SSH basic usage (including scp and sftp)

SSH connection

Basic Commands

# 登陆
ssh [user]@[remote address] <-p [port]>

# 只执行一条命令就退出，不进行交互
ssh [user]@[remote address]  <command>
# 连接并执行脚本
ssh [user]@[remote address] 'bash -s' < name.sh
cat name.ssh | ssh [user]@[remote address] 
 
# 实现多步跳；因为有的服务器指限定特定的ip访问
ssh -t sever1 -t ssh server2 -t ssh server3 

# 查看有哪些IP通过SSH连接了服务器
sudo netstat -anp | grep ESTABLISHED | grep ssh | awk '{print $ 5}'

Configuring SSH connection

# 被远程登录的主机必须安装ssh server（sshd)
apt update && sudo apt install -y openssh-server

# 客户端生成公钥和私钥
ssh-keygen # 一直回车
cd ~/.ssh;ls # 此时可以看你到公钥文件id_rsa.pub和私钥文件id_rsa

# 客户端将共钥交给远程主机，这样就可以免密登录了
ssh-copy-id [user]@[remote address]
# mac安装可以通过brew安装ssh-copy-id
# 保存在服务器的authorized_keys文件中
# 可以通过以下命令手工拷贝
ssh [user]@[remote address] 'mkdir -p .ssh&& cat >> ./ssh/authorized_keys' < ~/.ssh/id_rsa.pub

• If the remote host does not support free or login dense root login, you need to modify the configuration

 #step1: 
 vim /etc/ssh/sshd_config
 
 #step2: 
 #把PubkeyAuthentication 改为 yes
 #取消PermitRootLogin prohibit-password的注释并改为PermitRootLogin yes
 
 #step3: 
 service sshd restart
 #或者
 systemctl restart sshd

config configuration file

• Configure the server alias to avoid each time you log must enter the address and user

# 在 ~/.ssh/config文件内追加
Host [another name]
	HostName [remote address]
	User [user]
	Port [port]
	IdentityFile ~/.ssh/id_rsa

• File Locations
  • Located ~/.ssh/configand/etc/ssh/ssh_config
    • Scope are current users and global
• priority
  • High to low: Command Line Options> User Configuration> Global Configuration
• man ssh_configView full manual
• Host match format
  • * Matches all host names.
  • *.example.comMatches .example.com the end.
  • !*.dialup.example.com, *.example.com With! The beginning is to exclude the meaning.
  • 192.168.0.?Match 192.168.0. [0-9] of IP
• Avoid SSH automatically disconnected when not operated for a long time

# 每160秒发送一个心跳包
Host *
    ServerAliveInterval 60

• Reference : https://zhuanlan.zhihu.com/p/50621795

Keep the program running in the background

• Sometimes you want to run a long-running program on a remote machine, such as some calculations, and then when you sleep on a nap before signing a remote machine, but did not find any results. This is because once the ssh process exits, all programs before it starts will be killed
• You can nohupstill keep the run after the shell exits
• You can also tmuxachieve

By http or socks proxy server connection

# 使用-o参数实现
ssh -o "ProxyCommand nc -X 5 -x <porxy address>:<proxy port> %h %p" <server user>@<server address>

# 或者使用~/.ssh/config配置文件实现
# *对全局有效，就不需要在命令行中进行代理配置了
Host *
    ProxyCommand nc -X 5 -x <porxy address>:<proxy port> %h %p

• nc need to use openbsd version, traditional version does -X parameters
  • apt install -y netcat-openbsd
  • sudo update-alternatives --config nc Select Version
  • % H which indicates the target address,% p is the target port
  • -X Designated agency agreement
    • 5 It is socks5
    • 4 It is socks4
    • connect Is http
  • -x Designated proxy address [: Port]
    • If no port is specified, port commonly employed protocol
      • HTTP protocol port 3128
      • SOCKS5 protocol port 1080
  • Note: Do not use nc handle the HTTP protocol, there are bug, replaced with corkscrew

Host *
	ProxyCommand corkscrew <porxy address> <proxy port> %h %p

• reference:
  • SSH connection through a proxy server - Jane books

scp

# 把本地文件传输到远程
scp -P [port] /path/to/local/file [user]@[remote address]:/path/to/remote/dirctory

# 也可以使用别名
scp /path/to/local/file [another name]:/path/to/remote/dirctory

# 下载文件到本地
# -r 可传送文件夹
# 远程路径不以/开头默认在家目录～下
# 本地路径默认为当前目录 .
scp -r [another name]：path/to/remote/dirctory .

stfp

# 连接
sftp [user]@[remote address] <-P [port]>

> get /path/remote_file # 下载
> put local_file # 上传
>ls #查看目录
>pwd #查看路径
>exit #退出
>cd <path> #更改路径