Linux SSH实用技巧几则
ç°å¨è¿ç¨æå¡å¨ç®¡çæ常ç¨çæ¹å¼è¦æ°SSH(Secure Shelläº)ãSSH以å¶æç®ä¾¿çæ¹å¼è¿æ¥è¿æ¥ï¼å¹¶å¯¹é讯è¿ç¨è¿è¡å å¯ãåºäºæ使ç¨çç®æ³ï¼ä¸è¬è®¤ä¸ºçªå¬éè¿sshé讯åºæ¬ä¸ä¸å¯è½ãSSH使ç¨ç客æ·ç«¯ï¼å¨LinuxæUnixä¸ä¸è¬æ¯ç´æ¥ç¨sshå½ä»¤ï¼å¨Windows ä¸å¨CygwinæWSLçç±»Linuxç¯å¢ä¸ä¹æ¯æãWindowsç³»ç»ä¼ç¨å¾å¤å®¢æ·ç«¯è½¯ä»¶ï¼æ¯å¦SecureCRT Xshellï¼æ使ç¨çæ¯åè´¹å¼æºçPuttyã
使ç¨sshæå¾å¤æå·§ï¼æäºé常ç®åï¼æäºåè¶åºäºä¸ä¸ªç»ç«¯åºç¨çèç´ãæ们ç¥ésshå¯ä»¥å®å¨å°ä¼ è¾æ件(scp)ï¼ä¹å¯ä»¥éè¿sshæè½½è¿ç¨æ件系ç»;å¯ä»¥ä½¿ç¨sshæµè§å¨ä¸å®å¨é¨æ¸¸ç½ç»ï¼è¿å¯ä»¥ä½¿ç¨sshé§éå å¯ä¼ è¾æµéãæ¬æè«è«ç»å¤§å®¶ä»ç»ä¸ä¸SSHçä¸äºæå·§ãæ们å设读èäºè§£ä¸äºSSHåºç¡ç¥è¯ï¼ç¨scpåsftpç¨äºæ件å¤å¶ï¼ssh-copy-idç¨äºè®¾ç½®æ å¯ç è¯ä¹¦ç»å½ï¼å½ç¶ä½ ä¸ç¥éä¹æ²¡å³ç³»ï¼é®ä¸åº¦å¨10åéåå°±å¯ä»¥æå®ã
SSHå«å
sshå½ä»¤è¡ä¸æå¾å¤é项è¦è®°ä½ï¼æ¯å¦IPã端å£ãç¨æ·åãç§é¥(å¦æä¸æ¯æ åä½ç½®åååçè¯ä¹¦ï¼æèå¤ä¸ªè¯ä¹¦æ¶å)ï¼ä½æ¯å®éä¸æ¯å¯ä»¥å·æçï¼çè³IPï¼ç«¯å£æ们é½ä¸éè¦è®°ï¼åªéè¦å¨~/.ssh /configæ件ä¸ï¼å¯ä»¥å建ä¸ä¸ªå«åï¼è®¾ç½®åè¿äºé项å³å¯ãä¾å¦ï¼å设è¦è¿æ¥å°ä¸å°ä¸»æºï¼æ们ç»ä»è®¾ç½®å«å为Chongchongï¼
Host chongchong HostName ijz.me Port 1234 User cc IdentityFile ~/.ssh/chongchong_id ForwardX11 yes Compression yes TCPKeepAlive yes
å¯ä»¥æ ¹æ®éè¦ä½¿ç¨ä»»æå¤ä¸ªå«åãè³äºæ·»å å¤ä¸ª"Host"éç½®è¡å³å¯ãå¯ä»¥å¨ä¸ä¸ªHostè¯å¥ä¸æ·»å å¤ä¸ªå«åãéåçé项å¯ä»¥ç¨äºä»»ä½ä¸ä¸ªå«åã
éç½®åæ们åªéè¿æ¥ssh congchongï¼å°±ä¼å¯ç¨ææéç½®çé项ã
å½ç¶ï¼å¦æ使ç¨çæ¯Putty客æ·ç«¯ï¼ä¸»è¦é项é½å¨å¶éç½®çSessioné¢æ¿åSSHé¢æ¿ä¸ãå¯è½æ²¡æ太å¤éæ©ï¼ä½æ¯å¯ä»¥å°è¯ä¸äºã
å 个æç¨çé置项
1. ControlMaster
æä¸ç»é常æç¨çSSHé置项ï¼åæ¬è®¾ç½®masteræ§å¶æ件ãä¾å¦ï¼
ControlMaster auto ControlPath ~/.ssh/master-%r@%h:%p
è¿å¯ä»¥ä½¿è¿æ¥åä¸ä¸»æºçå¤ä¸ªä¼è¯å±äº«ä¸ä¸ªTCPå¥æ¥åãå 为设置å®å¨å¥æ¥åéè¦è±è´¹ä¸äºæ¶é´ï¼å¦æå¨ä¸¤ä¸ªä¸»æºä¹é´è¿è¡å¤ä¸ªä¼è¯ï¼è¯¥è®¾ç½®å å¿«é度ãå¯ä»¥ä½¿ç¨éç½®æ件ä¸çHost *项对ææ主æºè®¾ç½®ãè¿å¯ä»¥å°å¶ç¨äºå¨å±é项ã
éè¦æ³¨æçæ¯ï¼å¦æéè¿å¤ä¸ªè¿æ¥ä¼ è¾å¤§éæ°æ®ï¼åControlMasteréç½®å¯è½ä¼å½±åä¼ è¾ï¼è¿æ¶åå¯ä»¥ä½¿ç¨-S noneæ¥ä¸´æ¶è¦çæå¨å±è®¾ç½®å³éå®ã
å¦å¤ï¼å¦æå¨å³éææå¶ä»è¿æ¥ä¹åå°è¯éåºï¼å第ä¸ä¸ªsshä¼è¯çèµ·æ¥å¯è½ä¼æèµ·ãå¯ä»¥å¯¹ç»å½å°ç»å¸¸è¿æ¥ç主æºæ¶è¿è¡ä¸ä¸ªéèçsshä¼è¯ï¼å¯ä»¥é¿å该é®é¢ãä½æ¯ï¼æ´å¥½çæ¹æ³æ¯è®¾ç½®ControlPersist yesãè¿ä¼ä½¿åå§ä¼è¯æ éæå°è¿å¥åå°ãå¯ä»¥å¯¹å®è®¾ç½®æ¶é´éå¶ï¼æ¯å¦è®¾ç½®ControlPersist为180(æå¶ä»æ°å)ã表示ä¸åéå没æè¿æ¥ï¼ä¼èªå¨å³éè¿æ¥ã
è¿ç§æ¹æ³çå¦ä¸ä¸ªç¼ºç¹æ¯ï¼ä¼äº§çå¾å¤çmasteråå¾æ件ãå¯ä»¥è®¾ç½®ç»éæ¶åèªå¨æ¸çï¼æ¯å¦rc.local设置ï¼
/bin/rm /home/*/.ssh/master-* || true >/dev/null
å¦æ使ç¨Putty客æ·ç«¯ï¼å¯ä»¥å¨SSHé项é¢æ¿ä¸éä¸"Share SSH connections if possible"å¤é项æ¥è®¾ç½®ã
2. BatchMode
éç½®æ件ä¸è¿ä½¿ç¨å¾å¤éç½®é项ãä¾å¦ï¼BatchModeåè¯ssh该è¿æ¥æ¯æ 人å¼å®åºç¨ï¼é¿åä¸å¿è¦çæ示ç¨æ·è¾å¥å¯ç æå¶ä»äº¤äºæ§çå容ãå¦æ认è¯é¡¹è®¾ç½®ä¸å¨å°±ä¼ç´æ¥æ¥ééåºã
3. SendEnv
å¯ä»¥å¨SSHè¿æ¥æ¶åéç¯å¢åéåéç»è¿ç¨ä¸»æºãä¾å¦ï¼å¸æå¨å·¥ä½ç«åæå¡å¨ä¸å§ç»ä¿æLS_COLORSç¸åï¼ä½æ¯ä¼ç»å¸¸æ´æ¹ï¼å¹¶ä¸ä¸å¸æ使ç¨ç¸åçéç½®æ件ãå¯ä»¥æ·»å ä¸é¢éç½®ï¼
4. SendEnv LS_COLORS
Puttyå¯ä»¥ä»å¶configure页ç"Connect/Data"é项å¡ä¸è®¾ç½®ç¯å¢åéã
5. TCPKeepAlive
å¨ç½ç»ç«¯ï¼å¦æå¸ææå¡å¨å客æ·ç«¯å¨ç©ºé²æ¶ä¸ä¼æå¼ï¼åå¯ä»¥è®¾ç½®TCPKeepAliveæå®ä¸ºyesãå¦æè¿æ¥å¤äºç©ºé²ç¶æï¼åä¸ä¼æå¼è¿æ¥ãã
è¿ç¨å½ä»¤æ§è¡
è¿æ¯SSHææç¨çæå·§ãæ们æ¶å¸¸è¦ç»é主æºä»ä»æ¯ä¸ºäºæ§è¡ä¸äºå½ä»¤ï¼å¦æ为äºä¸ªå«å½ä»¤æèæ¹éæä½éè¦(å½ç¶å¯ä»¥ç¨ansibleç)ï¼è¦ç»é主æºå¨æä½å°±æç¹ä¸æ¹ä¾¿äºãå®éä¸ï¼å¦æåªæ¯ä¸ºäºæ§è¡å½ä»¤æèèæ¬ï¼å®å¨å¯ä»¥ä¸ç¨ç»éå°è¿ç¨ä¸»æºï¼ç´æ¥ç¨sshå½ä»¤å°±å¯ä»¥ã
ç®åå½ä»¤æ§è¡
SSHè¿ç¨æ§è¡å½ä»¤çæ ¼å¼ä¸ºï¼
ssh [ç¨æ·å]@[è¿ç¨ä¸»æºåæ IP] [å½ä»¤æèæ¬]
æ¯å¦æ们è¦è·åè¿ç¨ä¸»æºè¿è¡ä¿¡æ¯ï¼å¯ä»¥ä½¿ç¨uptimeï¼
ssh chongchong uptime
ç»æï¼
11:23:55 up 28 days, 23:41, 0 users, load average: 2.46, 1.16, 0.49
æ¯å¦æ们éè¦è·åè¿ç¨ä¸»æºçç£çæåµï¼å¯ä»¥ä½¿ç¨
ssh chongchong df -h
æ§è¡å¤æ¡å½ä»¤
å¶ä»å½ä»¤ä¹ç±»ä¼¼ï¼å¦æå½ä»¤è¾é¿æèæ¶åå¤ä¸ªå½ä»¤éè¦æå½ä»¤é¨åç¨å¼å·æ¬ä½ï¼
æ¯å¦è¦è·å主æºæåµå主æºç£çæåµï¼
ssh chongchong "uptime && df -h"
æè使ç¨ï¼
ssh chongchong "uptime ; df -h"
è¿ç¨æå
设æ³ä¸ä¸ªæ´å¤æçä¾åï¼æ们éè¦å¯¹è¿ç¨ä¸»æºç¨æåï¼ç¶ååæ¬å°ç¨Wiresharkåæï¼
ssh root@someserver 'tcpdump -c 1000 -nn -w - not port 1234' | wireshark -k -i -
å½å½ä»¤è¡ä¸éè¦ä½¿ç¨tsharkçæä½ã
ssh root@someserver 'tcpdump -c 1000 -nn -w - not port 1234' | wireshark -i -
ç»æï¼
… 3.759005 112.215.162.105 -> 112.252.251.70 TCP 78 [TCP Dup ACK 840#2] outlaws > 65522 [ACK] Seq=49 Ack=90193 Win=126 Len=0 TSval=2402288138 TSecr=2506305501 SLE=91561 SRE=94297 3.759022 112.252.251.70 -> 112.215.162.105 TCP 1434 65522 > outlaws [ACK] Seq=95665 Ack=49 Win=309 Len=1368 TSval=2506305583 TSecr=2402288138 3.761937 fe80::6d94:f636:7715:26dc -> ff02::1:2 DHCPv6 150 Solicit XID: 0x58568d CID: 000100011dd4af3b00155d6d3404 3.762006 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 103.218.185.171? Tell 103.218.185.1 3.762374 121.50.168.101 -> 121.50.168.255 NBNS 92 Name query NB XENNO.INFO<00> 3.768515 169.254.2.31 -> 169.254.255.255 NBNS 92 Name query NB FSIGNS.DUBA.NET<00> 3.780159 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 202.74.234.238? Tell 202.74.234.1 3.796134 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 112.252.251.93? Tell 112.252.251.1 3.801334 112.215.162.105 -> 112.252.251.70 TCP 78 [TCP Dup ACK 840#3] outlaws > 65522 [ACK] Seq=49 Ack=90193 Win=126 Len=0 TSval=2402288179 TSecr=2506305501 SLE=91561 SRE=95665 3.801394 112.252.251.70 -> 112.215.162.105 TCP 1434 [TCP Fast Retransmission] 65522 > outlaws [ACK] Seq=90193 Ack=49 Win=309 Len=1368 TSval=2506305625 TSecr=2402288179 3.804767 185.216.140.36 -> 157.119.69.59 TCP 60 51426 > 52622 [SYN] Seq=0 Win=1024 Len=0 3.806149 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 103.248.220.121? Tell 103.248.220.1 3.807153 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 103.248.221.171? Tell 103.248.221.1 3.809116 fe80::a563:2c5c:97df:13ca -> ff02::1:2 DHCPv6 148 Solicit XID: 0x5c67c7 CID: 000100011dd4af3b00155d6d3404 3.811726 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 202.74.232.203? Tell 202.74.232.1 3.812418 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 157.119.71.127? Tell 157.119.71.1 3.819393 fe80::910c:1871:e52f:9b82 -> ff02::1:2 DHCPv6 152 Solicit XID: 0x8a263a CID: 00010001205a760c00155df47d05 3.838355 Cisco_d3:c7:bf -> Broadcast ARP 60 Who has 202.74.234.147? Tell 202.74.234.1 3.840331 45.249.181.172 -> 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 3.840570 58.215.162.105 -> 142.252.251.70 TCP 66 outlaws > 65522 [ACK] Seq=49 Ack=95665 Win=117 Len=0 TSval=2402288220 TSecr=2506305625 3.840608 142.252.251.70 -> 58.215.162.105 TCP 1434 65522 > outlaws [ACK] Seq=97033 Ack=49 Win=309 Len=1368 TSval=2506305664 TSecr=2402288220 …
æ§è¡èæ¬
æ们ååä¸ä¸ªç®åèæ¬è·åè¿ç¨ä¸»æºä¸äºä¿¡æ¯ï¼åæ¬ä¸»æºåãuptimeï¼ååï¼ç£çååæ ¸ä¿¡æ¯ï¼
#!/bin/bash echo "---------主æºå--------------------------------------------" hostnamectl echo -e "\n" echo "---------ç³»ç»ä¿¡æ¯------------------------------------------" uptime echo -e "\n" echo "---------å¯ç¨åå------------------------------------------" free -m echo -e "\n" echo "---------ç£çä¿¡æ¯------------------------------------------" df -h echo -e "\n" echo "---------åæ ¸çæ¬-------------------------------------------" uname -a echo -e "\n" echo "------------------------------------------------------------"
ç¶å使ç¨ä¸é¢è¯å¥æ§è¡ï¼
ssh chongchong 'bash -s' < host-info.sh
ä¹å¯ä»¥ä½¿ç¨ç®¡éå½¢å¼ï¼ä½æ¯ä¼ææ示信æ¯ï¼
cat host-info.sh | ssh chongchong
SSHé度æµè¯
æ好ä¸ä¸ªæå·§ï¼SSHè¿æ¥éè¦é度快æç½ãé£ä¹ç©¶ç«SSHè¿æ¥å¿«ä¸å¿«ï¼æ们å¯ä»¥éåpvæ¥æµéï¼
yes | pv | ssh chongchong "cat >/dev/null"
sshfsæè½½è¿ç¨ç®å½
å¦æSSHè¿æ¥å¾å¿«ï¼æ们就å¯ä»¥åºäºSSHå°è¿ç¨ä¸»æºçç®å½ç¨sshfsæè½½å°æ¬å°æ¥ãæè½½çç®å½æ¯ä¸ä¸ªFUSEæ件系ç»,å¯ä»¥ä½ä¸ºå¸¸è§ç¨æ·ç¨åºèä¸æ¯åæ ¸æ件系ç»ã
mkdir ~/remoteshared sshfs <user>@<host>:/remotepath ~/remoteshared
注ææ®éç¨æ·è¦ç¨sshfsæè½½è¿ç¨ç®å½ï¼éè¦åæç¨æ·æ·»å å°fuseç¨æ·ç»ï¼å¦åä¼æ¥éï¼
fuse: failed to exec fusermount: Permission denied
æ们使ç¨ï¼
usermod -a -G fuse cc
è¿æ ·æ们就å¯ä»¥ä½¿ç¨sshfsäºï¼
sshfs chongchong:/tmp ./data
好äºï¼ç°å¨å°±å¯ä»¥å¨data对è¿ç¨ä¸»æºç/tmpç®å½åæä½äºã注æè¿æ个åæå°±æ¯ä½ çsshè¿æ¥éè¦å¾å¿«ï¼å¦åï¼ä½ 对该ç®å½(ç¶ç®å½)æä½(æ¯ls)ä¼é常æ¢ãè¿æ¶å¯ä»¥ä½¿ç¨ï¼
fusermount -u data
å é¤è¯¥æè½½ã
注æsshfsçæè½½ä¹ä¼å¨dfä¸æ¾ç¤ºï¼
df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 886G 16G 825G 2% / tmpfs 8.0G 0 8.0G 0% /dev/shm /dev/sda1 485M 87M 374M 19% /boot chongchong:/tmp 7.7G 2.7G 5.0G 35% /home/cc/data
æ»ç»