openssh-server 설치 명령어 / SSH (Secure Shell)

글쓴이 / / 개인 공부 저장용, 기타
목차
  1. SSH (Secure Shell)

SSH (Secure Shell)

🔐 SSH란?

네트워크를 통해 원격 컴퓨터에 안전하게 접속하기 위한 프로토콜입니다.

기존의 telnet, rsh 등이 평문(암호화 없이) 통신했던 것을 암호화된 통신으로 대체합니다.

  • 기본 포트: 22번
  • 현재 표준: SSH-2 (SSH-1은 보안 취약점으로 사용 안 함)
# SSH 동작 구조
Client (ssh)
     ↓
암호화 통신
     ↓
Server (sshd)

# SSH 접속 과정
1 Client → Server 연결
2 Key 교환
3 암호화 알고리즘 협상
4 사용자 인증
5 세션 생성

# SSH 로그 확인
journalctl -u sshd
또는
/var/log/secure

📦 구성 요소

구성설명
opensshSSH 핵심 라이브러리
openssh-server서버 측 데몬 (sshd) — 방금 설치한 것
openssh-clients클라이언트 측 (ssh, scp, sftp 명령어)

🔑 인증 방식

1. 비밀번호 인증

클라이언트 → 서버에 ID/PW 입력

2. 키 기반 인증 (더 안전, 실무 권장)

개인키(Private Key) — 클라이언트 보관
공개키(Public Key)  — 서버에 등록

bash

ssh-keygen                       # 키 생성
ssh-copy-id user@서버IP           # 공개키 서버에 등록

⚙️ 주요 설정 파일

파일역할
/etc/ssh/sshd_config서버 핵심 설정 (포트, 인증방식 등)
/etc/ssh/sshd_config.d/50-redhat.confRocky/RHEL 기본 설정
/etc/pam.d/sshdPAM 인증 연동 설정
/etc/sysconfig/sshdsshd 서비스 환경변수

🚀 서비스 시작

bash

sudo systemctl start sshd       # 시작
sudo systemctl enable sshd      # 부팅 시 자동 시작
sudo systemctl enable --now sshd  # 부팅 시 자동 시작 + 지금 당장 시작
sudo systemctl status sshd      # 상태 확인

🛡️ 보안 핵심 포인트

  • 포트 변경 — 기본 22번에서 다른 포트로 변경 권장
  • root 로그인 차단PermitRootLogin no
  • 비밀번호 인증 비활성화 — 키 인증만 허용
  • 방화벽 설정 — 허용된 IP만 접근 가능하도록

패키지 상세 정보

공식 홈페이지 https://www.openssh.org/portable.html

# 패키지 상세 정보 (버전, 크기, 의존성 등)
dnf info openssh-server
[lycos7560@DMT-RL01 ~]$ dnf info openssh-server
Rocky Linux 10 - BaseOS                          7.7 MB/s | 14 MB    00:01
Rocky Linux 10 - AppStream                       2.4 MB/s | 2.2 MB   00:00
Rocky Linux 10 - Extras                          9.6 kB/s | 6.0 kB   00:00
Installed Packages
Name         : openssh-server
Version      : 9.9p1      #현재 설치된 버전 확인 → 보안 취약점(CVE) 이 해당 버전에 있는지 체크
Release      : 12.el10_1.rocky.0.1     #el10 = RHEL/Rocky 10 전용 빌드
Architecture : x86_64
Size         : 1.4 M
Source       : openssh-9.9p1-12.el10_1.rocky.0.1.src.rpm    #어떤 소스 RPM으로 빌드됐는지 추적 가능
Repository   : @System    #@System = 이미 설치된 패키지
From repo    : baseos     #baseos = Rocky Linux 공식 저장소에서 설치됨 → 신뢰할 수 있는 출처 확인용
Summary      : An open source SSH server daemon
URL          : http://www.openssh.com/portable.html
License      : BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND
             : X11-distribute-modifications-variant
Description  : OpenSSH is a free version of SSH (Secure SHell), a program for logging
             : into and executing commands on a remote machine. This package contains
             : the secure shell daemon (sshd). The sshd daemon allows SSH clients to
             : securely connect to your SSH server.

설치 파일 목록 확인

# 어떤 파일들이 설치되는지 목록 확인
dnf repoquery -l openssh-server | less

# less
↑↓ 또는 j/k 로 스크롤
q 로 종료
/키워드 로 검색
[lycos7560@DMT-RL01 ~]$ dnf repoquery -l openssh-server | less
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/ssh/sshd_config.d
/etc/ssh/sshd_config.d/40-redhat-crypto-policies.conf
/etc/ssh/sshd_config.d/50-redhat.conf
/etc/sysconfig/sshd
/usr/lib/.build-id
/usr/lib/.build-id/06
/usr/lib/.build-id/06/1c704bdb361c2e2c48c670468eafbc74b84927
/usr/lib/.build-id/57
/usr/lib/.build-id/57/9225214b8a13e39081dd8aa43fbd36e524f19c
/usr/lib/.build-id/9c
/usr/lib/.build-id/9c/f8143dfdfc74c6c9d0e90afd0ec92e8663c759
/usr/lib/systemd/system/ssh-host-keys-migration.service
/usr/lib/systemd/system/ssh-host-keys-migration.target
/usr/lib/systemd/system/sshd-keygen@.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/lib/sysusers.d/openssh-server.conf
/usr/libexec/openssh/sftp-server
/usr/libexec/openssh/ssh-host-keys-migration.sh
/usr/libexec/openssh/sshd-keygen
/usr/libexec/openssh/sshd-session
/usr/sbin/sshd
/usr/share/empty.sshd
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/lib/.ssh-host-keys-migration
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/ssh/sshd_config.d
/etc/ssh/sshd_config.d/40-redhat-crypto-policies.conf
/etc/ssh/sshd_config.d/50-redhat.conf
/etc/sysconfig/sshd
/usr/lib/.build-id
/usr/lib/.build-id/0e
/usr/lib/.build-id/0e/106f434f63522d0cbc3da80690094ec44ec56e
/usr/lib/.build-id/17
/usr/lib/.build-id/17/3d9a1c99482d77a79428b6d7779247b2f90e57
/usr/lib/.build-id/cf
/usr/lib/.build-id/cf/dde200fededbedd053eae13337cc9d3e8b0625
/usr/lib/systemd/system/ssh-host-keys-migration.service
/usr/lib/systemd/system/ssh-host-keys-migration.target
/usr/lib/systemd/system/sshd-keygen@.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/lib/sysusers.d/openssh-server.conf
/usr/libexec/openssh/sftp-server
/usr/libexec/openssh/ssh-host-keys-migration.sh
/usr/libexec/openssh/sshd-keygen
/usr/libexec/openssh/sshd-session
/usr/sbin/sshd
/usr/share/empty.sshd
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/lib/.ssh-host-keys-migration
(END)

설치되는 의존성 패키지 확인

# 어떤 파일들이 설치되는지 목록 확인
dnf deplist openssh-server | less
[lycos7560@DMT-RL01 ~]$ dnf deplist openssh-server | less
package: openssh-server-9.9p1-11.el10.rocky.0.1.x86_64
  dependency: /bin/sh
    provider: bash-5.2.26-6.el10.x86_64
  dependency: /usr/bin/bash
    provider: bash-5.2.26-6.el10.x86_64
  dependency: /usr/sbin/useradd
    provider: shadow-utils-2:4.15.0-8.el10.x86_64
  dependency: crypto-policies >= 20220824-1
    provider: crypto-policies-20250905-2.gitc7eb7b2.el10_1.1.noarch
  dependency: libaudit.so.1()(64bit)
    provider: audit-libs-4.0.3-4.el10.x86_64
  dependency: libc.so.6(GLIBC_2.38)(64bit)
    provider: glibc-2.39-58.el10_1.7.x86_64
  dependency: libcom_err.so.2()(64bit)
    provider: libcom_err-1.47.1-4.el10.x86_64
  dependency: libcrypt.so.2()(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypt.so.2(XCRYPT_2.0)(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypto.so.3()(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libcrypto.so.3(OPENSSL_3.0.0)(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libgssapi_krb5.so.2()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3(krb5_3_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libpam.so.0()(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libpam.so.0(LIBPAM_1.0)(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libselinux.so.1()(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libselinux.so.1(LIBSELINUX_1.0)(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libz.so.1()(64bit)
    provider: zlib-ng-compat-2.2.3-3.el10_1.x86_64
  dependency: openssh = 9.9p1-11.el10.rocky.0.1
    provider: openssh-9.9p1-11.el10.rocky.0.1.x86_64
  dependency: pam >= 1.0.1-3
    provider: pam-1.6.1-8.el10.x86_64
  dependency: rtld(GNU_HASH)
    provider: glibc-2.39-58.el10_1.7.x86_64
  dependency: systemd
    provider: systemd-257-13.el10.rocky.0.1.x86_64

package: openssh-server-9.9p1-12.el10_1.rocky.0.1.x86_64
  dependency: /bin/sh
    provider: bash-5.2.26-6.el10.x86_64
  dependency: /usr/bin/bash
    provider: bash-5.2.26-6.el10.x86_64
  dependency: /usr/sbin/useradd
    provider: shadow-utils-2:4.15.0-8.el10.x86_64
  dependency: crypto-policies >= 20220824-1
    provider: crypto-policies-20250905-2.gitc7eb7b2.el10_1.1.noarch
  dependency: libaudit.so.1()(64bit)
    provider: audit-libs-4.0.3-4.el10.x86_64
  dependency: libc.so.6(GLIBC_2.38)(64bit)
    provider: glibc-2.39-58.el10_1.7.x86_64
  dependency: libcom_err.so.2()(64bit)
    provider: libcom_err-1.47.1-4.el10.x86_64
  dependency: libcrypt.so.2()(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypt.so.2(XCRYPT_2.0)(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypto.so.3()(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libcrypto.so.3(OPENSSL_3.0.0)(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libgssapi_krb5.so.2()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3(krb5_3_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libpam.so.0()(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libpam.so.0(LIBPAM_1.0)(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libselinux.so.1()(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libselinux.so.1(LIBSELINUX_1.0)(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libz.so.1()(64bit)
    provider: zlib-ng-compat-2.2.3-3.el10_1.x86_64
  dependency: openssh = 9.9p1-12.el10_1.rocky.0.1
    provider: openssh-9.9p1-12.el10_1.rocky.0.1.x86_64
  dependency: pam >= 1.0.1-3
    provider: pam-1.6.1-8.el10.x86_64
  dependency: /usr/sbin/useradd
    provider: shadow-utils-2:4.15.0-8.el10.x86_64
  dependency: crypto-policies >= 20220824-1
    provider: crypto-policies-20250905-2.gitc7eb7b2.el10_1.1.noarch
  dependency: libaudit.so.1()(64bit)
    provider: audit-libs-4.0.3-4.el10.el10.x86_64
  dependency: libc.so.6(GLIBC_2.38)(64bit)
    provider: glibc-2.39-58.el10_1.7.x86_64
  dependency: libcom_err.so.2()(64bit)
    provider: libcom_err-1.47.1-4.el10.x86_64
  dependency: libcrypt.so.2()(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypt.so.2(XCRYPT_2.0)(64bit)
    provider: libxcrypt-4.4.36-10.el10.x86_64
  dependency: libcrypto.so.3()(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libcrypto.so.3(OPENSSL_3.0.0)(64bit)
    provider: openssl-libs-1:3.5.1-7.el10_1.x86_64
  dependency: libgssapi_krb5.so.2()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3()(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libkrb5.so.3(krb5_3_MIT)(64bit)
    provider: krb5-libs-1.21.3-8.el10_0.x86_64
  dependency: libpam.so.0()(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libpam.so.0(LIBPAM_1.0)(64bit)
    provider: pam-libs-1.6.1-8.el10.x86_64
  dependency: libselinux.so.1()(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libselinux.so.1(LIBSELINUX_1.0)(64bit)
    provider: libselinux-3.9-1.el10.x86_64
  dependency: libz.so.1()(64bit)
    provider: zlib-ng-compat-2.2.3-3.el10_1.x86_64
  dependency: openssh = 9.9p1-12.el10_1.rocky.0.1
    provider: openssh-9.9p1-12.el10_1.rocky.0.1.x86_64
  dependency: pam >= 1.0.1-3
    provider: pam-1.6.1-8.el10.x86_64
  dependency: rtld(GNU_HASH)
    provider: glibc-2.39-58.el10_1.7.x86_64
  dependency: systemd
    provider: systemd-257-13.el10.rocky.0.1.x86_64
(END)

댓글 달기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

관련 게시물

Unity Transport 2.5.1 Docs

Unity Transport 2.5.1 Docs

Unity, 개인 공부 저장용 / 글쓴이 /

API https://docs.unity3d.com/Packages/com.unity.transport@2.5/api/index.html 🔥Unity Transport? Unity Transport 2.5.1 https://docs.unity3d.com/Packages/com.unity.transport@2.5/manual/index.html Unity Transport는 멀티플레이어 게임…

위로 스크롤