[Reprint] SSH SSH Command Summary Command Summary

Others 2019-05-30 09:15:43 views: null

SSH Command Summary

SSH- keygen 

SSH -copy- the above mentioned id commands used their own but do not know the system know to forward command but just know a little bit ... 

ttps: // www.cnblogs.com/chenfangzhi/

 

table of Contents

A, ssh command

Login type

  1. Password: The server sends the public key to the client, the client back to the server using public key encryption, decryption server authentication password.
  2. Public key logon: the server sends a random string to the client, the client private key is encrypted using the server public key to decrypt (using RSA as a signature)

ssh command parameters

  1. -A key parameters springboard forward this and other scenes is very useful when used, if you find you need to check this always Rom
  2. -i Specifies the key file
  3. -p port number
  4. -C: compressing all the data requested;
  5. -f background
  6. -N parameters: distribution shell is not required, in some scenarios ssh account request prohibition shell terminal, such as a forwarding only the account
  7. This LocalPort -g default port allows only the machine is connected, it may allow for other machines connected to the port this parameter
  8. -T: it does not require the distribution terminal
  9. -o ServerAliveInterval = 60 every other period of time to send keep-alive messages

  10. -q suppress some of the extra debugging output

Related commands

  1. ssh-keygen for generating a key pair

  2. ssh-copy-id for copying the public key to the server

    Copy the public key may be used: ssh user @ host 'mkdir -p .ssh && cat >> .ssh / authorized_keys' <~ / .ssh / id_rsa.pub

Related documents

  1. ~ / .Ssh / authorized_keys file for storing user's public key
  2. Unique hash code stored in ~ / .ssh / known_hosts file server is used to identify the server
  3. ~ / .Ssh / id_dsa user's private key file
  4. ~ / .Ssh / id_rsa.pub default user public key file for adding the public key to the server to log file authorized_keys
  5. / Etc / ssh / ssh_config ssh client configuration
  6. / Etc / ssh / sshd_config ssh server configuration

Usage patterns

It is recommended mode for use, in the use of automated scripts do, you can use ssh to operate the remote host, this way you can use a flexible pipe, as described above modify authorized_keys. example:

All remote hosts $ HOME / src / directory of files copied to the user's current directory:ssh user@host 'tar cz src' | tar xzv

All $ HOME / src / directory of files copied to the remote host's $ HOME / src / directory: cd && tar czv src | ssh user@host 'tar xz'

Second, port forwarding

Dynamic forward :ssh -D 1080 user@host -Nfg

The most widely used as a proxy sock5, plus additional benefits encrypted connection, extensive use of ss is to use this software.
In addition it can also serve as stepping stones to achieve, not some public network server ip outside the network, as a proxy to access only to those servers through the network ip outside the network server.

Local forwarding : ssh -L LocalPort:remoteHost:remotePort sshHost
Note that this remoteHost:remotePortis relative to the address sshHost, such remoteHost set to localhost, is in fact a local sshHost

Usually a scene can not be directly connected, such as firewalls, network ports, etc. has not been developed well, not directly connected to the local remoteHost, you do need sshHost transit.
At that time our company a scenario, some of the background of our server did not open outside ports, in-house we need to access the background in the use of a network server ssh forwarded to the local public network server, including network direct access to our network server .

Remote forward :ssh -R LocalPort:remoteHost:remotePort sshHost

Note that this remoteHost:remotePortis relative to the machine ssh command execution and local forwarding different.
Also note that this command is executed and machinery and local forwarding different. For example, we have so many needs, to map the server port 21 to the client serverA 2021.
Local forwarding: At this time we execute the command locally on the client forwarding, ssh -L 2021:localhost:21 serverA
remote forwarding: it is run on the server, ssh -R 2021:localhsot:21 client, client refers to our client, that client need sshServer

The above local and remote forwarding forwarding like, the same difference in a parameter function commands, but both can not be replaced with each other sometimes. Local and remote from exports to mind:
Local: client connections sshServer local data will be forwarded to a local port forwarding out
remote: client connection sshServer, build port in sshServer, data from the local to sshServer

General scene for public access to the LAN. Establish a remote forward so that the public can access the LAN server machines in a local area network

xsell menu -> View -> Tunnel pane can quickly create three types.

ProxyCommand parameters

Many times online rights management server is controlled by stepping stones, such as server a, b, c you can not directly connected, but the connection to go through to be logged springboard machine. If you now want to connect to the server locally, with the following program:

  1. In the local use of dynamic forward, such as ssh -D 1080 user@hosthosts and users are stepping stones, using 1080 as a proxy when creating a new connection in xshell, in which case you can use this connection in even considered stepping stones, such as you fill in localhost connections, this localhost is the springboard to the machine
  2. Locally using local forwarding, such as ssh -L 2222:hosta:22 tiaobanHost, this time we can use localhost port 2222 and a connection server, no need to configure a proxy
  3. Remote forwards generally do not, because the server can not access the corporate LAN

Although the above methods can be implemented to log back-end servers, but the two still operating some inconvenience, you can use more convenient ProxyCommand.

This method also has two forms:

  1. ssh -o ProxyCommand="ssh user@jumpHost -W %h:%p" serverHost
  2. ssh -o ProxyCommand="nc -x jumpHost:jumpPort %h:%p" serverHost

If you frequently use this command ProxyCommand can be written to the ssh configuration file

There are three machines

  1. Client: 192.168.199.3
  2. Stepping stones: 192.168.199.6
  3. Target: 192.168.199.5

The first execution:ssh -o ProxyCommand="ssh 192.168.199.6 -W %h:%p" 192.168.199.5

Note that this is only -W added in the new version, only support after 5.4 openssh, equivalent to a simplified version of nc

The client process:

chen      50607  50529  0 17:52 pts/0    00:00:00 ssh -o ProxyCommand=ssh 192.168.199.6 -W %h:%p 192.168.199.5
chen      50608  50607  0 17:52 pts/0    00:00:00 ssh 192.168.199.6 -W 192.168.199.5:22

Client displays the connection:

tcp        0      0 192.168.199.3:34306     192.168.199.6:22 ESTABLISHED 50608/ssh

Display machine connected springboard:

tcp        0      0 192.168.199.6:36932 192.168.199.5:22 ESTABLISHED - tcp 0 0 192.168.199.6:22 192.168.199.3:34306 ESTABLISHED -

Target display connections:

tcp        0      0 192.168.199.5:22 192.168.199.6:36932 ESTABLISHED -

It can be seen from the above results, stepping stones, and at each end a connection is established, the other client is a process of taking up the connection 50608

The second execution:ssh -o ProxyCommand="ssh 192.168.199.6 nc %h %p" 192.168.199.5

In this way and aspects as connected to the display they are also the same.

Finally talk about one kind nc

Note that this approach requires a sock5 agents, so the stepping stones to enable proxy: ssh -D 4000 192.168.199.5 -Nfg
nc supports a variety of agents, including live scok4, sock5 and http, two kinds of the above and in this way is completely different. One thing is very strange if the machine did not open springboard sock5 agent and no error message, ssh and did not
and does not use a proxy server to connect directly instead
ssh -o ProxyCommand="nc -x 192.168.199.6:4000 %h %p" 192.168.199.5

Three, scp command

example:scp test.txt chen@centos:/home/chen/data/

  1. -P specify a port
  2. -r recursive copy
  3. -i indicate that the key file

Four, rsync command

example: rsync -avuz ~test/ chen@centos:/home/chen/data/

scp rsync, and the like, is mainly used 'rsync' algorithm only synchronize different files, and supports HTTP compression transmission, faster speed in general. Parameters are as follows:

  1. -t does not update modify time
  2. -z compression
  3. -P HTTP functionality, use large files
  4. -r recursive transfer
  5. -I forced synchronization
  6. -a archive mode and maintaining all file attributes, equivalent to -rlptgoD (no -H, -A, -X)
  7. -v output transmission details
  8. -u If a file on the recipient of sync than the old and the new transmission's

In addition there is a rsync server mode, using the model rsync server and client, synchronize files require long-term, it is recommended to use this mode, this mode linux system account and the account is separate, more secure.

Five, sz and rz command

These two commands is very easy to use xshell client on Windows, if you encounter this scenario stepping stones, frequent need to wear to wear, these two commands can be automatically Tunnel, very easy, very simple commands province.

  1. -e binary transmission, this is very important, and sometimes when the executable file transfer
  2. -y overwrite the original file if present, a default is generated

-o "StrictHostKeyChecking no"

六、 ssh-agent

Finally, to say this thing is very useful, if often use ssh's sure to encounter scenes with multiple private key and a private key needs to be encrypted scene. If the private key is encrypted, a password is required for each connection or,
when the wear between the various servers may require multiple id_rsa password, it is cumbersome, additional plurality of different hosts a plurality of private keys when needed to specify the private key, ssh-agent is used to solve this problem.

This feature requires configuration AllowAgentForwarding in the sshd configuration file, ssh configuration file is ForwardAgent

  1. eval `ssh-agent -s`: open agent, here you must use eval
  2. ssh-add id_rsa_file: a key used to add, if not specified here, the file is added the ~ / .ssh / id_rsa file

Reference article

  1. SSH principle and application of (a): Telnet
  2. SSH principle and application (b): remote operation and port forwarding
  3. Linux ssh command Detailed
  4. ssh -W and ssh nc
This article will summarize here, hoping to help you!
Author: Chen Fang Chi
This article belongs to the author and blog Park total, welcome to retain the source reprint!

table of Contents

A, ssh command

Login type

  1. Password: The server sends the public key to the client, the client back to the server using public key encryption, decryption server authentication password.
  2. Public key logon: the server sends a random string to the client, the client private key is encrypted using the server public key to decrypt (using RSA as a signature)

ssh command parameters

  1. -A key parameters springboard forward this and other scenes is very useful when used, if you find you need to check this always Rom
  2. -i Specifies the key file
  3. -p port number
  4. -C: compressing all the data requested;
  5. -f background
  6. -N parameters: distribution shell is not required, in some scenarios ssh account request prohibition shell terminal, such as a forwarding only the account
  7. This LocalPort -g default port allows only the machine is connected, it may allow for other machines connected to the port this parameter
  8. -T: it does not require the distribution terminal
  9. -o ServerAliveInterval = 60 every other period of time to send keep-alive messages

  10. -q suppress some of the extra debugging output

Related commands

  1. ssh-keygen for generating a key pair

  2. ssh-copy-id for copying the public key to the server

    Copy the public key may be used: ssh user @ host 'mkdir -p .ssh && cat >> .ssh / authorized_keys' <~ / .ssh / id_rsa.pub

Related documents

  1. ~ / .Ssh / authorized_keys file for storing user's public key
  2. Unique hash code stored in ~ / .ssh / known_hosts file server is used to identify the server
  3. ~ / .Ssh / id_dsa user's private key file
  4. ~ / .Ssh / id_rsa.pub default user public key file for adding the public key to the server to log file authorized_keys
  5. / Etc / ssh / ssh_config ssh client configuration
  6. / Etc / ssh / sshd_config ssh server configuration

Usage patterns

It is recommended mode for use, in the use of automated scripts do, you can use ssh to operate the remote host, this way you can use a flexible pipe, as described above modify authorized_keys. example:

All remote hosts $ HOME / src / directory of files copied to the user's current directory:ssh user@host 'tar cz src' | tar xzv

All $ HOME / src / directory of files copied to the remote host's $ HOME / src / directory: cd && tar czv src | ssh user@host 'tar xz'

Second, port forwarding

Dynamic forward :ssh -D 1080 user@host -Nfg

The most widely used as a proxy sock5, plus additional benefits encrypted connection, extensive use of ss is to use this software.
In addition it can also serve as stepping stones to achieve, not some public network server ip outside the network, as a proxy to access only to those servers through the network ip outside the network server.

Local forwarding : ssh -L LocalPort:remoteHost:remotePort sshHost
Note that this remoteHost:remotePortis relative to the address sshHost, such remoteHost set to localhost, is in fact a local sshHost

Usually a scene can not be directly connected, such as firewalls, network ports, etc. has not been developed well, not directly connected to the local remoteHost, you do need sshHost transit.
At that time our company a scenario, some of the background of our server did not open outside ports, in-house we need to access the background in the use of a network server ssh forwarded to the local public network server, including network direct access to our network server .

Remote forward :ssh -R LocalPort:remoteHost:remotePort sshHost

Note that this remoteHost:remotePortis relative to the machine ssh command execution and local forwarding different.
Also note that this command is executed and machinery and local forwarding different. For example, we have so many needs, to map the server port 21 to the client serverA 2021.
Local forwarding: At this time we execute the command locally on the client forwarding, ssh -L 2021:localhost:21 serverA
remote forwarding: it is run on the server, ssh -R 2021:localhsot:21 client, client refers to our client, that client need sshServer

The above local and remote forwarding forwarding like, the same difference in a parameter function commands, but both can not be replaced with each other sometimes. Local and remote from exports to mind:
Local: client connections sshServer local data will be forwarded to a local port forwarding out
remote: client connection sshServer, build port in sshServer, data from the local to sshServer

General scene for public access to the LAN. Establish a remote forward so that the public can access the LAN server machines in a local area network

xsell menu -> View -> Tunnel pane can quickly create three types.

ProxyCommand parameters

Many times online rights management server is controlled by stepping stones, such as server a, b, c you can not directly connected, but the connection to go through to be logged springboard machine. If you now want to connect to the server locally, with the following program:

  1. In the local use of dynamic forward, such as ssh -D 1080 user@hosthosts and users are stepping stones, using 1080 as a proxy when creating a new connection in xshell, in which case you can use this connection in even considered stepping stones, such as you fill in localhost connections, this localhost is the springboard to the machine
  2. Locally using local forwarding, such as ssh -L 2222:hosta:22 tiaobanHost, this time we can use localhost port 2222 and a connection server, no need to configure a proxy
  3. Remote forwards generally do not, because the server can not access the corporate LAN

Although the above methods can be implemented to log back-end servers, but the two still operating some inconvenience, you can use more convenient ProxyCommand.

This method also has two forms:

  1. ssh -o ProxyCommand="ssh user@jumpHost -W %h:%p" serverHost
  2. ssh -o ProxyCommand="nc -x jumpHost:jumpPort %h:%p" serverHost

If you frequently use this command ProxyCommand can be written to the ssh configuration file

There are three machines

  1. Client: 192.168.199.3
  2. Stepping stones: 192.168.199.6
  3. Target: 192.168.199.5

The first execution:ssh -o ProxyCommand="ssh 192.168.199.6 -W %h:%p" 192.168.199.5

Note that this is only -W added in the new version, only support after 5.4 openssh, equivalent to a simplified version of nc

The client process:

chen      50607  50529  0 17:52 pts/0    00:00:00 ssh -o ProxyCommand=ssh 192.168.199.6 -W %h:%p 192.168.199.5
chen      50608  50607  0 17:52 pts/0    00:00:00 ssh 192.168.199.6 -W 192.168.199.5:22

Client displays the connection:

tcp        0      0 192.168.199.3:34306     192.168.199.6:22 ESTABLISHED 50608/ssh

Display machine connected springboard:

tcp        0      0 192.168.199.6:36932 192.168.199.5:22 ESTABLISHED - tcp 0 0 192.168.199.6:22 192.168.199.3:34306 ESTABLISHED -

Target display connections:

tcp        0      0 192.168.199.5:22 192.168.199.6:36932 ESTABLISHED -

It can be seen from the above results, stepping stones, and at each end a connection is established, the other client is a process of taking up the connection 50608

The second execution:ssh -o ProxyCommand="ssh 192.168.199.6 nc %h %p" 192.168.199.5

In this way and aspects as connected to the display they are also the same.

Finally talk about one kind nc

Note that this approach requires a sock5 agents, so the stepping stones to enable proxy: ssh -D 4000 192.168.199.5 -Nfg
nc supports a variety of agents, including live scok4, sock5 and http, two kinds of the above and in this way is completely different. One thing is very strange if the machine did not open springboard sock5 agent and no error message, ssh and did not
and does not use a proxy server to connect directly instead
ssh -o ProxyCommand="nc -x 192.168.199.6:4000 %h %p" 192.168.199.5

Three, scp command

example:scp test.txt chen@centos:/home/chen/data/

  1. -P specify a port
  2. -r recursive copy
  3. -i indicate that the key file

Four, rsync command

example: rsync -avuz ~test/ chen@centos:/home/chen/data/

scp rsync, and the like, is mainly used 'rsync' algorithm only synchronize different files, and supports HTTP compression transmission, faster speed in general. Parameters are as follows:

  1. -t does not update modify time
  2. -z compression
  3. -P HTTP functionality, use large files
  4. -r recursive transfer
  5. -I forced synchronization
  6. -a archive mode and maintaining all file attributes, equivalent to -rlptgoD (no -H, -A, -X)
  7. -v output transmission details
  8. -u If a file on the recipient of sync than the old and the new transmission's

In addition there is a rsync server mode, using the model rsync server and client, synchronize files require long-term, it is recommended to use this mode, this mode linux system account and the account is separate, more secure.

Five, sz and rz command

These two commands is very easy to use xshell client on Windows, if you encounter this scenario stepping stones, frequent need to wear to wear, these two commands can be automatically Tunnel, very easy, very simple commands province.

  1. -e binary transmission, this is very important, and sometimes when the executable file transfer
  2. -y overwrite the original file if present, a default is generated

-o "StrictHostKeyChecking no"

六、 ssh-agent

Finally, to say this thing is very useful, if often use ssh's sure to encounter scenes with multiple private key and a private key needs to be encrypted scene. If the private key is encrypted, a password is required for each connection or,
when the wear between the various servers may require multiple id_rsa password, it is cumbersome, additional plurality of different hosts a plurality of private keys when needed to specify the private key, ssh-agent is used to solve this problem.

This feature requires configuration AllowAgentForwarding in the sshd configuration file, ssh configuration file is ForwardAgent

  1. eval `ssh-agent -s`: open agent, here you must use eval
  2. ssh-add id_rsa_file: a key used to add, if not specified here, the file is added the ~ / .ssh / id_rsa file

Reference article

  1. SSH principle and application of (a): Telnet
  2. SSH principle and application (b): remote operation and port forwarding
  3. Linux ssh command Detailed
  4. ssh -W and ssh nc

Guess you like

Origin www.cnblogs.com/jinanxiaolaohu/p/10930377.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com