Summary of skills for efficient use of SSH

Time:2021-9-9

SSH has many cool features. How can it be your daily work partner? I think you need to understand the following 16 secrets for efficient use of SSH. They will certainly save you much more time than you use to configure them.

1. Multiple connections are shared

If you need to open the connection to the same server in multiple windows instead of entering the user name, password or waiting for the connection to be established every time, you can configure the connection sharing option of SSH, open your SSH configuration file locally, usually they are located in ~ /. SSH / config, and then add the following two lines:

Copy code

The code is as follows:

ControlMaster auto
ControlPath /tmp/ssh_mux_%h_%p_%r

Now try to disconnect you from the server and establish a new connection, then open a new window and create another connection. You will find that the second connection is established almost in an instant.

Windows user

If you are a Windows user, unfortunately, putty, the most popular open source SSH client, does not support this feature, but openssh is also implemented on windows, such as copsh. If you think the following skills are very helpful to you, maybe you should try copsh.

file transfer

Connection sharing can not only help you share multiple SSH connections. If you need to transfer files with the server through SFTP, you will find that they still use the same connection. If you use bash, you will find that you even support tab to automatically complete server-side files. The shared connection option is for tools that need to use SSH, such as Rsync, GIT and so on are equally effective.

2. Long connection

If you find that you need to connect to the same server countless times, the long connection option is for you:

Copy code

The code is as follows:

ControlPersist 4h

Now every time you establish a connection with the server through SSH, the connection will be maintained for 4 hours. Even after you exit the server, the connection can still be reused. Therefore, the next time you log in to the server (within 4 hours), you will find that the connection is established at a lightning speed. This option is particularly obvious for speeding up the copying of multiple files through SCP, Because you no longer need to do separate authentication for each file.

3. Don’t enter the password again

If you are still logging in to SSH through password, you should probably try SSH keys. First, use openssh to claim a pair of keys for yourself:

Copy code

The code is as follows:

$ ssh-keygen

Following the instructions, you should be able to see two files in your. SSH directory, ID_ RSA is your private key, and ID_ Ras.pub is your public key. Now you need to copy your public key to the server. If your system has SSH copy ID command, the copy will be very simple:

Copy code

The code is as follows:

$ ssh-copy-id [email protected]

Otherwise, you need to manually copy your public key to ~ /. SSH / authorized on the server_ In the keys file:

Copy code

The code is as follows:

$ < ~/.ssh/id_rsa.pub ssh clegg.example.org ‘mkdir -p .ssh; cat >> .ssh/authorized_keys; chmod go-w .ssh .ssh/authorized_keys’

Now try to reconnect to the ssh server or copy files. Is it no longer necessary to enter a password?

Configure SSH key for putty

Putty can also use SSH key to download putty Gen and pageant from putty website, then use putty Gen to generate your key and copy the public key to ‘. SSH / authorized’ of the server_ Keys’ directory, then run pageant, import your private key and let it run in the background. In case of danger, you can use putty to log in to the server directly through the public key. You can learn more about this feature in Chapters 8 and 9 of putty manual.

4. Connection transfer

Sometimes you may need to connect from one server to another, such as directly transmitting data between two servers without transferring through the local computer:

Copy code

The code is as follows:

www1 $ scp -pr templates www2:$PWD

(by the way, when you need to copy files between two servers, the $PWD variable is very useful), because even if you have added the public key of your local computer to the two servers, SCP will still prompt you to enter the password by default: This is because the server you use as a springboard does not have your private key, so, The second child server will reject your public key, but you must not copy your private key to the transit server to solve this problem. You can use agent forwarding to solve this problem. Just add the following line of code to your. SSH / config file:

Copy code

The code is as follows:

ForwardAgent yes

Or tick the “allow agent forwarding” option in putty, and now your local SSH becomes the SSH agent of the first server. It is as simple as connecting other servers from the first server. Note that if you want to enable this option, the intermediate server is worthy of your trust.

5. Omit the host name

Entering the full host name of the server to establish a new SSH connection is really boring, especially when you have a group of servers with the same domain name but different subdomains to manage, such as the following:

Copy code

The code is as follows:

* www1.example.com
* www2.example.com
* mail.example.com
* intranet.internal.example.com
* backup.internal.example.com
* dev.internal.example.com

Perhaps your network has been configured to directly use short domain names, such as intranet, but if your network does not support it, in fact, you can solve this problem yourself without turning to the network administrator.

The solution varies slightly according to the operating system you use. Here is the configuration of my Ubuntu system:

Copy code

The code is as follows:

prepend domain-search “internal.example.com”, “example.com”;

Then you need to restart the network:

Copy code

The code is as follows:

$ sudo restart network-manager

The two commands may vary slightly from system to system.

6. Host alias

You can also directly define the host alias in your SSH configuration, as follows:

Copy code

The code is as follows:

Host dev
HostName dev.internal.example.com

You can also use wildcards to group:

Copy code

The code is as follows:

Host dev intranet backup
HostName %h.internal.example.com</p>
<p>Host www* mail
HostName %h.example.com

In putty, you can save a separate session for each host name, and then double-click to establish a connection (but it may not support wildcards).

7. Omit the user name

If your user name on the remote server is different from your local user name, you can also set it in SSH configuration:

Copy code

The code is as follows:

Host www* mail
&nb
sp; HostName %h.example.com
User simon

Now, even if my local user name is smylers, I can still connect to my server as follows:

Copy code

The code is as follows:

$ ssh www2

SSH will use Simon account to connect to your server. Similarly, putty can save this information in your session.

8. Jump between servers

Sometimes, you may not be able to connect directly to a server, but need to use an intermediate server for transfer. This process can also be automated. First, make sure that you have configured public key access for the server and enabled agent forwarding. Now you can connect to the target server through two commands without any prompt:

Copy code

The code is as follows:

$ ssh gateway
gateway $ ssh db

Then, in your local SSH configuration, add the following configuration:

Copy code

The code is as follows:

Host db
HostName db.internal.example.com
ProxyCommand ssh gateway netcat -q 600 %h %p

Now you can connect directly to the target server through a command:

Copy code

The code is as follows:

$ ssh db

Here, you may need to wait a little longer because SSH needs to be authenticated twice. Note that netcat may also be written as NC or NCAT or preceded by G. you need to check your intermediate server to determine the actual parameters.

9. Break through the network blockade

Sometimes, the network you use may only open port 80, or they block the SSH port (the default port 22). In this case, you can break, break, block and lock by configuring the ssh server to listen on port 80 or port 443. You only need to edit / etc / SSH / sshd of your server_ Config file:

Copy code

The code is as follows:

Port 443

Then restart the ssh server:

Copy code

The code is as follows:

$ sudo reload ssh

Of course, the premise is that your server does not use HTTs service, but in fact, you only need to set up one server to use HTTPS port. You can access this server, and you can use it as a springboard to visit other servers using the technology mentioned above, but remember, you need to configure this server in advance (how about now?) so that if you are in a network environment that can only access the web, you can save the trouble of calling others to configure the intermediate server for you.

10. Cross web proxy

Sometimes, your network not only blocks the SSH port, they may go further and only allow you to access the network through the web proxy. Fortunately, we have a program called corkscrew that can send SSH data through the web proxy. Corkscrew is very simple to use. Generally, I search when necessary, then download it directly, follow the instructions on the website, and then finish it. Generally, you need such a configuration:

Copy code

The code is as follows:

ProxyCommand corkscrew proxy.example.org 8080 %h %p

11. Remote GUI

Sometimes it is very useful to access remote server files through local GUI programs. For example, edit a picture, view a PDF file, or simply modify the code through a non command line editor. I find GVIM is more useful than VIM in the terminal, because I can open a new window through gvimopens to edit files, Continue to perform other operations with the current SSH window. Do not do so. You need to first enable an option called X forwarding in your SSH configuration:

Copy code

The code is as follows:

ForwardX11 yes

This option requires server configuration to work. The server also needs to enable x forwarding. You can use / etc / SSH / sshd on the server_ Add the following command to config:

Copy code

The code is as follows:

X11Forwarding yes

At the same time, you also need to ensure that xauth, editor, picture viewer and other graphical programs you need to run are installed. This method can work only when it supports the operation of local X server. There are free x servers on MAC and windows. You may need to spend some time configuring them. In contrast, it will be easier to switch to Linux.

12. Local operation and remote file

Another alternative to displaying remote GUI programs locally is to allow local GUI programs to directly operate remote files. You can do this through sshfs. You only need to create an empty directory, and then use sshfs to mount a remote directory to this directory:

Copy code

The code is as follows:

$ mkdir gallery_src
$ sshfs dev:projects/gallery/src gallery_src
$ cd gallery_src
$ ls

Now you can use any local program you like to facilitate the files in this directory. They seem to be local to you, but they are actually files on the remote server. You can use the fusermount command to unmount these files. Don’t worry about forgetting. They are on the top of the sshfs Manual:

Copy code

The code is as follows:

$ cd ..
$ fusermount -u gallery_src

Sshfs can work on Linux and OSX. For Windows users, I haven’t found any good way yet.

13. Access remote files via VIM

VIM has a built-in function to edit remote files directly. SCP URL is required:

Copy code

The code is as follows:

$ gvim scp://dev/projects/gallery/src/templates/search.html.tt

This method is obviously not as flexible as sshfs, but if you only need to edit 1 or 2 files on the remote server, this command will be more flexible, and you can also do this on Windows:

Copy code

The code is as follows:

:help netrw-problems

14. Use local app to connect to remote server

Sometimes there may be some services, such as databases or web servers, which run on remote servers, but it will be very useful if you can connect them directly from local programs. To do this, you need to use port forwarding. For example, if your server runs Postgres (and only allows local access), Then you can add the following to your SSH configuration:

Copy code

The code is as follows:

Host db
LocalForward 5433 localhost:5432

Now, when you connect to your ssh server, it will open a port 5433 on your local computer (I randomly selected it), and forward all data sent to this port to port 5432 of the server (the default port of Postgres). Then, as long as you establish a connection with the server, you can access the server’s Postgres through port 5433.

Copy code

The code is as follows:

$ ssh db

Now open another window, and you can connect your Postgres database locally through the following command:

Copy code

The code is as follows:

$ psql -h localhost -p 5443 orders

This command is especially useful if you want to use a graphical Postgres client that the server does not support:

Copy code

The code is as follows:

$ pgadmin3 &

Or you have a background web server. You don’t want to access it directly through the Internet. You can also access it through port forwarding:

Copy code

The code is as follows:

Host api
LocalForward 8080 localhost:80

Now connect to the server:

Copy code

The code is as follows:

$ ssh api

Then point your browser to the port number you selected:

Copy code

The code is as follows:

$ firefox http://localhost:8080/

15. Reduce delays

If every time you connect to the server means you have to wait for dozens of seconds and do nothing, you may want to try adding the following to your SSH configuration:

Copy code

The code is as follows:

GSSAPIAuthentication no

If this command is valid, you should notify your system administrator to disable this option on the server so that others don’t have to add this configuration to their local configuration.

16. Accelerated connection

If you ensure that the connection between you and a server is secure (for example, through the company intranet), you can make the data transmission faster by selecting the arcfourncryption algorithm:

Copy code

The code is as follows:

Host dev
Ciphers arcfour

Note that this acceleration is at the expense of “encryption” of data, so if you are connected to a server on the Internet, do not turn on this option, and ensure that you are connected through VPN.

Let’s go!

Recommended Today

SQL exercise 20 – Modeling & Reporting

This blog is used to review and sort out the common topic modeling architecture, analysis oriented architecture and integration topic reports in data warehouse. I have uploaded these reports to GitHub. If you are interested, you can have a lookAddress:https://github.com/nino-laiqiu/TiTanI recorded a relatively complete development process in my hexo blog deployed on GitHub. You can […]