Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use the SSH command in the Linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let the editor take you to learn how to use the SSH command in the Linux system.

Ssh is used to log in to the remote host and execute commands on the remote host. Its purpose is to replace rlogin and rsh, while providing an encrypted, secure communication connection between two distrustful hosts over an insecure network. Let's first take a look at some parameters of the ssh command:

Parameters.

-a

It is prohibited to forward the connection of the authentication agent.

A

Allows you to forward the connection of the authentication agent. This parameter can be set separately for each host in the configuration file.

Agents should be cautious in forwarding. Some users can bypass file access rights on remote hosts (due to the agent's UNIX domain socket), and they can access local agents through forwarded connections. It is impossible for attackers to obtain key contents from agents, but they can manipulate these keys and authenticate them using the identity information loaded on the agent.

-b bind_address

Specify the transceiver interface on a machine that has multiple interfaces or address aliases.

-c blowfish | 3des | des

Select the cryptography to encrypt the session. 3des is the default algorithm. 3des (triple-des) uses three different keys to do encryption-decryption-encryption three times, which is considered to be more reliable. Blowfish is a fast packet encryption (block cipher), which is very secure and much faster than 3des. Des supports only clients and is designed to interoperate with the older first version of protocols that do not support 3des. Because of the weakness of its cryptographic algorithm, it is strongly recommended to avoid using it.

-c cipher_spec

In addition, for the second edition of the protocol, you can specify a set of cryptography separated by commas and prioritized. See Ciphers for details

-e ch | ^ ch | none

Sets the escape character of the pty session (default character: `~'). The escape character is only valid at the beginning of the line. The escape character is followed by a dot (`.') to end the connection, a control-Z to suspend the connection (suspend), and the escape character itself to indicate the output of this character. Setting this character to ``none disables the escape function, making the session completely transparent.

-f

It is required to step back backstage before carrying out the order. It is used when ready to ask for passwords or passwords, but users want it to proceed in the background. This option implies the-n option. The recommended way to start an X 11 program on a remote machine is a command similar to ssh-f host xterm.

-g

Allow remote hosts to connect to locally forwarded ports.

-I identity_file

Specify an identity (private key) file required for RSA or DSA authentication. The default files are $HOME/.ssh/identity for the first version of the protocol and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa files for the second version of the protocol. You can also specify individual identity files for each host in the configuration file. You can use multiple-I options at the same time (or you can specify multiple identity files in the configuration file).

-I smartcard_device

Specify a smart card (smartcard) device. The parameter is a device file that can be used to communicate with a smart card, which stores the user's RSA private key.

-k

Forbidden to forward Kerberos tickets and AFS tokens. This parameter can be set separately for each host in the configuration file.

-l login_name

Specifies the user who logs in to the remote host. This parameter can be set separately for each host in the configuration file.

-m mac_spec

In addition, for the second version of the protocol, a set of MAC (message Authentication Code) algorithms (message authentication code) separated by commas can be specified. For details, use MACs as the keyword to query.

-n

Redirect stdin to / dev/null (which actually prevents reading data from stdin). This option must be used when running in the background. Its common skill is to run X11 programs remotely. For example, ssh-n shadows.cs.hut.fi emacs will launch emacs on shadows.cs.hut.fi and automatically forward X 11 connections in the encrypted channel. Run in the background. (however, this method will not work if a password or password is required; see the-f option.)

-N

Do not execute remote commands. Used to forward the port. (second edition of the agreement only)

-o option

Some options can be given here in the same format as in the configuration file. It is used to set options that do not have command line switches.

-p port

Specify the port of the remote host. This parameter can be set separately for each host in the configuration file.

-Q

Quiet mode. Eliminate all warnings and diagnostics.

S

Request the remote system to activate a subsystem. Subsystem is a feature of SSH2 protocol, which can assist other applications (such as sftp) to use SSH as a secure path. The subsystem is specified by remote command.

-t

Force the allocation of pseudo terminals. Any full-screen (screen-based) program can be executed on a remote machine, so it is very useful, such as menu services. The parallel-t option forces the allocation of terminals, even if there is no local terminal.

-T

It is forbidden to assign pseudo terminals.

-v

Detailed mode. Cause to print debug information about the operation. Useful when debugging connection, authentication, and configuration issues. The parallel-v option increases the level of detail. There are no more than three.

-x

X11 forwarding is prohibited.

-X

Allow X11 to forward. This parameter can be set separately for each host in the configuration file.

X11 forwarding should be used with caution. If the user can bypass file access on the remote host (according to the user's X authorization database), he can access the local X11 display through the forwarded connection. Attackers can act accordingly, such as monitoring keyboard input.

-C

Data compression is required (including stdin, stdout, stderr and data forwarding X 11 and TCP/IP connections). The compression algorithm is the same as that of gzip (1). In the first version of the protocol, the compression level ``level is controlled by the CompressionLevel option. Compression techniques are useful for modem lines or other slow connections, but may slow down on high-speed networks. This parameter can be set separately for each host in the configuration file. See also the Compression option.

-F configfile

Specify a user-level profile. If a configuration file is specified on the command line, the system-level configuration file (/ etc/ssh/ssh_config) is ignored. The default user-level profile is $HOME/.ssh/config

-L port:host:hostport

Forwards a port of the local machine (client) to the designated port of the remote designated machine. The working principle is that a socket listening port port is assigned on the local machine. Once there is a connection on this port, the connection is forwarded through a secure channel, and a connection is established between the remote host and the hostport port of host. You can specify port forwarding in the configuration file. Only root can forward privileged ports. The IPv6 address is described in another format: port/host/hostport

-R port:host:hostport

Forwards a port of the remote host (server) to the designated port of the specified machine on the local side. The working principle is that a socket listening port port is assigned on the remote host. Once there is a connection on this port, the connection is transferred out through a secure channel, and the local host establishes a connection with the hostport port of the host. You can specify port forwarding in the configuration file. Only by logging in to the remote host with root can you forward the privileged port. The IPv6 address is described in another format: port/host/hostport

-D port

Specify a local machine ``dynamic application port forwarding. The working principle is that a socket listening port port is assigned on the local machine. Once there is a connection on this port, the connection is forwarded through a secure channel. According to the protocol of the application program, you can determine where the remote host will connect. SOCKS4 protocol is currently supported and will act as a SOCKS4 server. Only root can forward privileged ports. You can specify the forwarding of dynamic ports in the configuration file.

-1

Force only the first version of the agreement to be used.

-2

Force only the second version of the agreement to be used.

-4

Force only IPv4 addresses to be used.

-6

Force only IPv6 addresses to be used.

Basic usage

The simplest SSH command only needs to specify the user name and hostname parameters. The host name can be an IP address or a domain name. The format of the command is as follows:

The code is as follows:

$ssh user@hostname

For example, to log in to a raspberry pie system on my LAN, simply type the following command on the command line:

The code is as follows:

$ssh pi@10.42.0.47

Pi and 10.42.0.47 in the command are my raspberry pie system username and LAN IP address, respectively. In actual use, the host name needs to be changed to the IP address of your target host (local area network or remote).

If you can log in successfully, then the following content will be easy for you.

Use a different port

SSH connects to port 22 of the target host by default, but you may need to connect to other ports for various reasons.

The code is as follows:

$ssh-p 10022 user@hostname

The above command is to specify the port number as 10022 by adding the parameter-p.

Execute command remotely

Sometimes it is convenient to execute a command on a remote host and display it locally, and then continue to work locally. SSH can meet this need:

The code is as follows:

$ssh pi@10.42.0.47 ls-l

For example, the above command enumerates the contents of the home directory of the remote host and displays it locally. Isn't that cool? You can try to give other orders.

Mount a remote file system

Another great SSH-based tool is called sshfs. Sshfs allows you to mount the file system of a remote host directly locally.

The code is as follows:

$sshfs-o idmap=user user@hostname:/home/user ~ / Remote

For example, the following command:

The code is as follows:

$sshfs-o idmap=user pi@10.42.0.47:/home/pi ~ / Pi

This command mounts the home directory of the remote host pi user to the Pi folder under the local home directory.

For more information, you can refer to the sshfs tutorial.

X11 graphical interface

If you want to run a graphical interface program on a remote host now, SSH has helped you think of it! Use the above-mentioned SSH basic command plus the parameter-X to connect to the remote host to turn on X11 forwarding. You may feel the same after logging in, but you will find the difference when you run a graphical interface program.

The code is as follows:

$ssh-X pi@10.42.0.47

$pistore

If you want to do something else while running a graphical interface program, simply add a & symbol to the end of the command.

The code is as follows:

$pistore&

Escape character

SSH provides a variety of escape character functions. Use SSH to connect to any remote host and enter ~? You can see a list of supported escape characters and function descriptions. The following examples show the effects of ~ # and ~ C.

Configure SSH

If you need to change the configuration of SSH, please use your favorite text editor to open / etc/ssh/sshd_config for editing. For example, if you want to change the login slogan, find the following line in the configuration file:

The code is as follows:

# Banner none

Delete the # character (uncomment the line) and replace none with the address of the file that contains what you want to display. The modified line should look like this:

The code is as follows:

Banner / etc/issue

You can also find configuration items such as port number and idle timeout in the configuration file / etc/ssh/sshd_config. Most configuration items are easy to understand, but just to be on the safe side, it's best to refer to SSH's help documentation when you modify some uncertain configuration items.

Build ssh key pair

Run the following command to create a key pair:

The code is as follows:

$ssh-keygen-t dsa

This command will ask you to enter a password (can be left blank), then a key will be generated and a random graph of the key will be displayed.

Find the host key

Before you are ready to add a key, you might as well use the following command to see if the corresponding host key has been added.

The code is as follows:

$ssh-keygen-F 10.42.0.47

Delete host key

In some cases, such as changing the host address or no longer using a key, you may need to delete a key.

The code is as follows:

$ssh-keygen-R 10.42.0.47

You can delete it with the above command. This is much more convenient than manually deleting from the ~ / .ssh/known_hosts file.

Summary

You should be able to use SSH easily with the above. SSH still has a lot of features to explore, depending on your imagination.

At this point, I believe you have a deeper understanding of "how to use the SSH command in the Linux system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.