每天一条Linux命令(24) ssh (远程安全登录)

---

在Linux系统中，命令 ssh 是openssh套件中的客户端连接工具，可以使用ssh加密协议实现安全的远程登录服务器，实现对服务器的远程管理，Windows中的替代工具为Xshell、putty、SecureCRT等。

---

语法：

ssh [参数选项] [user@IP]  [command]

[注] command 是可选项

---

参数说明：

• -p  指定ssh登录端口号，默认为22 端口

• -t  强制分配伪终端，可以在远程机器上执行任何全屏幕（screen-based）程序，所以非常有用，例如菜单服务。即使没有本地终端，多个-t选项也会强制分配终端。这个选项在进行写远程批量管理Shell脚本时非常有有用

• -v  调试模式

---

案例：

远程登录服务器

[C:\~]$ ssh root@192.168.116.100Connecting to 192.168.116.100:22...Connection established.To escape to local shell, press 'Ctrl+Alt+]'.

指定用户及端口进行远程登录

[C:\~]$ ssh -p 22 bear@192.168.116.100Connecting to 192.168.116.100:22...Connection established.To escape to local shell, press 'Ctrl+Alt+]'.

远程执行命令

[root@master test03]# [root@master test03]# ssh 120.24.165.81 "ls"   # 在另一个服务器上执行ls命令root@120.24.165.81's password:     # 输入另一个服务器登录密码install.sh   # 执行结果[root@master test03]#

-v 开始调试模式 （这里以调试远程登录慢为例，其实并不慢，这里只是演示一下过程）

[root@master test03]# ssh -v 120.25.168.64OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 58: Applying options for *debug1: Connecting to 120.24.165.81 [120.24.165.81] port 22.debug1: Connection established.debug1: permanently_set_uid: 0/0debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_rsa type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_rsa-cert type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_dsa type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_dsa-cert type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_ecdsa type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_ecdsa-cert type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_ed25519 type -1debug1: key_load_public: No such file or directorydebug1: identity file /root/.ssh/id_ed25519-cert type -1debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_7.4debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000debug1: Authenticating to 120.25.168.64:22 as 'root'debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: algorithm: curve25519-sha256debug1: kex: host key algorithm: ecdsa-sha2-nistp256debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug1: kex: curve25519-sha256 need=64 dh_need=64debug1: kex: curve25519-sha256 need=64 dh_need=64debug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: Server host key: ecdsa-sha2-nistp256 SHA256:+QXNO8vg3Dmngg0Ek90haDDp+PNvI/koo5gLPwSyhgUdebug1: Host '120.24.165.81' is known and matches the ECDSA host key.#  略略略略略略略略略略debug1: Next authentication method: passwordroot@120.24.165.81's password:    # 这里提示需要输入密码debug1: Authentication succeeded (password).Authenticated to 120.24.165.81 ([120.25.168.64]:22).debug1: channel 0: new [client-session]debug1: Requesting no-more-sessions@openssh.comdebug1: Entering interactive session.debug1: pledge: networkdebug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0debug1: Sending environment.debug1: Sending env LANG = en_US.UTF-8Last login: Sun Sep 20 17:37:28 2020 from 115.194.183.70
Welcome to Alibaba Cloud Elastic Compute Service !
[root@iZwz9c8miiew8bjh7tpbveZ ~]#

上述调试过程，如果卡在哪一步说明问题就出在哪里（这里调试登录时其实是正常的）