoTORmsxn7HcBQcxKD04KGiSOL
rrlY5VPgifFmUct28yOVvbQ4Zxa7VPvXDcmlysdGVDJaeHEvBgRH6cVFO7KGUSrp2/J4AR
RlhMQ1sfridU0np3xWud9W8rUPjdaWxt66Y7HjC388SWWXhMJcayVW58I8NXuPDXIJ8IkI
ZF+2cKCk3CRzFKg6CbFowZMyUD6rVpEd802+aVYbuhl0pAo5WnCAHJTp0CkF1oixQqSitY
/dK7uG3hRRP55fGVS37Wd4v5Ga1DTZGF5708Vcjz3jf8WaQsEaNErn9wzfEZukUvYASUG2
7QexefYkugARmyK+PlOLS/P4MQPvMyDqXNs+fj2UZIUWFrkt90FBX6M1czBVXsJE/jF4AA
Kip1wDTBJCaXusCfD+NWKcVK7AAsuMc/7v6L9sEWqA6ZvbzfLahXL6ycqvUcNvx/jZAAAA
wA32IGXeW7RFuwYPVbYsaPRo0/YKP7+ZoksroVFs1aSSaFo6HBJvdS14ReDw2rcyINrglm
4XHz81rYacDDLWfVoVHhpuQfwDQwYmkuCCibBwsaY6UWK1XvsiqoprxL8BaZbgrHog2bnL
A2dKTRK7Cg8QL4UGZ8JkduBuTldEEpWoRyHgIRL0UiKW9sjkvwkmtVKrM8OloVVxFnbTM/
Lo1/145OVIzC0zVwHqYF3PyTx7V7YjueOf0cXyEkOCv46EQwAAAMEA/jY54/flvsOSDCel
l4CPC8dCDzKsrk+LEsr0s6acf2Nhq8uN9isdVo0EG7SWJm5EPnP4mn8fA50bd5UU+vzgo9
7rQrj2rLA6pJtdW0nAJ51kd2Vz7bP0qeXdvoFU9fukciXAkTxQ/IrQVnoeLaxm4ucUPXYB
N4av5yebqbo3MjnmUdr9XJLDUzXkCNjQP18fwQlsuk//WX/0C1ThLxzYLtP6fZal4B8DDz
z5TvwX7b/YWHu192CQt3hJGHVCXFODAAAAwQDiluQuYYx/5qIX5GuGIrHc/iBALoBB/NfO
2pLWlDaE8ARTlL8y8W7cfAJzI0QmjMrhPwd2CsHWCcpMMh1yQAMYB6imeItoInYT4hWiHx
E8VeUk7Z8SxmOtblhPd1+UlzzxBHVt0T+6ZBdtU3wU4zEaiUs5jVtyK4E3uRBOYfwD/aeN
elXozI3/6zLxVXANkZCxs1CaqVSg4rnmVRHJSN1+QF/JKT3B6bUF0c51KsNr8VjMVo6Xbe
rwW+Ujk4kMhTsAAAALWVlILUdAWVlILUc=
-----END OPENSSH PRIVATE KEY-----

 2) ssh-keygen 정상적인 사용법

ssh-keygen -m PEM \
    -t rsa \
    -b 4096 \
    -C "계정@호스트" \
    -f /c/Users/YYH-G/.ssh/test_rsa
    
$ cat /c/Users/YYH-G/.ssh/test_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAotLyQv+urFCo85tzhJOxzCi9D39qaxyTfV2nKBnMfyeZmYb7
TLaw3rvKWkGBjy3dFHZFbhlvS7+suqqkn4mqaT53v18r8GZ4gp/FglaGPqTpumCm
x+Lrr4zZy2ISW0d33GV2z6KE1tF6f9UWbWBh2UFxuU98BwJL2hH4YldA7LbfDtLu
Oka+p4ei0ii3EX8MldGuVaBaSM3yyLhIlrCk4uBdWnAqahlO8jlaTssDIzR5W/og
9zUOQB6CAjr7mt1AkblLV3dpZ9AgPxBVCfNN57NyMCPGK9i1lVQCkJyWW4Scp/Nx
T4dXWX1IJrXhJNx4xlrBfiEeX4Vbx1Sfu+8nxcUvy/i35uZxLwYOqxAsMaJWcTt4
zLwd96Rz7K+cyyj3rgDttqxIdppz5k8Sf4pAxI3ImjHev3hzcBJSfcHTvFTsprSq
rJlD0nBla68kqDsQQDluO1PbYt6csiVPvSVr6z7v986faAdftZMGFWenESEfqsDt
k1NZQRdNsZ9PZuZvESR4imV92azonoa1Q1FBo5IDr9DXGUFlAC7pQIOKYc5jMcwA
UJOilG8D67mXo5Z++AEDM8JZZU/JUwoQnjatkJ15gTXftTgXK+HaWwx9l1kStP0Q
XztGDCFhsrvXm3HeHlElfuegitL60+4DNfKzs+c+AlRPp/vDQatvlIf+MfcCAwEA
AQKCAgBwuZI3iEQpz/3oCatEEex554pcfF30oegKVxguzw2gyo2wmJ7KUYDJ80D4
k3la4um4DNmsi7ddvemboiAuw2RTUIge2YjV+ltcM7jNr5FpNUsLWXad1CBPfTgb
cl47C5OT5jsHLQDCqGwirCfGuX+EpaZSIRFA2Poik2ZezwGH4GM1JBsCBZBg86pp
zP5RAqB36J7FcSqQVOTMyaiXitvcpnB6+ESlB7h8QfCftDUL3nxWjSjdfMHM6lIf
sS4X3S2itaHPgEBdOt3YSzpUlTlOPBHF+j5shK/SHkNYUtBVs82xCP1djdmPfwjA
pBKnLmv/Bz4GUG9yuiT8Lz4XIk9ppRnkGgwZRfFXek4PwEQ538D8He1tgmGJrwj3
pfzddgQ3GdTVWC5XoljfcZYnK5Z9199JvDs+WeSIlu9TTmSHVxoxlyAZnul1rMpc
7y8EYiwPA83e5LjCZnkq8odMZ70D8NVUXSZ8OExucKy1sVjtUCWMusvQvpohSNMM
yOTmwOSybk1tkVMHurZLIutTsnDuapIoL6omeMBwM2Ka27WQFZgj70fnCaFwSJIu
QVE095PgTqjz8Wh+Bsno0VRay2hTWz+clByqJNkpQEHXiZiX8QtVn898HuuwwVhu
QdJ12SAiLh9Q9Fjd11+3LAODG7F90LNSUeXLfZgXivTjOVK0oQKCAQEA2Gre5iBb
5jGOGlev0PccY88/GSOQNOQWpWEREkTSil6Vz5YzcHxTlYOxKih6/U1YyILTYVz1
2K/TQWmScblP8scrd1TP+5/dtz24qTovZjcyRFtYAZEXuuyVXE4y+iy44SP4dRkF
WN8dePQ8pVoruPUL6XA52cx54wOBA7mxpjZf0gLNV/kyjZzLPhjQNExPTFBQEtnr
vnFTfdnjUa/Aj5ajhd1nBGdhDWxSv2y+jWK6GxuIlGQNlStTXCP4l7uCRDzOZkZW
Fcw1iUPUcKGBwFnuhQ0DxeWHAZevFUp9P061TVJfCxNyIbhr5p1nSX+EWJU8LGMI
MrwNEYJVKfiQUwKCAQEAwJq3HEultgyusJkQ4J7xKBQSedjFi610TQjYPDQuC+9v
6CanyiRK07wtDPWdLMCh98xS5yNd8OfpfGO0Uz3BsjwukLff6psbCF87Wob9h8W0
ybyAUbpafZrvSa6DsnMbcs0qDw3E4tvTOfEhgoFxvBthp8DPkI3W6w0zC6ciHQ/k
SdynXv0khzzOeDfBMRvfRwdti0ktld7tpWvRBz3MlR/IE49pM3aL3OUsfa4ZDXvj
ydJwa0xk+yRr/gPep2+6JWbnSQ7xfDvxK3SD+K9pYs79nBJ0z/4ZN0yfi1/HWrjI
eBGw3oEfXxl5dCR5mlmehD+hc7AQUVMZOv/JdFTzTQKCAQB+Fq3tN/czA7Y+RM5r
mj2RLUMe+2heWHGVQxt2IGDmOztfaaxoohb0qniDDnixsenDUO2k8UtPRwl3N/IZ
jhU1ZrM9YE2Y1ciQpUY8WmkZTZlc2DdLGmTQBFz1HZ53wayph5KPbtd9suhx+yKG
WCXXKfYZuMgLzCVLjVQSfpMxOsbTDczjr42zkiGb+Ur83WTqGnS8tvixyUcSsOrP
Qe2X+vUk3hzSJQUXlAAWBV5z84xolL8bbbu4KDj2GwMQLDA2X5MFZX9sTcD3S2yv
fnmhPwRHwpBrMVJaLCzW48JbKxlYhmBXjKnXWaKMBzMRUFkkXzZiygQRwxx+Egha
XrZ/AoIBAGRXdjQwmPl6K/xnEirjw2GM6389VtWJHUEQ7Y6X5LFlIZkBooKmW7Fp
pNLOlv78sKUndr1iaIucVsDuNMD1OJdB0USl9usDuZan/oUQNL9qWeCL6xIpEwHD
GQz69TOf0loB1vqWws8plSbnn/ycsYM9hKffxINb0e8NJl3YyeX4JIfyg+Px3/jw
zeRFr8mE6tLXZNOe4TfmN0rqG7E5Gf9K2nKOUVF1XjJL1tz3OagTtj2r+9N6rlVE
yVpB69qxU3ou3SnrthVyKRfpkOObhzzp96g62U6O49YyfiAfWv3BrPcYyFtzS8PA
wsymQBAQxovBlrxtqmKj904Meoi3xTUCggEBAMApfbWjcUGsWZKjfIzn/uMJzUTB
+QtSMWo+PEH8pRanp2DId9tqkMHLd8lK9aaPEatCHxJMl5MsaHuocWuRjYj+VMw4
3zABAARwY8T2MBrEce2ZSoJlNETciUoQ+2jDQyCvqMI99lT6kT8aXAabKLBlZXey
AR5HE1NsOf1dmtzYjYeXia+9i9xG1XhToEnQygHL4W9tMLAmIioAEh4zgpSlUjq+
hg7enF3ed4WqOUnhNumPf8I/HG4febVBovw54uanVathdAKJbfEGQJJuqo3yEpCE
5wXZMg0iSGMMIzuOR/IZZX7uVR3q7LiN7EFGbKgwavlG+2K4M3Ls6cTPnGs=
-----END RSA PRIVATE KEY-----

$ cat /c/Users/YYH-G/.ssh/test_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCi0vJC/66sUKjzm3OEk7HMKL0Pf2prHJN9XacoGcx/J5mZhvtMtrDeu8paQYGPLd0UdkVuGW9Lv6y6qqSfiappPne/XyvwZniCn8WCVoY+pOm6YKbH4uuvjNnLYhJbR3fcZXbPooTW0Xp/1RZtYGHZQXG5T3wHAkvaEfhiV0Dstt8O0u46Rr6nh6LSKLcRfwyV0a5VoFpIzfLIuEiWsKTi4F1acCpqGU7yOVpOywMjNHlb+iD3NQ5AHoICOvua3UCRuUtXd2ln0CA/EFUJ803ns3IwI8Yr2LWVVAKQnJZbhJyn83FPh1dZfUgmteEk3HjGWsF+IR5fhVvHVJ+77yfFxS/L+Lfm5nEvBg6rECwxolZxO3jMvB33pHPsr5zLKPeuAO22rEh2mnPmTxJ/ikDEjciaMd6/eHNwElJ9wdO8VOymtKqsmUPScGVrrySoOxBAOW47U9ti3pyyJU+9JWvrPu/3zp9oB1+1kwYVZ6cRIR+qwO2TU1lBF02xn09m5m8RJHiKZX3ZrOiehrVDUUGjkgOv0NcZQWUALulAg4phzmMxzABQk6KUbwPruZejln74AQMzwlllT8lTChCeNq2QnXmBNd+1OBcr4dpbDH2XWRK0/RBfO0YMIWGyu9ebcd4eUSV+56CK0vrT7gM18rOz5z4CVE+n+8NBq2+Uh/4x9w== yyh@localhost

3. 매우 중요한 사항

 1) Java + SSH 모듈 Jsch 모듈 관련

   꽤 많은 상용 서비스들이 Jcraft 사의 Jsch SSH 라이브러리를 이용한다.

   다만 해당 라이브러리의 경우 Public , Private Key 사용시 범용이 아닌 이상 지원하지 아니 한다.

   대표적으로 OpenSSH (ssh-keygen) 기본 생성 방식 or RSA SSH  (ssh-keygen -m pem) 방식의 차이이다.

 2) OpenSSH 로 만들어진 인증서를 사용 하는 경우 발생하는 이슈는 대표적으로 한가지 있다.

/*
    (X) -----BEGIN OPENSSH PRIVATE KEY----- // 방식으로 만들어진 KEY는 절대 사용 불가이다.
    (O) -----BEGIN RSA PRIVATE KEY-----     // 으로만 가능하다. PEM 방식
*/
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [B@24a1f
   at com.jcraft.jsch.KeyPair.load(KeyPair.java:902)
   at com.jcraft.jsch.KeyPair.load(KeyPair.java:543)
   at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
   at com.jcraft.jsch.JSch.addIdentity(JSch.java:393)
   at com.jcraft.jsch.JSch.addIdentity(JSch.java:353)
   at com.jcabi.ssh.SSH.session(SSH.java:261)
저작자표시 비영리 변경금지

'Programming > 스프링.유틸' 카테고리의 다른 글

[자바][JAVA][파일업로드]자바 파일업로드 기초 소스 (초급자용)  (0) 2022.03.20
Image Test 및 부정 클릭 방지 테스트.  (0) 2021.11.18
[Spring F/W 유틸] Dynamic Get Bean Object  (0) 2021.09.07
[Spring F/W 유틸] RequestUtil (HttpServletRequest, HttpServletResponse) 선언 제거기  (0) 2021.09.05
  • 네이버 블러그 공유하기
  • 네이버 밴드에 공유하기
  • 페이스북 공유하기
  • 카카오스토리 공유하기
Programming/스프링.유틸 관련 글
글 더보기

티스토리툴바