Yesterday’s recommendation:Learn a Linux command every day (58): telnet
SSH (secure shell) command is a protocol used to log in to the remote system safely. It can be used to record or execute commands on the remote server.
SSH (SSH client) is a program used to log on to the remote computer and execute commands on the remote computer. It can provide secure encrypted communication between two untrusted hosts in an insecure network.
ssh [OPTIONS] [-p PORT] [[email protected]]HOSTNAME [COMMAND]
-4. Force SSH protocol to use only IPv4 address -6 # force SSH protocol to use IPv6 address only -A # enable connection forwarding from authentication agent -A # disable forwarding of authentication proxy connections -B bind_ Interface # address to bind to # bind_ Interface before trying to connect to the target host -b bind_ Address # use bind_ Address is the source address of the connection on the local computer -C # request to compress all data -c cipher_ Spec # specifies the password specification used to encrypt the session -D [bind_ Address:] port # specifies local "dynamic" application level port forwarding -E log_ File # attach debug log to log_ File instead of standard error -e escape_ Char # sets the escape character of the session with Pty (default: '~') -F ᦇ profile ᦇ specifies the profile of SSH per user -F # configure SSH to transfer the request to the background before executing the command -Allow remote hosts to connect to local forwarding ports -i identity_ File # specifies to read from this file the identity (private key) used for public key authentication -K # enable authentication based on GSSAPI -K # disable GSSAPI credentials -L local_ socket：remote_ Socket # specifies to forward a connection to a given TCP port or UNIX socket on a local (client) host to a given remote host and port or UNIX socket. -N # disable remote command execution -P # port # specifies the SSH connection port -Q # silent mode -S # is used to request to call a subsystem on a remote system -T # disable allocation of pseudo terminals -T # forced allocation of pseudo terminals -Print SSH version number and exit -V # detailed mode (output process information of SSH connection) -X # enable X11 forwarding -X # disable X11 forwarding -Y # enable trusted X11 forwarding -Syslog (3) system module
Connect to remote host
ssh [email protected]_host #SSH ﹣ connect to the remote host using a specific identity (private key) ssh -i path/to/key_file [email protected]_host
Use a specific port to connect to a remote host
ssh [email protected]_host -p 9999
Use SSH to connect to the remote server and then run the command
ssh remote_host command [[email protected] ~]# ssh 192.168.1.199 ls The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established. ECDSA key fingerprint is SHA256:mF2QLxkGH/mWhHu/NlaKOrx4nKkyVvhYV6BRPA8TdEk. ECDSA key fingerprint is MD5:a1:91:03:6b:9a:91:f6:c3:cf:19:06:32:19:b9:85:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.199' (ECDSA) to the list of known hosts. [email protected]'s password: anaconda-ks.cfg dos_test.txt goinception goInception-linux-amd64-v1.2.3.tar.gz httpd httpd-2.4.46 httpd-2.4.46.tar.gz mingongge.file mingongge.z01 mingongge.z02 mingongge.zip testdir test.txt
Check out the details of the SSH remote login process
[[email protected] ~]# ssh -v 192.168.1.199 -p 22 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 192.168.1.199 [192.168.1.199] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.1.199:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:mF2QLxkGH/mWhHu/NlaKOrx4nKkyVvhYV6BRPA8TdEk debug1: Host '192.168.1.199' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:0) debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:0) debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Trying private key: /root/.ssh/id_ed25519 debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 192.168.1.199 ([192.168.1.199]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected]om debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype [email protected] want_reply 0 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Sun Jan 17 14:26:28 2021 from 192.168.1.93