OpenSSH是SSH連接工具的免費版本。telnet,rlogin和ftp用戶可能還沒意識到他們在互聯網上
傳輸的密碼是未加密的,但SSH是加密的,OpenSSH加密所有通信(包括密碼),有效消除了竊聽,
連接劫持和其它***。此外,OpenSSH提供了安全隧道功能和多種身份驗證方法,
支持SSH協議的所有版本。
SSH是一個非常偉大的工具,如果你要在互聯網上遠程連接到服務器,那麼SSH無疑是最佳的候選。
下面是通過網絡投票選出的25個最佳SSH命令,你必須牢記於心。
1、複製SSH密鑰到目標主機,開啓無密碼SSH登錄
ssh-copy-id user@host
如果還沒有密鑰,請使用ssh-keygen命令生成。
2、從某主機的80端口開啓到本地主機2001端口的隧道
ssh -N -L2001:localhost:80 某主機
現在你可以直接在瀏覽器中輸入http://localhost:2001訪問這個網站。
3、將你的麥克風輸出到遠程計算機的揚聲器
dd if=/dev/dsp | ssh -c arcfour -C 用戶名@遠程主機 dd of=/dev/dsp
這樣來自你麥克風端口的聲音將在SSH目標計算機的揚聲器端口輸出,但遺憾的是,聲音質量很差,
你會聽到很多嘶嘶聲。
4、比較遠程和本地文件
ssh 用戶名@遠程主機 cat /path/to/remotefile | diff /path/to/localfile –
在比較本地文件和遠程文件是否有差異時這個命令很管用。
5、通過SSH掛載目錄/文件系統
sshfs 用戶名@遠程主機:/path/to/folder /path/to/mount/point
從http://fuse.sourceforge.net/sshfs.html下載sshfs,
它允許你跨網絡安全掛載一個目錄。
6、通過中間主機建立SSH連接
ssh -t 中間主機 ssh 遠程不可直接訪問的主機
從本地網絡無法直接訪問的主機,但可以從中間主機所在網絡訪問時,
這個命令通過到中間主機的“隱藏”連接,創建連接到遠程不可直接訪問的主機的連接。
7、原文此條和第一條重複
8、原文此條和第六條重複
9、創建到目標主機的持久化連接
ssh -MNf 用戶名@主機
在後臺創建到目標主機的持久化連接,將這個命令和你~/.ssh/config中的配置結合使用:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
所有到目標主機的SSH連接都將使用持久化SSH套接字,如果你使用SSH定期同步
文件(使用rsync/sftp/cvs/svn),這個命令將非常有用,
因爲每次打開一個SSH連接時不會創建新的套接字。
10、通過SSH連接屏幕
ssh -t remote_host screen –r
直接連接到遠程屏幕會話(節省了無用的父bash進程)。
11、端口檢測(敲門)
knock 主機 3000 4000 5000 && ssh -p 端口 用戶名@主機 && knock 主機 5000 4000 3000
在一個端口上敲一下打開某個服務的端口(如SSH),
再敲一下關閉該端口,需要先安裝knockd,下面是一個配置文件示例。
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12、從已知主機列表中刪除一個主機
ssh-keygen -R 要刪除的主機名
13、通過SSH運行復雜的遠程shell命令(不用轉義特殊字符)
ssh host -l user $(<cmd.txt)
更具移植性的版本:
ssh host -l user “`cat cmd.txt`”
14、通過SSH將MySQL數據庫複製到新服務器
mysqldump –add-drop-table –extended-insert \
–force –log-error=error.log \
-uUSER -pPASS OLD_DB_NAME \
| ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
通過壓縮的SSH隧道Dump一個MySQL數據庫,將其作爲輸入傳遞給mysql命令,
我認爲這是遷移數據庫到新服務器最快最好的方法。
15、原文該條目表述不清,刪除
16、從一臺沒有ssh-copy-id命令的主機將你的SSH公鑰複製到服務器
cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
如果你使用Mac OS X或其它沒有ssh-copy-id命令的*nix變種,這個命令可以將你的公鑰複製到遠程主機,因此你照樣可以實現無密碼SSH登錄。
17、實時SSH網絡吞吐量測試
yes | pv | ssh 主機 "cat > /dev/null"
通過SSH連接到主機,顯示實時的傳輸速度,將所有傳輸數據指向/dev/null,需要先安裝pv。
18、如果建立一個可以重新連接的遠程GNU screen
ssh -t 用戶名@主機 /usr/bin/screen –xRR
人們總是喜歡在一個文本終端中打開許多shell,如果會話突然中斷,或你按下了“Ctrl-a d”,遠程主機上的shell不會受到絲毫影響,你可以重新連接,其它有用的screen命令有“Ctrl-a c”(打開新的shell)和“Ctrl-a a”(在shell之間來回切換),請訪問http://aperiodic.net/screen/quick_reference閱讀更多關於screen命令的快速參考。
19、繼續scp大文件
rsync –partial –progress –rsh=ssh 源文件 用戶名@主機:目標文件
它可以恢復失敗的rsync命令,當你通過***傳輸大文件,如備份的數據庫時這個命令非常有用,需要在兩邊的主機上安裝rsync。
20、通過SSH w/wireshark分析流量
ssh 用戶名@主機 ‘tshark -f “port !22″ -w -’ | wireshark -k -i -
使用tshark捕捉遠程主機上的網絡通信,通過SSH連接發送原始pcap數據,並在wireshark中顯示,按下Ctrl+C將停止捕捉,但也會關閉wireshark窗口,可以傳遞一個“-c #”參數給tshark,讓它只捕捉“#”指定的數據包類型,或通過命名管道重定向數據,而不是直接通過SSH傳輸給wireshark,我建議你過濾數據包,以節約帶寬,tshark可以使用tcpdump替代:
ssh 用戶名@主機 tcpdump -w – ‘port !22′ | wireshark -k -i -
21、原文此條和第九條重複
22、更穩定,更快,更強的SSH客戶端
ssh -4 -C -c blowfish-cbc
強制使用IPv4,壓縮數據流,使用Blowfish加密。
23、使用cstream控制帶寬
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
使用bzip壓縮文件夾,然後以777k bit/s速率向遠程主機傳輸。Cstream還有更多的功能,請訪問http://www.cons.org/cracauer/cstream.html#usage瞭解詳情,例如:
echo w00t, i’m 733+ | cstream -b1 -t2
24、原文此條和第一條重複
25、將標準輸入(stdin)複製到你的X11緩衝區
ssh 用戶名@主機 cat /path/to/some/file | xclip
你是否使用scp將文件複製到工作用電腦上,以便複製其內容到電子郵件中?xclip可以幫到你,
它可以將標準輸入複製到X11緩衝區,你需要做的就是點擊鼠標中鍵粘貼緩衝區中的內容。
link http://blog.urfix.com/25-ssh-commands-tricks/
OpenSSH is a FREE
version of the SSH connectivity tools that technical users of the
Internet rely on. Users of telnet, rlogin, and ftp may not realize that
their password is transmitted across the Internet unencrypted, but it
is. OpenSSH encrypts all traffic (including passwords) to effectively
eliminate eavesdropping, connection hijacking, and other attacks. The
encryption that OpenSSH provides has been strong enough to earn the
trust of Trend Micro
and other providers of cloud computing.Additionally, OpenSSH provides
secure tunneling capabilities and several authentication methods, and
supports all SSH protocol versions.
SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands
1) Copy ssh keys to user@host to enable password-less ssh logins.
ssh-copy-id user@host
To generate the keys use the command ssh-keygen
2) Start a tunnel from some machine’s port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine
Now you can acces the website by going to http://localhost:2001/
3) Output your microphone to a remote computer’s speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
This
will output the sound from your microphone port to the ssh target
computer’s speaker port. The sound quality is very bad, so you will hear
a lot of hissing.
4) Compare a remote file with a local file
ssh user@host cat /path/to/remotefile | diff /path/to/localfile -
Useful for checking if there are differences between local and remote files.
5) Mount folder/filesystem through SSH
sshfs name@server:/path/to/folder /path/to/mount/point
Install SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network.
6) SSH connection through host in the middle
ssh -t reachable_host ssh unreachable_host
Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.
7) Copy from host1 to host2, through your host
ssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -“
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
8) Run any GUI program remotely
ssh -fX <user>@<host> <program>
The SSH server configuration requires:
X11Forwarding yes # this is default in Debian
And it’s convenient too:
Compression delayed
9) Create a persistent connection to a machine
ssh -MNf <user>@<host>
Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the
persisten SSH socket. This is very useful if you are using SSH to
synchronize files (using rsync/sftp/cvs/svn) on a regular basis because
it won’t create a new socket each time to open an ssh connection.
10) Attach screen over ssh
ssh -t remote_host screen -r
Directly attach a remote screen session (saves a useless parent bash process)
11) Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000
Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12) Remove a line in a text file. Useful to fix
ssh-keygen -R <the_offending_host>
In this case it’s better do to use the dedicated tool
13) Run complex remote shell cmds over ssh, without escaping quotes
ssh host -l user $(<cmd.txt)
Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”
14) Copy a MySQL Database to a new Server via SSH with one command
mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!
15) Remove a line in a text file. Useful to fix “ssh host key change” warnings
sed -i 8d ~/.ssh/known_hosts
16) Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id
cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
If
you use Mac OS X or some other *nix variant that doesn’t come with
ssh-copy-id, this one-liner will allow you to add your public key to a
remote machine so you can subsequently ssh to that machine without a
password.
17) Live ssh network throughput test
yes | pv | ssh $host “cat > /dev/null”
connects to host via ssh and displays the live transfer speed, directing all transferred data to /dev/null
needs pv installed
Debian: ‘apt-get install pv’
Fedora: ‘yum install pv’ (may need the ‘extras’ repository enabled)
18) How to establish a remote Gnu screen session that you can re-connect to
ssh -t [email protected] /usr/bin/screen -xRR
Long
before tabbed terminals existed, people have been using Gnu screen to
open many shells in a single text terminal. Combined with ssh, it gives
you the ability to have many open shells with a single remote connection
using the above options. If you detach with “Ctrl-a d” or if the ssh
session is accidentally terminated, all processes running in your remote
shells remain undisturbed, ready for you to reconnect. Other useful
screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a”
(alternate between shells). Read this quick reference for more screen
commands: http://aperiodic.net/screen/quick_reference
19) Resume scp of a big file
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file
It can resume a failed secure copy ( usefull when you transfer big files like db dumps through *** ) using rsync.
It requires rsync installed in both hosts.
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local
20) Analyze traffic remotely over ssh w/ wireshark
ssh [email protected] ‘tshark -f “port !22″ -w -‘ | wireshark -k -i -
This
captures traffic on a remote machine with tshark, sends the raw pcap
data over the ssh link, and displays it in wireshark. Hitting ctrl+C
will stop the capture and unfortunately close your wireshark window.
This can be worked-around by passing -c # to tshark to only capture a
certain # of packets, or redirecting the data through a named pipe
rather than piping directly from ssh to wireshark. I recommend filtering
as much as you can in the tshark command to conserve bandwidth. tshark
can be replaced with tcpdump thusly:
ssh [email protected] tcpdump -w – ‘port !22′ | wireshark -k -i –
21) Have an ssh session open forever
autossh -M50000 -t server.example.com ‘screen -raAd mysession’
Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.
22) Harder, Faster, Stronger SSH clients
ssh -4 -C -c blowfish-cbc
We
force IPv4, compress the stream, specify the cypher stream to be
Blowfish. I suppose you could use aes256-ctr as well for cypher spec.
I’m of course leaving out things like master control sessions and such
as that may not be available on your shell although that would speed
things up as well.
23) Throttle bandwidth with cstream
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
this bzips a folder and transfers it over the network to “host” at 777k bit/s.
cstream can do a lot more, have a look http://www.cons.org/cracauer/cstream.html#usage
for example:
echo w00t, i’m 733+ | cstream -b1 -t2
24) Transfer SSH public key to another machine in one step
ssh-keygen; ssh-copy-id user@host; ssh user@host
This
command sequence allows simple setup of (gasp!) password-less SSH
logins. Be careful, as if you already have an SSH keypair in your ~/.ssh
directory on the local machine, there is a possibility ssh-keygen may
overwrite them. ssh-copy-id copies the public key to the remote host and
appends it to the remote account’s ~/.ssh/authorized_keys file. When
trying ssh, if you used no passphrase for your key, the remote shell
appears soon after invoking ssh user@host.
25) Copy stdin to your X11 buffer
ssh user@host cat /path/to/some/file | xclip
Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file :)
Have Fun
Please comment if you have any other good SSH Commands OR Tricks.