Thursday, October 12, 2017

ssh connect new instance from IAM


SSH connect new instances from IAM AWS



เวลาเราลง Instance จาก AMI ของ hadoop ต้องลง ssh key ใหม่ด้วยเพราะว่าของเดิมใช้ไม่ได้แล้ว

run :
root@piboonsak-26474:~# ssh -i /etc/ssh/hadoop.pem ubuntu@ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com
result :
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:KwKVW2KK4vyw4EwU6y6VlEyPAfNdF10fo6nBQCtG66A.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:58
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com
ECDSA host key for ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.


run:
root@piboonsak-26474:~# ssh-keygen -f "/root/.ssh/known_hosts" -R ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com


result:
# Host ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com found: line 58
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old


run:
root@piboonsak-26474:~# ssh -i /etc/ssh/hadoop.pem ubuntu@ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com
The authenticity of host 'ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com (13.228.186.233)' can't be established.
ECDSA key fingerprint is SHA256:KwKVW2KK4vyw4EwU6y6VlEyPAfNdF10fo6nBQCtG66A.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com' (ECDSA) to the list of known hosts.
Warning: the ECDSA host key for 'ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com' differs from the key for the IP address '13.228.186.233'
Offending key for IP in /root/.ssh/known_hosts:58
Are you sure you want to continue connecting (yes/no)? yes


result:
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-125-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Wed Oct 11 15:54:14 UTC 2017


run:
ubuntu@ip-172-31-17-133:~$ sudo su hduser


result:
hduser@ip-172-31-17-133:/home/ubuntu$



run:
hduser@ip-172-31-17-133:~$ ssh localhost


result:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
55:20:8b:cb:63:43:f6:74:5a:4a:44:f0:37:1e:c3:98.
Please contact your system administrator.
Add correct host key in /home/hduser/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/hduser/.ssh/known_hosts:1
  remove with: ssh-keygen -f "/home/hduser/.ssh/known_hosts" -R localhost
ECDSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.



run:
hduser@ip-172-31-17-133:~$ ssh-keygen -f "/home/hduser/.ssh/known_hosts" -R localhost


result:
# Host localhost found: line 1 type ECDSA
/home/hduser/.ssh/known_hosts updated.
Original contents retained as /home/hduser/.ssh/known_hosts.old



run:
hduser@ip-172-31-17-133:~$ ssh-keygen -f "/home/hduser/.ssh/known_hosts" -R 0.0.0.0


result:
# Host 0.0.0.0 found: line 1 type ECDSA
/home/hduser/.ssh/known_hosts updated.
Original contents retained as /home/hduser/.ssh/known_hosts.old


run:
hduser@ip-172-31-17-133:~$ ssh-keygen -t rsa -P ""


result:
root@piboonsak-26474:~# ssh -i /etc/ssh/hadoop.pem ubuntu@ec2-13-228-186-233.ap-southeast-1.compute.amazonaws.com
run:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/hduser/.ssh/id_rsa): /home/hduser/.ssh/id_rsa
/home/hduser/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /home/hduser/.ssh/id_rsa.
Your public key has been saved in /home/hduser/.ssh/id_rsa.pub.
The key fingerprint is:
92:2d:1f:08:52:84:cd:f3:65:91:f0:a1:62:97:20:2b hduser@ip-172-31-17-133
The key's randomart image is:
+--[ RSA 2048]----+
|  .=+ ..oo       |
|  .++. ++.       |
|E o +o+o.        |
| . o +.+         |
|      = S        |
|       + .       |
|        .        |
|                 |
|                 |
+-----------------+


result: not think to see but insert to file authorized_keys ready.

check:
hduser@ip-172-31-17-133:~$ ls -l /home/hduser/.ssh/
total 24
-rw-r--r-- 1 hduser hadoop  405 ต.ค.  11 17:13 authorized_key     ==> ผิดตอน cat copy มาไม่หมด(ไม่ได้ใช้ลบทิ้งได้)
-rw-r--r-- 1 hduser hadoop  808 ก.ย.  21 03:49 authorized_keys
-rw------- 1 hduser hadoop 1679 ต.ค.  11 17:12 id_rsa
-rw-r--r-- 1 hduser hadoop  405 ต.ค.  11 17:12 id_rsa.pub
-rw------- 1 hduser hadoop  222 ต.ค.  11 17:13 known_hosts
-rw------- 1 hduser hadoop  222 ต.ค.  11 17:02 known_hosts.old




run check:
hduser@ip-172-31-17-133:~$ ssh localhost

result:
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-125-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Wed Oct 11 17:23:58 UTC 2017

  System load:  0.0                Processes:           123
  Usage of /:   19.2% of 39.23GB   Users logged in:     1
  Memory usage: 5%                 IP address for eth0: 172.31.17.133
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

30 packages can be updated.
19 updates are security updates.

New release '16.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Thu Sep 21 04:01:43 2017 from localhost
hduser@ip-172-31-17-133:~$ 


END.

warning! :ถ้าอยู่ใน localhost อยู่ให้ exit ออกมาก่อน


No comments:

Post a Comment