OpenSSH是SSH鏈接工具的免費版本。telnet,rlogin和ftp用戶可能還沒意識到他們在互聯網上
傳輸的密碼是未加密的,但SSH是加密的,OpenSSH加密全部通訊(包括密碼),有效消除了竊聽,
鏈接劫持和其它***。此外,OpenSSH提供了安全隧道功能和多種身份驗證方法,
支持SSH協議的全部版本。
SSH是一個很是偉大的工具,若是你要在互聯網上遠程鏈接到服務器,那麼SSH無疑是最佳的候選。
下面是經過網絡投票選出的25個最佳SSH命令,你必須牢記於心。
一、複製SSH密鑰到目標主機,開啓無密碼SSH登陸
ssh-copy-id user@host
若是尚未密鑰,請使用ssh-keygen命令生成。
二、從某主機的80端口開啓到本地主機2001端口的隧道
ssh -N -L2001:localhost:80 某主機
如今你能夠直接在瀏覽器中輸入http://localhost:2001訪問這個網站。
三、將你的麥克風輸出到遠程計算機的揚聲器
dd if=/dev/dsp | ssh -c arcfour -C 用戶名@遠程主機 dd of=/dev/dsp
這樣來自你麥克風端口的聲音將在SSH目標計算機的揚聲器端口輸出,但遺憾的是,聲音質量不好,
你會聽到不少嘶嘶聲。
四、比較遠程和本地文件
ssh 用戶名@遠程主機 cat /path/to/remotefile | diff /path/to/localfile –
在比較本地文件和遠程文件是否有差別時這個命令很管用。
五、經過SSH掛載目錄/文件系統
sshfs 用戶名@遠程主機:/path/to/folder /path/to/mount/point
從http://fuse.sourceforge.net/sshfs.html下載sshfs,
它容許你跨網絡安全掛載一個目錄。
六、經過中間主機創建SSH鏈接
ssh -t 中間主機 ssh 遠程不可直接訪問的主機
從本地網絡沒法直接訪問的主機,但能夠從中間主機所在網絡訪問時,
這個命令經過到中間主機的「隱藏」鏈接,建立鏈接到遠程不可直接訪問的主機的鏈接。
七、原文此條和第一條重複
八、原文此條和第六條重複
九、建立到目標主機的持久化鏈接
ssh -MNf 用戶名@主機
在後臺建立到目標主機的持久化鏈接,將這個命令和你~/.ssh/config中的配置結合使用:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
全部到目標主機的SSH鏈接都將使用持久化SSH套接字,若是你使用SSH按期同步
文件(使用rsync/sftp/cvs/svn),這個命令將很是有用,
由於每次打開一個SSH鏈接時不會建立新的套接字。
十、經過SSH鏈接屏幕
ssh -t remote_host screen –r
直接鏈接到遠程屏幕會話(節省了無用的父bash進程)。
十一、端口檢測(敲門)
knock 主機 3000 4000 5000 && ssh -p 端口 用戶名@主機 && knock 主機 5000 4000 3000
在一個端口上敲一下打開某個服務的端口(如SSH),
再敲一下關閉該端口,須要先安裝knockd,下面是一個配置文件示例。
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
十二、從已知主機列表中刪除一個主機
ssh-keygen -R 要刪除的主機名
1三、經過SSH運行復雜的遠程shell命令(不用轉義特殊字符)
ssh host -l user $(<cmd.txt)
更具移植性的版本:
ssh host -l user 「`cat cmd.txt`」
1四、經過SSH將MySQL數據庫複製到新服務器
mysqldump –add-drop-table –extended-insert \
–force –log-error=error.log \
-uUSER -pPASS OLD_DB_NAME \
| ssh -C user@newhost 「mysql -uUSER -pPASS NEW_DB_NAME」
經過壓縮的SSH隧道Dump一個MySQL數據庫,將其做爲輸入傳遞給mysql命令,
我認爲這是遷移數據庫到新服務器最快最好的方法。
1五、原文該條目表述不清,刪除
1六、從一臺沒有ssh-copy-id命令的主機將你的SSH公鑰複製到服務器
cat ~/.ssh/id_rsa.pub | ssh user@machine 「mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys」
若是你使用Mac OS X或其它沒有ssh-copy-id命令的*nix變種,這個命令能夠將你的公鑰複製到遠程主機,所以你照樣能夠實現無密碼SSH登陸。
1七、實時SSH網絡吞吐量測試
yes | pv | ssh 主機 "cat > /dev/null"
經過SSH鏈接到主機,顯示實時的傳輸速度,將全部傳輸數據指向/dev/null,須要先安裝pv。
1八、若是創建一個能夠從新鏈接的遠程GNU screen
ssh -t 用戶名@主機 /usr/bin/screen –xRR
人們老是喜歡在一個文本終端中打開許多shell,若是會話忽然中斷,或你按下了「Ctrl-a d」,遠程主機上的shell不會受到絲毫影響,你能夠從新鏈接,其它有用的screen命令有「Ctrl-a c」(打開新的shell)和「Ctrl-a a」(在shell之間來回切換),請訪問http://aperiodic.net/screen/quick_reference閱讀更多關於screen命令的快速參考。
1九、繼續scp大文件
rsync –partial –progress –rsh=ssh 源文件 用戶名@主機:目標文件
它能夠恢復失敗的rsync命令,當你經過×××傳輸大文件,如備份的數據庫時這個命令很是有用,須要在兩邊的主機上安裝rsync。
20、經過SSH w/wireshark分析流量
ssh 用戶名@主機 ‘tshark -f 「port !22″ -w -’ | wireshark -k -i -
使用tshark捕捉遠程主機上的網絡通訊,經過SSH鏈接發送原始pcap數據,並在wireshark中顯示,按下Ctrl+C將中止捕捉,但也會關閉wireshark窗口,能夠傳遞一個「-c #」參數給tshark,讓它只捕捉「#」指定的數據包類型,或經過命名管道重定向數據,而不是直接經過SSH傳輸給wireshark,我建議你過濾數據包,以節約帶寬,tshark可使用tcpdump替代:
ssh 用戶名@主機 tcpdump -w – ‘port !22′ | wireshark -k -i -
2一、原文此條和第九條重複
2二、更穩定,更快,更強的SSH客戶端
ssh -4 -C -c blowfish-cbc
強制使用IPv4,壓縮數據流,使用Blowfish加密。
2三、使用cstream控制帶寬
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
使用bzip壓縮文件夾,而後以777k bit/s速率向遠程主機傳輸。Cstream還有更多的功能,請訪問http://www.cons.org/cracauer/cstream.html#usage瞭解詳情,例如:
echo w00t, i’m 733+ | cstream -b1 -t2
2四、原文此條和第一條重複
2五、將標準輸入(stdin)複製到你的X11緩衝區
ssh 用戶名@主機 cat /path/to/some/file | xclip
你是否使用scp將文件複製到工做用電腦上,以便複製其內容到電子郵件中?xclip能夠幫到你,
它能夠將標準輸入複製到X11緩衝區,你須要作的就是點擊鼠標中鍵粘貼緩衝區中的內容。
link http://blog.urfix.com/25-ssh-commands-tricks/html
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. The encryption that OpenSSH provides has been strong enough to earn the trust of Trend Micro and other providers of cloud computing.Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
mysql
SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands
web
ssh-copy-id user@hostsql
To generate the keys use the command ssh-keygen
shell
ssh -N -L2001:localhost:80 somemachine數據庫
Now you can acces the website by going to http://localhost:2001/
api
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp瀏覽器
This will output the sound from your microphone port to the ssh target computer’s speaker port. The sound quality is very bad, so you will hear a lot of hissing.
安全
ssh user@host cat /path/to/remotefile | diff /path/to/localfile -bash
Useful for checking if there are differences between local and remote files.
sshfs name@server:/path/to/folder /path/to/mount/point
Install SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network.
ssh -t reachable_host ssh unreachable_host
Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through 「hidden」 connection to reachable_host.
ssh root@host1 「cd /somedir/tocopy/ && tar -cf – .」 | ssh root@host2 「cd /samedir/tocopyto/ && tar -xf -「
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
ssh -fX <user>@<host> <program>
The SSH server configuration requires:
X11Forwarding yes # this is default in Debian
And it’s convenient too:
Compression delayed
ssh -MNf <user>@<host>
Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection.
ssh -t remote_host screen -r
Directly attach a remote screen session (saves a useless parent bash process)
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000
Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
ssh-keygen -R <the_offending_host>
In this case it’s better do to use the dedicated tool
ssh host -l user $(<cmd.txt)
Much simpler method. More portable version: ssh host -l user 「`cat cmd.txt`」
mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost 「mysql -uUSER -pPASS NEW_DB_NAME」
Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!
sed -i 8d ~/.ssh/known_hosts
cat ~/.ssh/id_rsa.pub | ssh user@machine 「mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys」
If you use Mac OS X or some other *nix variant that doesn’t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.
yes | pv | ssh $host 「cat > /dev/null」
connects to host via ssh and displays the live transfer speed, directing all transferred data to /dev/null
needs pv installed
Debian: ‘apt-get install pv’
Fedora: ‘yum install pv’ (may need the ‘extras’ repository enabled)
ssh -t user@some.domain.com /usr/bin/screen -xRR
Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with 「Ctrl-a d」 or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are 「Ctrl-a c」 (open new shell) and 「Ctrl-a a」 (alternate between shells). Read this quick reference for more screen commands: http://aperiodic.net/screen/quick_reference
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file
It can resume a failed secure copy ( usefull when you transfer big files like db dumps through *** ) using rsync.
It requires rsync installed in both hosts.
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local
ssh root@server.com ‘tshark -f 「port !22″ -w -‘ | wireshark -k -i -
This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly:
ssh root@example.com tcpdump -w – ‘port !22′ | wireshark -k -i –
autossh -M50000 -t server.example.com ‘screen -raAd mysession’
Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.
ssh -4 -C -c blowfish-cbc
We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I’m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
this bzips a folder and transfers it over the network to 「host」 at 777k bit/s.
cstream can do a lot more, have a look http://www.cons.org/cracauer/cstream.html#usage
for example:
echo w00t, i’m 733+ | cstream -b1 -t2
ssh-keygen; ssh-copy-id user@host; ssh user@host
This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.
ssh user@host cat /path/to/some/file | xclip
Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file :)
Have Fun
Please comment if you have any other good SSH Commands OR Tricks.