SSH is one of the most popular tools in the Linux and Unix world. SSH or Secure Shell as its name suggests creates secure shell connections to the remote systems. Most of the Linux system administrators prefer SSH to manage remotely. SSH creates encrypted channels to the remote system and transmits data through these secure channels.
SSH是Linux和Unix世界中最流行的工具之一。 顾名思义,SSH或安全外壳会创建到远程系统的安全外壳连接。 大多数Linux系统管理员更喜欢SSH进行远程管理。 SSH创建到远程系统的加密通道,并通过这些安全通道传输数据。
句法 (Syntax)
Basic ssh syntax is like below.
基本的ssh语法如下所示。
ssh OPTIONS [email protected] COMMAND
- `OPTIONS` is used to specify ssh command options which can change auth type, compression, etc. most of them explained in this tutorial OPTIONS用于指定ssh命令选项,这些选项可以更改身份验证类型,压缩等。大多数内容在本教程中进行了说明。
- `USERNAME` is the user name we want to use to authenticate on the remote system or host. USERNAME is optional where if it is not specified current user name is used. USERNAME是我们要用于在远程系统或主机上进行身份验证的用户名。 USERNAME是可选的,如果未指定,则使用当前用户名。
- `HOSTNAME` is the hostname or IP address of the remote system or host we want to connect. “ HOSTNAME”是我们要连接的远程系统或主机的主机名或IP地址。
- `COMMAND` is optional where we can run command on the remote system without getting an interactive shell. COMMAND是可选的,我们可以在不使用交互式shell的情况下在远程系统上运行命令。
连接到遥控器 (Connect To Remote)
Simple usage of ssh is just providing hostname or IP address of remote system and connect. The user name is supplied from current user. Simply current users username is used for remote system.
ssh的简单用法只是提供远程系统的主机名或IP地址并进行连接。 用户名由当前用户提供。 简单来说,当前用户的用户名用于远程系统。
$ ssh 192.168.122.22
明确指定用户名(Specify Username Explicitly)
In the previous example username is supplied by the session. What is we need to use different username for the remote connection? Adding username to the remote system IP address or hostname with @ sign like below can solve this.
在上一个示例中,用户名由会话提供。 我们需要为远程连接使用不同的用户名吗? 如下所示,将用户名添加到带有@符号的远程系统IP地址或主机名中可以解决此问题。
$ ssh [email protected]
OR
要么
We can provide the username with -l parameter like below.
我们可以为用户名提供-l参数,如下所示。
$ ssh -l root 192.168.122.22
指定端口号(Specify Port Number)
Ssh protocol uses TCP port 22 by default. Ssh clients also assumes remote system uses default port number. In some cases the port number can be different than 22 so the remote port number should be provided to the ssh explicitly with -p parameter like below.
SSH协议默认使用TCP端口22。 Ssh客户端还假定远程系统使用默认端口号。 在某些情况下,端口号可以不同于22,因此应使用-p参数将远程端口号显式提供给ssh,如下所示。
$ ssh -p 22 192.168.122.22
使用SSH密钥生成器创建公共-私有密钥/证书(Create Public-Private Keys/Certificates With SSH Keygen)
SSH is very advanced and feature-full protocol. SSH provides different protocols for authentication. The default one is password-based authentication as we previously did. Key-based or certificate-based authentication is more secure than password-based authentication. To use key-based security public and private keys should be created for the user.
SSH是非常先进的功能齐全的协议。 SSH提供了不同的身份验证协议。 像以前一样,默认密码是基于密码的身份验证。 基于密钥或基于证书的身份验证比基于密码的身份验证更安全。 要使用基于密钥的安全性,应为用户创建公用和专用密钥。
$ ssh-keygen
During key generation process some questions are asked. Here are steps.
在密钥生成过程中,会询问一些问题。 这是步骤。
By default, keys are stored in the users home directory. The exact path is /home/ismail/.ssh/ and keys are named id_rsa.pub, id_rsa . If we want to change default values we can provide them if not just press enter and skip.
默认情况下,密钥存储在用户的主目录中。 确切的路径是/home/ismail/.ssh/,并且键名为id_rsa.pub , id_rsa 。 如果要更改默认值,我们可以提供默认值,而不仅仅是按Enter和跳过。
Enter file in which to save the key (/home/ismail/.ssh/id_rsa):
Keys can be protected by encrypting them. Especially private key named id_rsa is important. If we want to encrypt then enter the password, if not just press enter and skip.
可以通过加密来保护密钥。 特别是名为id_rsa的私钥很重要。 如果我们要加密,请输入密码,如果不是,请按Enter并跳过。
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
基于密钥的身份验证 (Key Based Authentication)
We have previously created our keys. We can use these keys to automatically authenticate without providing any password. First, we should deploy our public key to the remote system. Deployment is easy because of SSH tool named ssh-copy-id . Remote username and host provided like below. Our public key is deployed to the remote users authorized keys database. By default, our public key is /home/ismail/.ssh/id_rsa.pub
我们之前已经创建了密钥。 我们可以使用这些密钥自动进行身份验证,而无需提供任何密码。 首先,我们应该将公钥部署到远程系统。 由于使用名为ssh-copy-id的SSH工具,因此部署很容易。 提供远程用户名和主机,如下所示。 我们的公共密钥被部署到远程用户授权密钥数据库中。 默认情况下,我们的公钥为/home/ismail/.ssh/id_rsa.pub
$ ssh-copy-id [email protected]
明确指定键(Explicitly Specify Keys)
SSH behaivour is by default using keys /home/ismail/.ssh/id_rsa.pub and /home/ismail/.ssh/id_rsa but this is not practical some times. We can provide keys explicitly with the -i parameter like below.
缺省情况下,SSH behaivour使用/home/ismail/.ssh/id_rsa.pub和/home/ismail/.ssh/id_rsa键,但这在某些时候不切实际。 我们可以使用-i参数显式提供键,如下所示。
$ ssh -i .ssh/id_rsa [email protected]
远程运行命令(Run Command Remotely)
To run single line command on the remote hosts opening new shell and typing command may become hard work for us. SSH provides the ability to run commands remotely without opening an interactive bash shell. This will run command ip address show on the remote system.
要在远程主机上运行单行命令,请打开新的shell并键入命令,这对我们来说可能会很困难。 SSH提供了无需打开交互式bash shell即可远程运行命令的功能。 这将在远程系统上运行命令ip address show 。
$ ssh 192.168.122.22 "ip address show"
显式配置(Explicit Configuration)
SSH configuration generally resides on the /etc/ssh/ssh_config or ~/.ssh/config . Alternative configuration can be specified with -F parameter like below.
SSH配置通常位于/ etc / ssh / ssh_config或〜/ .ssh / config上。 可以使用-F参数指定替代配置,如下所示。
$ ssh -F ssh_config 192.168.122.22
转发端口(Port Forwarding)
Port forwarding is useful feature provided by SSH. The general definition of port forwarding is tunneling local or remote system ports each other. For example I want to connect google.com from local system through a remote system. Port forwarding should be enabled while connecting to the remote system.
端口转发是SSH提供的有用功能。 端口转发的一般定义是互相隧道连接本地或远程系统端口。 例如,我想通过远程系统从本地系统连接google.com。 连接到远程系统时,应启用端口转发。
本地端口转发 (Local Port Forwarding)
In local port forwarding local port will be forwarded to the remote system and then to the destination system host and port.
在本地端口转发中,本地端口将转发到远程系统,然后再转发到目标系统的主机和端口。
-L LOCALPORT : DESTINATIONHOST : DESTINATIONPORT
$ ssh -L 2222:poftut.com:2222 192.168.122.22
After we have connected to the remote system local port number 2222 is opened in the local system. We can check the local port 2222 with the following command.
连接到远程系统后,将在本地系统中打开本地端口号2222。 我们可以使用以下命令检查本地端口2222。
$ netstat -tl | grep 2222
Now if we try to connect local port 2222 this port will be forwarded to the host poftut.com and port 2222
现在,如果我们尝试连接本地端口2222,则该端口将转发到主机poftut.com和端口2222
远程端口转发 (Remote Port Forwarding)
Remote port forwarding is the reverse of the local pot forwarding. Hostname provided for the forwarding will be tunneled from remote system through our local system.
远程端口转发与本地电位器转发相反。 为转发提供的主机名将通过我们的本地系统从远程系统传送出去。
-L REMOTEPORT : DESTINATIONHOST : DESTINATIONPORT
$ ssh -R 5900:localhost:5900 192.168.122.22
In the remote system with IP address 192.168.122.22 port 5900 is opened and this port is forwarded to the local systems port 5900.
在IP地址为192.168.122.22的远程系统中,打开了端口5900,并将此端口转发到本地系统端口5900。
动态端口转发 (Dynamic Port Forwarding)
Dynamic port forwarding will use SOCKS which default port number is 1080. But another port number can be used. SOCKS generally used to proxy browsers like Chrome, Firefox, Opera. Proxy traffic will be forwarded to the remote system.
动态端口转发将使用SOCKS,其默认端口号为1080。但是可以使用其他端口号。 SOCKS通常用于代理浏览器,例如Chrome,Firefox,Opera。 代理流量将转发到远程系统。
$ ssh -D 1080 192.168.122.22
X11转发(X11 Forwarding)
Linux systems use for GUI X11 server. One of the best feature of SSH is a remote application with GUI can be run on the local system. Application actually runs on a remote system but GUI or X11 protocol is forwarded to the local system and shown like a local application. To enable forwarding provide -X parameter.
Linux系统用于GUI X11服务器。 SSH的最佳功能之一是带有GUI的远程应用程序可以在本地系统上运行。 应用程序实际上在远程系统上运行,但是GUI或X11协议被转发到本地系统,并显示为本地应用程序。 要启用转发,请提供-X参数。
$ ssh -X 192.168.122.22
OR
要么
Just with a single shot
只需一次拍摄
$ ssh -X 192.168.122.22 firefox
压缩(Compression)
SSH can save from bandwidth and network usage by compressing its network traffic. Compression can provide benefits is the data is high compression rate like text. Compression can be enabled per session with -C parameter.
SSH可以通过压缩其网络流量来节省带宽和网络使用量。 压缩可以提供的好处是数据像文本一样具有很高的压缩率。 可以使用-C参数为每个会话启用压缩。
$ ssh -C 192.168.122.22
指定源地址(Specify Source Address)
Some local systems may have multiple interfaces and/or multiple IP addresses. This can be a problem if remote system have IP address-based network restrictions. Setting a specific source IP address can overcome this problem.
一些本地系统可能具有多个接口和/或多个IP地址。 如果远程系统具有基于IP地址的网络限制,则可能会出现问题。 设置特定的源IP地址可以解决此问题。
$ ssh -b 10.0.3.1 192.168.122.22
日志文件(Log File)
SSH client can produce logs. Normally these logs will be printed out to the console. But they can be written to a file with -E option.
SSH客户端可以生成日志。 通常,这些日志将打印到控制台。 但是可以使用-E选项将它们写入文件。
$ ssh -E ssh.log 192.168.122.22
详细模式和调试 (Verbose Mode and Debug)
Some times we can have trouble to connect remote system with SSH. In this situations the best solution is to debug connection steps. SSH client can provide verbosely and debug output with -v . Adding more like -vvv will increase debug level and output.
有时我们可能无法通过SSH连接远程系统。 在这种情况下,最好的解决方案是调试连接步骤。 SSH客户端可以通过-v提供详细信息并调试输出。 添加更多-vvv之类的东西会增加调试级别和输出。
$ ssh -v 192.168.122.22
版(Version)
To display the SSH client version and exit use option -V
要显示SSH客户端版本并退出使用选项-V
$ ssh -V
323
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
