Learn a Linux command every day (59): SSH

Time:2021-3-17

Learn a Linux command every day (59): SSH

Yesterday’s recommendation:Learn a Linux command every day (58): telnet

Command introduction

SSH (secure shell) command is a protocol used to log in to the remote system safely. It can be used to record or execute commands on the remote server.

SSH (SSH client) is a program used to log on to the remote computer and execute commands on the remote computer. It can provide secure encrypted communication between two untrusted hosts in an insecure network.

Grammatical format

ssh [OPTIONS] [-p PORT] [[email protected]]HOSTNAME [COMMAND]

Option description

-4. Force SSH protocol to use only IPv4 address
-6 # force SSH protocol to use IPv6 address only
-A # enable connection forwarding from authentication agent
-A # disable forwarding of authentication proxy connections
-B bind_ Interface # address to bind to # bind_ Interface before trying to connect to the target host
-b bind_ Address # use bind_ Address is the source address of the connection on the local computer
-C # request to compress all data
-c cipher_ Spec # specifies the password specification used to encrypt the session
-D [bind_ Address:] port # specifies local "dynamic" application level port forwarding
-E log_ File # attach debug log to log_ File instead of standard error
-e escape_ Char # sets the escape character of the session with Pty (default: '~')
-F ᦇ profile ᦇ specifies the profile of SSH per user 
-F # configure SSH to transfer the request to the background before executing the command 
-Allow remote hosts to connect to local forwarding ports
-i identity_ File # specifies to read from this file the identity (private key) used for public key authentication
-K # enable authentication based on GSSAPI
-K # disable GSSAPI credentials
-L local_ socket:remote_ Socket # specifies to forward a connection to a given TCP port or UNIX socket on a local (client) host to a given remote host and port or UNIX socket.
-N # disable remote command execution 
-P # port # specifies the SSH connection port
-Q # silent mode
-S # is used to request to call a subsystem on a remote system
-T # disable allocation of pseudo terminals
-T # forced allocation of pseudo terminals
-Print SSH version number and exit
-V # detailed mode (output process information of SSH connection)
-X # enable X11 forwarding
-X # disable X11 forwarding
-Y # enable trusted X11 forwarding
-Syslog (3) system module

Application examples

Connect to remote host

ssh [email protected]_host
#SSH ﹣ connect to the remote host using a specific identity (private key)
ssh -i path/to/key_file [email protected]_host

Use a specific port to connect to a remote host

ssh [email protected]_host -p 9999

Use SSH to connect to the remote server and then run the command

ssh remote_host command
[[email protected] ~]# ssh 192.168.1.199 ls
The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established.
ECDSA key fingerprint is SHA256:mF2QLxkGH/mWhHu/NlaKOrx4nKkyVvhYV6BRPA8TdEk.
ECDSA key fingerprint is MD5:a1:91:03:6b:9a:91:f6:c3:cf:19:06:32:19:b9:85:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts.
[email protected]'s password: 
anaconda-ks.cfg
dos_test.txt
goinception
goInception-linux-amd64-v1.2.3.tar.gz
httpd
httpd-2.4.46
httpd-2.4.46.tar.gz
mingongge.file
mingongge.z01
mingongge.z02
mingongge.zip
testdir
test.txt

Check out the details of the SSH remote login process

[[email protected] ~]# ssh -v 192.168.1.199 -p 22
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.1.199 [192.168.1.199] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.199:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:mF2QLxkGH/mWhHu/NlaKOrx4nKkyVvhYV6BRPA8TdEk
debug1: Host '192.168.1.199' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password: 
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.199 ([192.168.1.199]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]om
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Sun Jan 17 14:26:28 2021 from 192.168.1.93

Learn a Linux command every day (55): ID

Learn a Linux command every day (56): Su / sudo

Learn a Linux command every day (57): cal

Recommended Today

Swift advanced 08: closure & capture principle

closure closurecanCapture and storageOf any constants and variables defined in their contextquote, this is the so-calledClose and wrap those constants and variablesTherefore, it is called“closure”Swift can handle everything for youCaptured memory managementOperation of. Three forms of closure [global function is a special closure]: a global function is a closure that has a name but does […]