Shulou(Shulou.com)06/01 Report--

This article focuses on "what are the skills to use SSH", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what are the skills of using SSH"?

1. Multiple connections are shared

If you need to open a connection to the same server in multiple windows, instead of entering a user name and password each time, or waiting for a connection to be established, you can configure SSH's connection sharing option, open your SSH configuration file locally, usually located in ~ / .ssh / config, and then add the following two lines:

The code is as follows:

ControlMaster auto

ControlPath / tmp/ssh_mux_%h_%p_%r

Now try to disconnect you from the server and establish a new connection, then open a new window and create another connection, and you will find that the second connection is established almost instantly.

Windows user

If you are a Windows user, unfortunately, the most popular open source SSH client Putty does not support this feature, but there is also an implementation of OpenSSH on Windows, such as this Copssh, if you think the following tips are very helpful, maybe you should try Copssh.

File transfer

Connection sharing can not only help you share multiple SSH connections, if you need to transfer files with the server through SFTP, you will find that they still use the same connection, if you use Bash, you will find that you even support Tab to automatically complete server-side files, and the shared connection option is also effective for tools that need to rely on SSH, such as rsync,git and so on.

two。 Long connection

If you find that you need to connect to the same server countless times, then the long connection option is for you:

The code is as follows:

ControlPersist 4h

Now every time you establish a connection to the server through SSH, the connection will be maintained for 4 hours, and even after you log out of the server, the connection can still be reused, so the next time you log on to the server (within 4 hours), you will find that the connection is established at lightning speed, especially for copying multiple files through scp Because you no longer need to do separate authentication for each file.

3. Don't enter the password again.

If you are still using a password to log in to SSH, you might want to try SSH Keys, first claiming a pair of keys for yourself using OpenSSH:

The code is as follows:

$ssh-keygen

After following the instructions, you should be able to see two files in your .ssh directory. Id_rsa is your private key and id_ras.pub is your public key. Now you need to copy your public key to the server. If your system has the ssh-copy-id command, the copy will be very simple:

The code is as follows:

$ssh-copy-id smylers@compo.example.org

Otherwise, you need to manually copy your public key to the ~ / .ssh/authorized_keys file on the server:

The code is as follows:

$

< ~/.ssh/id_rsa.pub ssh clegg.example.org 'mkdir -p .ssh; cat >

> .ssh / authorized_keys; chmod go-w .ssh .ssh / authorized_keys'

Now try to reconnect to the SSH server or copy the file. is it no longer necessary to enter the password?

Configure SSH Key for Putty

Putty can also use SSH Key, download PuttyGen and Pageant from the Putty website, and then use PuttyGen to generate your key, copy the public key to the server's'. Ssh/authorized_keys' directory, then run Pageant, import your private key and let it run in the background, you can use Putty to log in directly to the server through the public key. You can learn more about this feature in chapters 8 and 9 of the Putty manual.

4. Connection transfer

Sometimes you may need to connect to another server from one server, such as transferring data directly between two servers, without having to transfer through the local computer:

The code is as follows:

Www1 $scp-pr templates www2:$PWD

(by the way, the $PWD variable is very useful when you need to copy files between two servers.) because even if you have added the public key of your local computer to both servers, scp will still prompt you for your password by default: this is because the server you are using as a springboard does not have your private key, so the second child server will reject your public key. But don't solve this problem by copying your private key to the transit server, you can use agent forwarding to solve this problem, just add the following line of code to your .ssh / config file:

The code is as follows:

ForwardAgent yes

Or check the "Allow agent forwarding" option in Putty, and now your local SSH becomes the SSH proxy of the first server, from the first server connecting to other servers becomes as easy as it is in your local area. Note that if you want to turn on this option, only if the intermediate server is worthy of your trust.

5. Omit hostname

Entering the full hostname of the server to establish a new SSH connection is boring, especially if you have a group of servers with the same domain name but different subdomains that need to be managed, such as the following:

The code is as follows:

* www1.example.com

* www2.example.com

* mail.example.com

* intranet.internal.example.com

* backup.internal.example.com

* dev.internal.example.com

Maybe your network is configured to use short domain names directly, such as intranet, but if your network doesn't support it, you can actually take care of it yourself without having to turn to your network administrator.

The solution varies slightly depending on the operating system you use. Here is the configuration of my Ubuntu system:

The code is as follows:

Prepend domain-search "internal.example.com", "example.com"

Then you need to restart the network:

The code is as follows:

$sudo restart network-manager

The two commands may differ slightly on different systems.

6. Host alias

You can also define host aliases directly in your SSH configuration, such as the following:

The code is as follows:

Host dev

HostName dev.internal.example.com

You can also use wildcards to group:

The code is as follows:

Host dev intranet backup

HostName h.internal.example.com

Host www* mail

HostName h.example.com

In Putty you can save a separate session for each hostname, and then double-click to establish a connection (but it may not support wildcards).

7. Omit user name

If your user name on the remote server is different from your local user name, you can also set it in the SSH configuration:

The code is as follows:

Host www* mail

& nb

Sp; HostName h.example.com

User simon

Now even if my local user name is smylers, I can still connect to my server like this:

The code is as follows:

$ssh www2

SSH will use your simon account to connect to your server. Similarly, Putty can save this information in your session.

8. Jump between servers

In some cases, you may not be able to connect directly to a server and need to use an intermediate server for transit, which can also be automated. First of all, make sure that you have configured public key access for the server and turned on agent forwarding, and now you can connect to the target server with 2 commands without any prompt:

The code is as follows:

$ssh gateway

Gateway $ssh db

Then in your local SSH configuration, add the following configuration:

The code is as follows:

Host db

HostName db.internal.example.com

ProxyCommand ssh gateway netcat-Q 600% h% p

Now you can connect directly to the target server with a command:

The code is as follows:

$ssh db

You may have to wait a little longer here, because SSH needs to be authenticated twice, note that netcat may also be written as nc or ncat, or you need to add g before it, you need to check your intermediate server to determine the actual parameters.

9. Break through the network blockade

In some cases, the network you use may only open port 80, or they may block the SSH port (the default port 22). In this case, you can burst, break, seal, lock, and just edit your server's / etc/ssh/sshd_config file by configuring the SSH server to listen on port 80 or 443:

The code is as follows:

Port 443

Then restart the SSH server:

The code is as follows:

$sudo reload ssh

Of course, this is based on the premise that your server is not using HTTS services, but in fact, you only need to set up a server to use the https port, but you can access this server, and you can use the technology we mentioned earlier as a springboard to access other servers, but remember, you need to configure this server in advance (how about now? In case you are in a network environment where you can only access Web, you can save yourself the trouble of calling someone else to help you set up an intermediate server.

10. Traversing Web proxy

Sometimes, your network not only blocks the SSH port, they may go further and only allow you to access the network through the Web proxy. Fortunately, we have a program called Corkscrew that can send SSH data through the Web proxy. The use of Corkscrew is very simple. I usually search for it when I need it, then download it directly, follow the instructions on the website, and then get it done. Generally, you need a configuration like this:

The code is as follows:

ProxyCommand corkscrew proxy.example.org 8080 h p

11. Remote GUI

Sometimes it is very useful to access files on a remote server through a local GUI program, such as editing a picture, or viewing a PDF file, or simply modifying the code through a non-command-line editor. I find GVim more useful than Vim in the terminal, because I can open a new window through gvimopens to edit the file and use the current SSH window to continue its operation Don't do this, you need to turn on an option called X forwarding in your SSH configuration:

The code is as follows:

ForwardX11 yes

This option requires server configuration to work, and the server also needs to enable X forwarding. You can add the following command to the server's / etc/ssh/sshd_config:

The code is as follows:

X11Forwarding yes

At the same time, you also need to make sure that you have installed xauth, editors, picture viewers and other graphical programs that you need to run, this way can only be worked in the operation that supports the local X server, there are free X Server on mac and Windows, you may need to take some time to configure them, compared to switch to Linux will be relatively easy.

twelve。 Operate remote files locally

Another alternative to making remote GUI programs appear locally is to let local GUI programs manipulate remote files directly. You can do this through SSHFS, just create an empty directory, and then use SSHFS to mount a remote directory to this directory:

The code is as follows:

$mkdir gallery_src

$sshfs dev:projects/gallery/src gallery_src

$cd gallery_src

$ls

Now you can use any local program you like to facilitate the files in this directory, they appear to be on your local, but the files on its real-time remote server, you can use the fusermount command to unmount these files, don't worry about remembering, they are at the top of the sshfs manual:

The code is as follows:

$cd..

$fusermount-u gallery_src

SSHFS can work on Linux and OSX, and I haven't found any good ideas for Windows users yet.

13. Access remote files through Vim

Vim has a built-in feature to edit remote files directly, with the help of SCP URL:

The code is as follows:

$gvim scp://dev/projects/gallery/src/templates/search.html.tt

This is obviously not as flexible as SSHFS, but if you only need to edit two files on the remote server, this command is more flexible, and you can do the same on Windows:

The code is as follows:

: help netrw-problems

14. Connect to a remote server using a local App

Sometimes there may be services, such as databases or Web servers, that run on remote servers, but it can be useful if you can connect them directly from local programs in a useful way. To do this, you need to use port forwarding (port forwarding). For example, if your server runs Postgres (and only allows local access), you can add it to your SSH configuration:

The code is as follows:

Host db

LocalForward 5433 localhost:5432

Now when you connect to your SSH server, it will open a port 5433 on your local computer (randomly picked by me) and forward all data sent to that port to the server's port 5432 (the default port for Postgres). Then, as soon as you have established a connection with the server, you can access the server's Postgres through port 5433.

The code is as follows:

$ssh db

Now open another window and you can connect to your Postgres database locally with the following command:

The code is as follows:

$psql-h localhost-p 5443 orders

This command is especially useful if you want to use a graphical Postgres client that the server does not support:

The code is as follows:

$pgadmin3 &

Or if you have a background Web server, you don't want to access it directly through Internet, or you can access it through port forwarding:

The code is as follows:

Host api

LocalForward 8080 localhost:80

Now connect to the server:

The code is as follows:

$ssh api

Then point the browser to the port number of your choice:

The code is as follows:

$firefox http://localhost:8080/

15. Reduce delay

If every time you connect to the server means you have to wait for dozens of seconds to do nothing, then you might want to try adding the following to your SSH configuration:

The code is as follows:

GSSAPIAuthentication no

If this command is valid, you should notify your system administrator to disable this option on the server so that others do not have to add this configuration to their local configuration separately.

16. Accelerated connection

If you make sure that your connection to a server is secure (for example, through a corporate intranet connection), you can make data transfer faster by choosing the arcfourencryption algorithm:

The code is as follows:

Host dev

Ciphers arcfour

Note that this acceleration comes at the expense of the "encryption" of the data, so if you are connecting to a server located on the Internet, do not turn on this option and make sure you make the connection through VPN.

At this point, I believe you have a deeper understanding of "what skills to use SSH". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.