OpenSSH
- Remote operations are done using ssh, scp, and sftp.
- Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
- The service side consists of sshd, sftp-server, and ssh-agent.
基本用法
ssh root@ip
或 ssh -l root -p 22 ip
- -l Specifies the user to log in as on the remote machine.
- -p Port to connect to on the remote host.
- -f Requests ssh to go to background just before command execution.
- -C Requests compression of all data.
- -N Do not execute a remote command. This is useful for just forwarding ports.
- -R remote (server) host are to be forwarded to the local side.
- -L local (client) host are to be forwarded to the given host and port, or Unix socket, on the remote side.
重启
1 | service sshd restart |
相关配置
1 | grep -v '^\s*$\|^\s*\#' /etc/ssh/sshd_config |
UsePrivilegeSeparation
连接慢
1 | GSSAPIAuthentication no |
修改端口
https://www.cyberciti.biz/faq/howto-change-ssh-port-on-linux-or-unix-server/
免密码登录
- 生成公钥
1 | cd ~/.ssh |
- 传输公钥至服务器
1 | scp id_rsa.pub root@ip:~/.ssh |
ssh-keyscan
1 | ssh-keyscan -H -t rsa ip >> known_hosts |
1 | cat /var/run/sshd.pid |
idle timeout for OpenSSH
端口转发
1 | ssh -N -L*:80:localhost:9600 root@localhost |
autossh 自动重连
主页 https://www.harding.motd.ca/autossh/
文档 https://www.harding.motd.ca/autossh/README.txt
安装
1 | Linux yum -y install autossh |
使用
1 | autossh -M 10010 -N root@ip |
https://stackoverflow.com/questions/25084288/keep-ssh-session-alive
ssh NAT traversal
1 | ssh -N -R8887:localhost:8000 root@ip |
sftp
Compared to the SCP protocol, which only allows file transfers, the SFTP protocol allows for a range of operations on remote files which make it more like a remote file system protocol. An SFTP client’s extra capabilities include resuming interrupted transfers, directory listings, and remote file removal.