OpenSSH是SSH连接工具的免费版本。telnet,rlogin和ftp用户可能还没意识到他们在互联网上
传输的密码是未加密的,但SSH是加密的,OpenSSH加密所有通信(包括密码),有效消除了窃听,
连接劫持和其它***。此外,OpenSSH提供了安全隧道功能和多种身份验证方法,
支持SSH协议的所有版本。
SSH是一个非常伟大的工具,如果你要在互联网上远程连接到服务器,那么SSH无疑是最佳的候选。
下面是通过网络投票选出的25个最佳SSH命令,你必须牢记于心。
1、复制SSH密钥到目标主机,开启无密码SSH登录
ssh-copy-id user@host
如果还没有密钥,请使用ssh-keygen命令生成。
2、从某主机的80端口开启到本地主机2001端口的隧道
ssh -N -L2001:localhost:80 某主机
现在你可以直接在浏览器中输入http://localhost:2001访问这个网站。
3、将你的麦克风输出到远程计算机的扬声器
dd if=/dev/dsp | ssh -c arcfour -C 用户名@远程主机 dd of=/dev/dsp
这样来自你麦克风端口的声音将在SSH目标计算机的扬声器端口输出,但遗憾的是,声音质量很差,
你会听到很多嘶嘶声。
4、比较远程和本地文件
ssh 用户名@远程主机 cat /path/to/remotefile | diff /path/to/localfile –
在比较本地文件和远程文件是否有差异时这个命令很管用。
5、通过SSH挂载目录/文件系统
sshfs 用户名@远程主机:/path/to/folder /path/to/mount/point
从http://fuse.sourceforge.net/sshfs.html下载sshfs,
它允许你跨网络安全挂载一个目录。
6、通过中间主机建立SSH连接
ssh -t 中间主机 ssh 远程不可直接访问的主机
从本地网络无法直接访问的主机,但可以从中间主机所在网络访问时,
这个命令通过到中间主机的“隐藏”连接,创建连接到远程不可直接访问的主机的连接。
7、原文此条和第一条重复
8、原文此条和第六条重复
9、创建到目标主机的持久化连接
ssh -MNf 用户名@主机
在后台创建到目标主机的持久化连接,将这个命令和你~/.ssh/config中的配置结合使用:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
所有到目标主机的SSH连接都将使用持久化SSH套接字,如果你使用SSH定期同步
文件(使用rsync/sftp/cvs/svn),这个命令将非常有用,
因为每次打开一个SSH连接时不会创建新的套接字。
10、通过SSH连接屏幕
ssh -t remote_host screen –r
直接连接到远程屏幕会话(节省了无用的父bash进程)。
11、端口检测(敲门)
knock 主机 3000 4000 5000 && ssh -p 端口 用户名@主机 && knock 主机 5000 4000 3000
在一个端口上敲一下打开某个服务的端口(如SSH),
再敲一下关闭该端口,需要先安装knockd,下面是一个配置文件示例。
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12、从已知主机列表中删除一个主机
ssh-keygen -R 要删除的主机名
13、通过SSH运行复杂的远程shell命令(不用转义特殊字符)
ssh host -l user $(<cmd.txt)
更具移植性的版本:
ssh host -l user “`cat cmd.txt`”
14、通过SSH将MySQL数据库复制到新服务器
mysqldump –add-drop-table –extended-insert \
–force –log-error=error.log \
-uUSER -pPASS OLD_DB_NAME \
| ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
通过压缩的SSH隧道Dump一个MySQL数据库,将其作为输入传递给mysql命令,
我认为这是迁移数据库到新服务器最快最好的方法。
15、原文该条目表述不清,删除
16、从一台没有ssh-copy-id命令的主机将你的SSH公钥复制到服务器
cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
如果你使用Mac OS X或其它没有ssh-copy-id命令的*nix变种,这个命令可以将你的公钥复制到远程主机,因此你照样可以实现无密码SSH登录。
17、实时SSH网络吞吐量测试
yes | pv | ssh 主机 "cat > /dev/null"
通过SSH连接到主机,显示实时的传输速度,将所有传输数据指向/dev/null,需要先安装pv。
18、如果建立一个可以重新连接的远程GNU screen
ssh -t 用户名@主机 /usr/bin/screen –xRR
人们总是喜欢在一个文本终端中打开许多shell,如果会话突然中断,或你按下了“Ctrl-a d”,远程主机上的shell不会受到丝毫影响,你可以重新连接,其它有用的screen命令有“Ctrl-a c”(打开新的shell)和“Ctrl-a a”(在shell之间来回切换),请访问http://aperiodic.net/screen/quick_reference阅读更多关于screen命令的快速参考。
19、继续scp大文件
rsync –partial –progress –rsh=ssh 源文件 用户名@主机:目标文件
它可以恢复失败的rsync命令,当你通过***传输大文件,如备份的数据库时这个命令非常有用,需要在两边的主机上安装rsync。
20、通过SSH w/wireshark分析流量
ssh 用户名@主机 ‘tshark -f “port !22″ -w -’ | wireshark -k -i -
使用tshark捕捉远程主机上的网络通信,通过SSH连接发送原始pcap数据,并在wireshark中显示,按下Ctrl+C将停止捕捉,但也会关闭wireshark窗口,可以传递一个“-c #”参数给tshark,让它只捕捉“#”指定的数据包类型,或通过命名管道重定向数据,而不是直接通过SSH传输给wireshark,我建议你过滤数据包,以节约带宽,tshark可以使用tcpdump替代:
ssh 用户名@主机 tcpdump -w – ‘port !22′ | wireshark -k -i -
21、原文此条和第九条重复
22、更稳定,更快,更强的SSH客户端
ssh -4 -C -c blowfish-cbc
强制使用IPv4,压缩数据流,使用Blowfish加密。
23、使用cstream控制带宽
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
使用bzip压缩文件夹,然后以777k bit/s速率向远程主机传输。Cstream还有更多的功能,请访问http://www.cons.org/cracauer/cstream.html#usage了解详情,例如:
echo w00t, i’m 733+ | cstream -b1 -t2
24、原文此条和第一条重复
25、将标准输入(stdin)复制到你的X11缓冲区
ssh 用户名@主机 cat /path/to/some/file | xclip
你是否使用scp将文件复制到工作用电脑上,以便复制其内容到电子邮件中?xclip可以帮到你,
它可以将标准输入复制到X11缓冲区,你需要做的就是点击鼠标中键粘贴缓冲区中的内容。
link http://blog.urfix.com/25-ssh-commands-tricks/
OpenSSH is a FREE
version of the SSH connectivity tools that technical users of the
Internet rely on. Users of telnet, rlogin, and ftp may not realize that
their password is transmitted across the Internet unencrypted, but it
is. OpenSSH encrypts all traffic (including passwords) to effectively
eliminate eavesdropping, connection hijacking, and other attacks. The
encryption that OpenSSH provides has been strong enough to earn the
trust of Trend Micro
and other providers of cloud computing.Additionally, OpenSSH provides
secure tunneling capabilities and several authentication methods, and
supports all SSH protocol versions.
SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands
1) Copy ssh keys to user@host to enable password-less ssh logins.
ssh-copy-id user@host
To generate the keys use the command ssh-keygen
2) Start a tunnel from some machine’s port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine
Now you can acces the website by going to http://localhost:2001/
3) Output your microphone to a remote computer’s speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
This
will output the sound from your microphone port to the ssh target
computer’s speaker port. The sound quality is very bad, so you will hear
a lot of hissing.
4) Compare a remote file with a local file
ssh user@host cat /path/to/remotefile | diff /path/to/localfile -
Useful for checking if there are differences between local and remote files.
5) Mount folder/filesystem through SSH
sshfs name@server:/path/to/folder /path/to/mount/point
Install SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network.
6) SSH connection through host in the middle
ssh -t reachable_host ssh unreachable_host
Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.
7) Copy from host1 to host2, through your host
ssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -“
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
8) Run any GUI program remotely
ssh -fX <user>@<host> <program>
The SSH server configuration requires:
X11Forwarding yes # this is default in Debian
And it’s convenient too:
Compression delayed
9) Create a persistent connection to a machine
ssh -MNf <user>@<host>
Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the
persisten SSH socket. This is very useful if you are using SSH to
synchronize files (using rsync/sftp/cvs/svn) on a regular basis because
it won’t create a new socket each time to open an ssh connection.
10) Attach screen over ssh
ssh -t remote_host screen -r
Directly attach a remote screen session (saves a useless parent bash process)
11) Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000
Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12) Remove a line in a text file. Useful to fix
ssh-keygen -R <the_offending_host>
In this case it’s better do to use the dedicated tool
13) Run complex remote shell cmds over ssh, without escaping quotes
ssh host -l user $(<cmd.txt)
Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”
14) Copy a MySQL Database to a new Server via SSH with one command
mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!
15) Remove a line in a text file. Useful to fix “ssh host key change” warnings
sed -i 8d ~/.ssh/known_hosts
16) Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id
cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
If
you use Mac OS X or some other *nix variant that doesn’t come with
ssh-copy-id, this one-liner will allow you to add your public key to a
remote machine so you can subsequently ssh to that machine without a
password.
17) Live ssh network throughput test
yes | pv | ssh $host “cat > /dev/null”
connects to host via ssh and displays the live transfer speed, directing all transferred data to /dev/null
needs pv installed
Debian: ‘apt-get install pv’
Fedora: ‘yum install pv’ (may need the ‘extras’ repository enabled)
18) How to establish a remote Gnu screen session that you can re-connect to
ssh -t [email protected] /usr/bin/screen -xRR
Long
before tabbed terminals existed, people have been using Gnu screen to
open many shells in a single text terminal. Combined with ssh, it gives
you the ability to have many open shells with a single remote connection
using the above options. If you detach with “Ctrl-a d” or if the ssh
session is accidentally terminated, all processes running in your remote
shells remain undisturbed, ready for you to reconnect. Other useful
screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a”
(alternate between shells). Read this quick reference for more screen
commands: http://aperiodic.net/screen/quick_reference
19) Resume scp of a big file
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file
It can resume a failed secure copy ( usefull when you transfer big files like db dumps through *** ) using rsync.
It requires rsync installed in both hosts.
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local
20) Analyze traffic remotely over ssh w/ wireshark
ssh [email protected] ‘tshark -f “port !22″ -w -‘ | wireshark -k -i -
This
captures traffic on a remote machine with tshark, sends the raw pcap
data over the ssh link, and displays it in wireshark. Hitting ctrl+C
will stop the capture and unfortunately close your wireshark window.
This can be worked-around by passing -c # to tshark to only capture a
certain # of packets, or redirecting the data through a named pipe
rather than piping directly from ssh to wireshark. I recommend filtering
as much as you can in the tshark command to conserve bandwidth. tshark
can be replaced with tcpdump thusly:
ssh [email protected] tcpdump -w – ‘port !22′ | wireshark -k -i –
21) Have an ssh session open forever
autossh -M50000 -t server.example.com ‘screen -raAd mysession’
Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.
22) Harder, Faster, Stronger SSH clients
ssh -4 -C -c blowfish-cbc
We
force IPv4, compress the stream, specify the cypher stream to be
Blowfish. I suppose you could use aes256-ctr as well for cypher spec.
I’m of course leaving out things like master control sessions and such
as that may not be available on your shell although that would speed
things up as well.
23) Throttle bandwidth with cstream
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
this bzips a folder and transfers it over the network to “host” at 777k bit/s.
cstream can do a lot more, have a look http://www.cons.org/cracauer/cstream.html#usage
for example:
echo w00t, i’m 733+ | cstream -b1 -t2
24) Transfer SSH public key to another machine in one step
ssh-keygen; ssh-copy-id user@host; ssh user@host
This
command sequence allows simple setup of (gasp!) password-less SSH
logins. Be careful, as if you already have an SSH keypair in your ~/.ssh
directory on the local machine, there is a possibility ssh-keygen may
overwrite them. ssh-copy-id copies the public key to the remote host and
appends it to the remote account’s ~/.ssh/authorized_keys file. When
trying ssh, if you used no passphrase for your key, the remote shell
appears soon after invoking ssh user@host.
25) Copy stdin to your X11 buffer
ssh user@host cat /path/to/some/file | xclip
Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file :)
Have Fun
Please comment if you have any other good SSH Commands OR Tricks.