- public subnet 이면 보안그룹 인바운드가 잘 열려있는지 확인
- private subnet 이면 internet gateway가 연결되어 있지 않기 때문에
public subnet에 bastion host를 생성한 후 ec2에 연결
- 이때 bastion host 아웃바운드와 ec2 인바운드 확인 해줘야 함
문제
[ec2-user@ip-ip pem-key]$ sudo ssh -i "finexblock-wallet-server-dev.pem" ec2-user@ec2-ip.ap-northeast-2.compute.amazonaws.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for ec2-ip.ap-northeast-2.compute.amazonaws.com has changed,
and the key for the corresponding IP address 10.0.147.158
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:RJtlySnY6KxXAjIf6oYTJmY4eQi9FKdz1V/nNLyY+nA.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:57
ECDSA host key for ec2-ip.ap-northeast-2.compute.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.해결
[ec2-user@ip-ip pem-key]$ sudo ssh-keygen -R "ec2-ip.ap-northeast-2.compute.amazonaws.com"
# Host ec2-ip.ap-northeast-2.compute.amazonaws.com found: line 57
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
새로 학습하는 내용을 기록합니다. \n 예전 주소 : https://blog.naver.com/gmlwl0720