Shulou(Shulou.com)06/01 Report--

What are the specific practical skills of Linux SSH? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

Now the most common way to manage remote servers is SSH (Secure Shell). SSH connects in its easiest way and encrypts the communication process. Based on the algorithm used, it is generally believed that eavesdropping is basically impossible to communicate through ssh. The client used by SSH generally uses the ssh command directly on Linux or Unix, and is also supported on Windows in Linux-like environments such as Cygwin or WSL. The Windows system uses a lot of client software, such as SecureCRT Xshell, and I use the free and open source Putty.

There are many techniques for using ssh, some are very simple, and some are beyond the scope of a terminal application. We know that ssh can securely transfer files (scp), mount remote file systems through ssh, navigate the network securely in ssh browsers, and encrypt traffic using ssh tunnels. I'd like to introduce some skills of SSH. Let's assume that the reader knows some basic knowledge of SSH: use scp and sftp for file replication, and ssh-copy-id for setting up password-free certificate login. Of course, it doesn't matter if you don't know, you can do it in 10 minutes.

SSH alias

There are many options to remember on the ssh command line, such as IP, port, user name, private key (if it is not a certificate with a standard location and name, or multiple certificates), but you can actually be lazy, even IP, port we do not need to remember, just in ~ / .ssh / config file, you can create an alias, set these options. For example, suppose we want to connect to a host, and we alias it to Chongchong:

Host chongchong HostName ijz.me Port 1234 User cc IdentityFile ~ / .ssh/chongchong_id ForwardX11 yes Compression yes TCPKeepAlive yes

You can use as many aliases as you want. As for adding multiple "Host" configuration lines. You can add multiple aliases to a Host statement. Subsequent options can be used for any alias.

After configuration, we only need to connect to the ssh congchong, and all the configuration options will be enabled.

Of course, if you are using a Putty client, the main options are in its configured Session panel and SSH panel. There may not be many options, but you can try some.

Several useful configuration items

1. ControlMaster

There is a set of very useful SSH configuration items, including setting up master control files. For example:

ControlMaster auto ControlPath ~ / .ssh / master-%r@%h:%p

This allows multiple sessions connected to the same host to share a single TCP socket. Because it takes some time to set up secure sockets, this setting is faster if there are multiple sessions between two hosts. You can use the Host * entry in the configuration file to set for all hosts. You can also use it for global options.

It is important to note that if a large amount of data is transferred over multiple connections, the ControlMaster configuration may affect the transfer, so you can use-S none to temporarily override the global setting and turn it off.

In addition, if you try to exit before closing all other connections, the first ssh session may appear to hang. This problem can be avoided by running a hidden ssh session when logging in to a frequently connected host. However, a better way is to set up ControlPersist yes. This causes the original session to enter the background indefinitely. You can set a time limit for it, such as setting ControlPersist to180 (or other numbers). Indicates that there is no connection within three minutes and the connection is automatically closed.

Another disadvantage of this approach is that it produces a lot of master junk files. You can set automatic cleanup when logging in, such as the rc.local setting:

/ bin/rm / home/*/.ssh/master-* | | true > / dev/null

If you are using the Putty client, you can set it by selecting the "Share SSH connections if possible" multiple option in the SSH options panel.

2. BatchMode

Many configuration options are also used in the configuration file. For example, BatchMode tells ssh that the connection is an unattended application, avoiding unnecessary prompts for passwords or other interactive content. If the authentication entry is not fully set, it will directly report an error to exit.

3. SendEnv

You can send environment variables to a remote host when you connect to SSH. For example, you want to keep the LS_COLORS the same on both the workstation and the server, but change frequently, and you don't want to use the same configuration file. You can add the following configurations:

4. SendEnv LS_COLORS

Putty can set environment variables from the Connect/Data tab of its configure page.

5. TCPKeepAlive

On the network side, you can set TCPKeepAlive to yes if you want the server and client not to disconnect when they are idle. If the connection is idle, it will not be disconnected.

Remote command execution

This is the most useful technique of SSH. We often have to log in to the host just to execute some commands, if it is needed for individual commands or batch operations (of course, we can use ansible, etc.), it is a bit inconvenient to log in to the host. In fact, if you're just trying to execute a command or script, you can use the ssh command instead of logging in to the remote host.

Simple command execution

The format of the SSH remote execution command is:

Ssh [username] @ [remote hostname or IP] [command or script]

For example, to get the running information of a remote host, we can use uptime:

Ssh chongchong uptime

Results:

11:23:55 up 28 days, 23:41, 0 users, load average: 2.46, 1.16, 0.49

For example, if we need to get the disk of the remote host, we can use the

Ssh chongchong df-h

Execute multiple commands

Other commands are similar, if the command is long or involves multiple commands, you need to enclose the command part in quotation marks:

For example, to obtain the status of the host and the disk of the host:

Ssh chongchong "uptime & & df-h"

Or use:

Ssh chongchong "uptime; df-h"

Grab the bag remotely

Imagine a more complex example where we need to grab packets on a remote host and then analyze it locally using Wireshark:

Ssh root@someserver 'tcpdump-c 1000-nn-w-not port 1234' | wireshark-k-I-

When you need to use tshark under the command line.

Ssh root@someserver 'tcpdump-c 1000-nn-w-not port 1234' | wireshark-I-

Results:

... 3.759005 112.215.162.105-> 112.252.251.70 TCP 78 [TCP Dup ACK 8402] outlaws > 65522 [ACK] Seq=49 Ack=90193 Win=126 Len=0 TSval=2402288138 TSecr=2506305501 SLE=91561 SRE=94297 3.759022 112.252.251.70-> 112.215.162.105 TCP 1434 65522 > outlaws [ACK] Seq=95665 Ack=49 Win=309 Len=1368 TSval=2506305583 TSecr=2402288138 3.761937 fe80::6d94:f636:7715:26dc-> ff02::1:2 DHCPv6 150 Solicit XID: 0x58568d CID: 000100011dd4af3b00155d6d3404 3.762006 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 103.218.185.171? Tell 103.218.185.1 3.762374 121.50.168.101-> 121.50.168.255 NBNS 92 Name query NB XENNO.INFO 3.768515 169.254.2.31-> 169.254.255.255 NBNS 92 Name query NB FSIGNS.DUBA.NET 3.780159 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 202.74.234.238? Tell 202.74.234.1 3.796134 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 112.252.251.93? Tell 112.252.251.1 3.801334 112.215.162.105-> 112.252.251.70 TCP 78 [TCP Dup ACK 8403] outlaws > 65522 [ACK] Seq=49 Ack=90193 Win=126 Len=0 TSval=2402288179 TSecr=2506305501 SLE=91561 SRE=95665 3.801394 112.252.251.70-> 112.215.162.105 TCP 1434 [TCP Fast Retransmission] 65522 > outlaws [ACK] Seq=90193 Ack=49 Win=309 Len=1368 TSval=2506305625 TSecr=2402288179 3.804767 185.216.140.36-> 157.119.69.59 TCP 60 51426 > 52622 [SYN] Seq=0 Win=1024 Len=0 3 .806149 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 103.248.220.121? Tell 103.248.220.1 3.807153 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 103.248.221.171? Tell 103.248.221.1 3.809116 fe80::a563:2c5c:97df:13ca-> ff02::1:2 DHCPv6 148Solicit XID: 0x5c67c7 CID: 000100011dd4af3b00155d6d3404 3.811726 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 202.74.232.203? Tell 202.74.232.1 3.812418 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 157.119.71.127? Tell 157.119.71.1 3.819393 fe80::910c:1871:e52f:9b82-> ff02::1:2 DHCPv6 152 Solicit XID: 0x8a263a CID: 00010001205a760c00155df47d05 3.838355 Cisco_d3:c7:bf-> Broadcast ARP 60 Who has 202.74.234.147? Tell 202.74.234.1 3.840331 45.249.181.172-> 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 3.840570 58.215.162.105-> 142.252.251.70 TCP 66 outlaws > 65522 [ACK] Seq=49 Ack=95665 Win=117 Len=0 TSval=2402288220 TSecr=2506305625 3.840608 142.252.251.70-> 58.215.162.105 TCP 143465522 > outlaws [ACK] Seq=97033 Ack=49 Win=309 Len=1368 TSval=2506305664 TSecr=2402288220 …

Execute script

Let's write a simple script to get some information about the remote host, including hostname, uptime, memory, disk, and kernel information:

#! / bin/bash echo "- hostname -" hostnamectl echo-e "\ n" echo "- system information-- -"uptime echo-e"\ n "echo"-available memory-"free-m echo-e"\ n "echo"-disk information- -- "df-h echo-e"\ n "echo"-kernel version-"uname-an echo-e"\ n "echo" -"

Then use the following statement to execute:

Ssh chongchong 'bash-s'

/ dev/null "

Sshfs mounts remote directory

If the SSH connection is fast, we can mount the directory of the remote host locally with sshfs based on SSH. The mounted directory is an FUSE file system that can be used as a regular user program rather than a kernel file system.

Mkdir ~ / remoteshared sshfs @: / remotepath ~ / remoteshared

Note that if ordinary users want to mount a remote directory with sshfs, you need to add the user to the fuse user group first, otherwise an error will be reported:

Fuse: failed to exec fusermount: Permission denied

We use:

Usermod-a-G fuse cc

So we can use sshfs:

Sshfs chongchong:/tmp. / data

All right, you can now operate on the / tmp directory of the remote host in data. Note that the early part of this is that your ssh connection needs to be very fast, otherwise, you will operate on the directory (parent directory) very slowly (than ls). You can use:

Fusermount-u data

Delete the mount.

Note that the mount of sshfs will also be displayed in df:

Df-h Filesystem Size Used Avail Use% Mounted on / dev/sda3 886G 16G 825G 2% / tmpfs 8.0G 08.0G 0% / dev/shm / dev/sda1 485M 87M 374M 19% / boot chongchong:/tmp 7.7G 2.7G 5.0G 35% / home/cc/data the answers to specific questions about Linux SSH practical skills are shared here. I hope the above content can be of some help to you, if you still have a lot of doubts unsolved. You can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.