unix和linux命令_Linux / Unix系统中SSH命令的用法

unix和linux命令

Any security-minded Linux user will always use SSH protocol when connecting to servers. This is because SSH is a secure protocol that encrypts data or information sent over the network. SSH replaced older and insecure protocols in the 90’s such as telnet and rlogin. In this guide, we look at SSH command usage with examples.

连接到服务器时，任何具有安全意识的Linux用户都将始终使用SSH协议。 这是因为SSH是一种安全协议，可对通过网络发送的数据或信息进行加密。 SSH取代了90年代的旧式和不安全协议，例如telnet和rlogin。 在本指南中，我们通过示例介绍SSH命令的用法。

By default, SSH runs on the TCP/IP port 22

默认情况下，SSH在TCP / IP端口22上运行

检查SSH服务是否在Linux系统上运行 (Checking if SSH service is running on a Linux System)

If you are currently logged in to a Linux system and you want to check if SSH is running, execute the command

如果当前登录到Linux系统，并且要检查SSH是否正在运行，请执行以下命令

# systemctl status sshd

Sample Output

样本输出

Additionally, you can check ssh is listening on port 22 on your server by using the netstat command as shown

此外，您可以使用netstat命令来检查ssh正在侦听服务器上的端口22

# netstat -pnltu

Sample Output

样本输出

The two techniques have confirmed that the SSH protocol is running on port 22.

两种技术已确认SSH协议在端口22上运行。

使用SSH登录到远程系统 (Logging to a remote System using SSH )

To log in to a remote system as root user from a Linux machine use the syntax below:

要以root用户从Linux计算机登录到远程系统，请使用以下语法：

# ssh root@host-ip-address

For example, I’m going to login to a remote Debian PC IP 173.82.208.144

例如，我要登录到远程Debian PC IP 173.82.208.144

# ssh root@173.82.208.144

If you are connecting for the first time, you will see the following prompt

如果您是第一次连接，将会看到以下提示

Type yes to add the server to the list of known_hosts located in ~/.ssh/known_hosts

输入yes将服务器添加到~/.ssh/known_hosts中的known_hosts列表中

Each server consists of a host key which is a cryptographic key. This key is used to authenticate systems using SSH protocol.

每个服务器都包含一个主机密钥，该主机密钥是一个加密密钥。 该密钥用于使用SSH协议对系统进行身份验证。

Next, you will be prompted for the remote system’s password. Provide the Password and hit ‘ENTER’ to log in to the system.

接下来，将提示您输入远程系统的密码。 提供密码，然后单击“ ENTER”以登录到系统。

以普通用户身份登录系统 (Logging to a system as a regular user)

Sometimes, you may want to log in to a remote system using a regular user’s account if remote root login is disabled. to do this, follow the syntax below

有时，如果禁用了远程root登录，则可能需要使用普通用户帐户登录到远程系统。 为此，请遵循以下语法

# ssh username@host-ip-address

OR

要么

# ssh -l username host-ip-address

To log in as user ‘john’ residing on the remote Debian system, execute the command

要以驻留在远程Debian系统上的用户“ john”的身份登录，请执行以下命令

# ssh john@173.82.208.144

Sample Output

样本输出

You can get the same thing using the below command.

您可以使用以下命令获得相同的结果。

# ssh -l john 173.82.208.144

Sample Output

样本输出

配置无密码认证 (Configuring passwordless authentication)

Sometimes, you may constantly need to access your remote systems or you may have services that may need access to these systems. Password authentication may lead to time wastage or hinder access to automated applications that require access to the remote systems. For this reason, it’s convenient to configure a passwordless SSH authentication to your remote servers.

有时，您可能经常需要访问您的远程系统，或者您的服务可能需要访问这些系统。 密码认证可能会导致时间浪费或阻碍对需要访问远程系统的自动化应用程序的访问。 因此，为远程服务器配置无密码SSH身份验证很方便。

步骤1：产生SSH金钥 (Step 1: Generate SSH keys)

The first step will be to generate SSH keys on the server using the command:

第一步将使用以下命令在服务器上生成SSH密钥：

# ssh-keygen

Sample Output

样本输出

when prompted at each step, simply hit ‘ENTER’ to maintain the defaults

在每一步提示时，只需按“ ENTER”以保持默认值

The public key – id_rsa.pub – is saved in ~/.ssh/ directory

公钥id_rsa.pub保存在~/.ssh/目录中

步骤2：将SSH公钥复制到远程客户端 (Step 2: Copying the SSH public key to the remote client)

The next step will be to copy the generated public key to the remote client system. To accomplish this, we will use the ssh-copy-id command . The command copies the SSH key to the remote client as an authorized key. This allows for subsequent automated passwordless logins.

下一步将是将生成的公共密钥复制到远程客户端系统。 为此，我们将使用ssh-copy-id命令。 该命令将SSH密钥作为授权密钥复制到远程客户端。 这样可以进行后续的自动无密码登录。

# ssh-copy-id -i ~/.ssh/id_rsa.pub root@173.82.208.14

Sample Output

样本输出

Now you can seamlessly log in to the remote Debian System without being prompted for a password

现在，您可以无缝登录到远程Debian系统，而无需提示输入密码

Sample Output

样本输出

The public key is saved in the client system in the ~/.ssh/authorized_keys file.

公钥保存在客户端系统的~/.ssh/authorized_keys文件中。

A FEW POINTS TO NOTE

需要注意的几点

1. SSH clients store host keys to systems they are connected to. These keys are referred to as known host keys and are stored in the ~/.ssh/ directory.
   SSH客户端将主机密钥存储到与其连接的系统。 这些密钥称为known host keys ，并存储在~/.ssh/目录中。
2. The private keys – id_rsa should only be accessible to the root user and should not be copied to any system. If leaked out to another third party, this may lead to man-in-the-middle attacks where the client systems can be compromised by hackers.
   私钥– id_rsa仅应由root用户访问，并且不应复制到任何系统。 如果泄露给其他第三方，则可能导致中间人攻击，从而使客户端系统受到黑客的威胁。

翻译自: https://www.journaldev.com/28828/ssh-command-linux-unix

unix和linux命令