ssh 远程复制文件
SSH is a lifesaver when you need to remotely manage a computer, but did you know you can also upload and download files, too? Using SSH keys, you can skip having to enter passwords and use this for scripts!
当您需要远程管理计算机时,SSH是救生员,但是您知道您也可以上传和下载文件吗? 使用SSH密钥,您可以不必输入密码并将其用于脚本!
This process works on Linux and Mac OS, provided that they’re properly configured for SSH access. If you’re using Windows, you can use Cygwin to get Linux-like functionality, and with a little tweaking, SSH will run as well.
只要正确配置了SSH访问权限,此过程即可在Linux和Mac OS上运行。 如果您使用的是Windows,则可以使用Cygwin获得类似Linux的功能 ,并且稍作调整, SSH也将运行 。
通过SSH复制文件 (Copying Files Over SSH)
Secure copy is a really useful command, and it’s really easy to use. The basic format of the command is as follows:
安全复制是一个非常有用的命令,并且非常易于使用。 该命令的基本格式如下:
scp [options] original_file destination_file
scp [选项] original_file destination_file
The biggest kicker is how to format the remote part. When you address a remote file, you need to do it in the following manner:
最大的问题是如何格式化远程部分。 在寻址远程文件时,您需要按以下方式进行操作:
user@server:path/to/file
用户@服务器:路径/到/文件
The server can be a URL or an IP address. This is followed by a colon, then the path to the file or folder in question. Let’s look at an example.
服务器可以是URL或IP地址。 这之后是一个冒号,然后是该文件或文件夹的路径。 让我们来看一个例子。
scp –P 40050 Desktop/url.txt yatri@192.168.1.50:~/Desktop/url.txt
scp –P 40050桌面/url.txt yatri@192.168.1.50:〜/ Desktop / url.txt
This command features the [-P] flag (note that it’s a capital P). This allows me to specify a port number instead of the default 22. This is necessary for me because of the way I’ve configured my system.
此命令具有[-P]标志(请注意,它是大写字母P)。 这使我可以指定端口号而不是默认的22。这对我来说是必需的,因为我已经配置了系统。
Next, my original file is “url.txt” which is inside of a directory called “Desktop”. The destination file is in “~/Desktop/url.txt” which is the same as “/user/yatri/Desktop/url.txt”. This command is being run by the user “yatri” on the remote computer “192.168.1.50”.
接下来,我的原始文件是“ url.txt”,它位于名为“ Desktop”的目录中。 目标文件位于“〜/ Desktop / url.txt”中,与“ /user/yatri/Desktop/url.txt”相同。 该命令由远程计算机“ 192.168.1.50”上的用户“ yatri”运行。
What If you need to do the opposite? You can copy files from a remote server similarly.
如果您需要做相反的事情怎么办? 您可以类似地从远程服务器复制文件。
Here, I’ve copied a file from the remote computer’s “~/Desktop/” folder to my computer’s “Desktop” folder.
在这里,我已将文件从远程计算机的“〜/ Desktop /”文件夹复制到计算机的“ Desktop”文件夹。
To copy whole directories, you’ll need to use the [-r] flag (note that it’s a lowercase r).
要复制整个目录,您需要使用[-r]标志(请注意,它是小写的r)。
You can also combine flags. Instead of
您还可以组合标志。 代替
scp –P –r …
scp –P –r…
You can just do
你可以做
scp –Pr …
scp –Pr…
The toughest part here is that tab completion doesn’t always work, so it’s helpful to have another terminal with an SSH session running so that you know where to put things.
这里最难的部分是制表符补全并不总是起作用,因此让另一个带有SSH会话的终端运行很有帮助,这样您就可以知道在哪里放置东西。
没有密码的SSH和SCP (SSH and SCP Without Passwords)
Secure copy is great. You can put it in scripts and have it do backups to remote computers. The problem is that you may not always be around to enter the password. And, let’s be honest, it’s a real big pain to put in your password to a remote computer you obviously have access to all the time.
安全复制很棒。 您可以将其放在脚本中,并备份到远程计算机。 问题是您可能不总是要输入密码。 而且,说实话,将密码输入到您显然一直可以访问的远程计算机上确实是一个很大的痛苦。
Well, we can get around using passwords by using key files. We can have the computer generate two key files – one public that belongs on the remote server, and one private which is on your computer and needs to be secure – and these will be used instead of a password. Pretty convenient, right?
好吧,我们可以通过使用密钥文件来避免使用密码。 我们可以让计算机生成两个密钥文件-一个在远程服务器上的公用文件,另一个在计算机上的需要安全的专用文件-这些文件将代替密码使用。 很方便吧?
On your computer, enter the following command:
在您的计算机上,输入以下命令:
ssh-keygen –t rsa
ssh-keygen –t rsa
This will generate the two keys and put them in:
这将生成两个密钥并将其放入:
~/.ssh/
〜/ .ssh /
with the names “id_rsa” for your private key, and “id_rsa.pub” for your public key.
名称分别为“ id_rsa”和“ id_rsa.pub”。
After entering the command, you’ll be asked where to save the key. You can hit Enter to use the above-mentioned defaults.
输入命令后,将询问您将密钥保存在何处。 您可以按Enter键以使用上述默认值。
Next, you’ll be asked to enter a passphrase. Hit Enter to leave this blank, then do it again when it asks for confirmation. The next step is to copy the public key file to your remote computer. You can use scp to do this:
接下来,系统会要求您输入密码。 按Enter键,将其保留为空白,然后在要求确认时再次进行。 下一步是将公钥文件复制到远程计算机。 您可以使用scp执行此操作:
The destination for your public key is on the remote server, in the following file:
公共密钥的目标位于远程服务器上的以下文件中:
~/.ssh/authorized_keys2
〜/ .ssh / authorized_keys2
Subsequent public keys can be appended to this file, much like the ~/.ssh/known_hosts file. This means that if you wanted to add another public key for your account on this server, you would copy the contents of the second id_rsa.pub file into a new line on the existing authorized_keys2 file.
随后的公钥可以附加到此文件,非常类似于〜/ .ssh / known_hosts文件。 这意味着,如果要在此服务器上为您的帐户添加另一个公钥,则可以将第二个id_rsa.pub文件的内容复制到现有authorized_keys2文件的新行中。
安全注意事项 (Security Considerations)
Isn’t this less secure than a password?
这不是比密码安全吗?
In a practical sense, not really. The private key that’s generated is stored on the computer you’re using, and it is never transferred, not even to be verified. This private key ONLY matches with that ONE public key, and the connection needs to be started from the computer that has the private key. RSA is pretty secure and uses a 2048 bit-length by default.
从实际意义上讲,并非如此。 生成的私钥存储在您正在使用的计算机上,并且永远不会转移,甚至不会被验证。 该私钥仅与该一个公钥匹配,并且需要从具有私钥的计算机开始连接。 RSA非常安全,默认情况下使用2048位长度。
It’s actually pretty similar in theory to using your password. If someone has knows your password, your security goes out of the window. If someone has your private key file, then security is lost to any computer that has the matching pubic key, but they need access to your computer to get it.
从理论上讲,它实际上与使用密码相似。 如果有人知道您的密码,那么您的安全性就会消失。 如果某人拥有您的私钥文件,那么具有匹配的公钥的任何计算机的安全性都会丢失,但是他们需要访问您的计算机才能获取它。
Can this be more secure?
可以更安全吗?
You can combine a password with key files. Follow the steps above, but enter a strong passphrase. Now, when you connect over SSH or use SCP, you’ll need the proper private key file as well as the proper passphrase.
您可以将密码与密钥文件结合在一起。 请按照上述步骤操作,但请输入一个强密码。 现在,当您通过SSH连接或使用SCP时,您将需要正确的私钥文件以及正确的密码短语。
Once you enter your passphrase once, you won’t be asked again for it until you close your session. That means that the first time you SSH/SCP, you’ll need to enter your password, but all subsequent actions won’t require it. Once you log out of your computer (not the remote one) or close your terminal window, then you’ll have to enter it again. In this way, you’re not really sacrificing security, but you’re also not harassed for passwords all the time.
一次输入密码后,在关闭会话之前,不会再要求您输入密码。 这意味着您第一次使用SSH / SCP时,需要输入密码,但是随后的所有操作都不需要它。 从计算机(不是远程计算机)注销或关闭终端窗口后,就必须再次输入。 这样,您并没有真正牺牲安全性,但是也没有一直都在为密码而烦恼。
Can I reuse the public/private key pair?
我可以重用公钥/私钥对吗?
This is a really bad idea. If someone finds your password, and you use the same password for all of your accounts, then they now have access to all of those accounts. Similarly, your private key file is also super-secret and important. (For more information, take a look at How To Recover After Your Email Password Is Compromised)
这真是个坏主意。 如果有人找到了您的密码,并且您对所有帐户使用了相同的密码,那么他们现在就可以访问所有这些帐户。 同样,您的私钥文件也非常机密且重要。 (有关更多信息,请查看如何在电子邮件密码遭到破坏后恢复 )
It’s best to create new key pairs for every computer and account you want to link. That way, if one of your private keys get caught somehow, then you’ll only compromise one account on one remote computer.
最好为要链接的每台计算机和帐户创建新的密钥对。 这样,如果您的某个私钥以某种方式被捕获,那么您只会破坏一台远程计算机上的一个帐户。
It’s also really important to note that all of your private keys are stored in the same place: in ~/.ssh/ on your computer, you can use TrueCrypt to create a secure, encrypted container, then create symlinks in your ~/.ssh/ directory. Depending on what I’m doing, I use this super-paranoid super-secure method to put my mind at ease.
还要特别注意,所有私钥都存储在同一位置:在计算机上的〜/ .ssh /中,可以使用TrueCrypt创建安全的加密容器,然后在〜/ .ssh中创建符号链接 。 / 目录。 根据我在做什么,我使用这种超级偏执的超级安全方法来放心。
Have you used SCP in any scripts? Do you use key files instead of passwords? Share your own expertise with other readers in the comments!
您是否在任何脚本中使用过SCP? 您使用密钥文件代替密码吗? 在评论中与其他读者分享您自己的专业知识!
翻译自: https://www.howtogeek.com/66776/how-to-remotely-copy-files-over-ssh-without-entering-your-password/
ssh 远程复制文件
910
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
