通过 SSH 执行命令
查看远程主机是否运行进程 httpd:
$ ssh user@host 'ps ax | grep [h]ttpd'
Demo
-p - 指定连接端口
Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file.
Example
SSH 默认端口是 22。大多现代的 Linux 系统 22 端口是开放的。如果你运行 ssh 程序而没有指定端口号,它直接就是通过 22 端口发送请求。
一些系统管理员会改变 SSH 的默认端口号。让我们试试,现在端口号是 1234。要连上主机,就要使用 **-p** 选项,后面再加上 SSH 端口
$ ssh 192.168.1.1 -p 1234
要改变端口号,我们需要修改 /etc/ssh/ssh_config 文件,找到此行:
Port 22
把它换成其他端口号,比如上面的 1234. 然后重启 SSH 服务。
-D - 绑定本地端口
-D [bind_address:]port
Specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.
Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also bespecified in the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets.Only the superuser can forward privileged ports. By default, the local port isbound in accordance with the GatewayPorts setting. However, an explicitbind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound forlocal use only, while an empty address or * indicates that the port should beavailable from all interfaces.
Example
既然 SSH 可以传送数据,那么我们可以让那些不加密的网络连接,全部改走 SSH 连接,从而提高安全性。
假定我们要让 8080 端口的数据,都通过 SSH 传向远程主机,命令就这样写:
$ ssh -D 8080 user@host
SSH 会建立一个 socket,去监听本地的 8080 端口。一旦有数据传向那个端口,就自动把它转移到 SSH 连接上面,发往远程主机。可以想象,如果 8080 端口原来是一个不加密端口,现在将变成一个加密端口。
-C - 进行数据压缩
Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11, TCP and UNIX-domain connections). The compression algorithm is the same used by gzip. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.
-NT - 不执行远程命令,用于转发端口
Do not execute a remote command. This is useful for just forwarding ports.
-NT - 这个 SSH 连接只用来传数据,不执行远程操作
-N:只连接远程主机,不打开远程 shell-T:表示不为这个连接分配 TTY
这个两个参数可以放在一起用,代表这个 SSH 连接只用来传数据,不执行远程操作。
$ ssh -NT -D 8080 host
-L - 正向代理(Forward Proxy)- 将本地机器(即客户机)的某个端口转发到远端指定机器的指定端口
-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be forwarded to the given host and port, or Unix socket, on the remote side.
This works by allocating a socket to listen to either a TCP port on the local side, optionally bound to the specified bind_address, or to a Unix socket.
Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either host port hostport, or the Unix socket remote_socket, from the remote machine.
Port forwardings can also be specified in the configuration file. Only the superuser can forward privileged ports. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound for local use only, while an empty address or * indicates that the port should be available from all interfaces.
-L - 通过跳板机(Jumping Server)进行本地端口转发到远端主机
Example 1
假定 host1 是本地主机,host2 是远程主机。由于种种原因,这两台主机之间无法连通。但是,另外还有一台 host3,可以同时连通前面两台主机。因此,很自然的想法就是,通过 host3,将 host1 连上 host2。
我们在 host1 执行下面的命令:
$ ssh -L 2121:host2:21 host3
命令中的 L 参数一共接受三个值,分别是 "本地端口:目标主机:目标主机端口",它们之间用冒号分隔。这条命令的意思,就是指定 SSH 绑定本地端口 2121,然后指定 host3 将所有的数据,转发到目标主机 host2 的 21 端口(假定 host2 运行 FTP,默认端口为 21)。
这样一来,我们只要连接 host1 的 2121 端口,就等于连上了 host2 的 21 端口。
$ ftp localhost:2121
“本地端口转发 "使得 host1 和 host3 之间仿佛形成一个数据传输的秘密隧道,因此又被称为"SSH 隧道”。
Example 2
另一个例子是通过 host3 的端口转发,ssh 登录 host2。
$ ssh -L 9001:host2:22 host3
这时,只要 ssh 登录本机的 9001 端口,就相当于登录 host2 了。
$ ssh -p 9001 localhost
上面的 - p 参数表示指定登录端口。
-R - 反向代理(Reverse Proxy)- 通过跳板机(Jumping Server)进行远端端口转发
-R [bind_address:]port:host:hostport
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side.
This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address `*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server’s GatewayPorts option is enabled (see sshd_config(5)).
If the port argument is `0’, the listen port will be dynamically allocated on the server and reported to the client at run time. When used together with -O forward the allocated port will be printed to the standard output.
Example
还是接着看上面那个例子,host1 与 host2 之间无法连通,因而必须借助 host3 转发。
但是,特殊情况出现了,host3 是一台内网机器(没有公网 IP),即跳板机没有公网 IP,它可以连接外网的 host1(有公网 IP);但是反过来就不行了,即外网的 host1 连不上内网的 host3。这时,“本地端口转发 " 就不能用了,怎么办?
解决办法是,既然 host3 可以连 host1,那么就从 host3 上建立与 host1 的 SSH 连接,然后在 host1 上使用这条连接就可以了。
我们在 host3 执行下面的命令:
$ ssh -R 2121:host2:21 host1
R 参数也是接受三个值,分别是远程主机端口:目标主机:目标主机端口。
这条命令的意思,就是 host3 让 host1 监听它自己的 2121 端口,然后在 host1 和 host3 之间建立一个 tunnel。而发送到 host1 的 2121 端口的数据,会被发送到 host3,host3 由将数据 forward 到 host2 的 21 端口。
由于对于 host3 来说,host1 是远程主机,所以这种情况就被称为 " 远程端口绑定”。
绑定之后,我们在 host1 就可以连接 host2 了:
$ ftp localhost:2121
这里必须指出,“远程端口转发 " 的前提条件是,host1 和 host3 两台主机都有 sshD 和 ssh 客户端。
-f - 在后台执行
Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background. This implies -n. The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm.
Example
f 参数,表示 SSH 连接成功后,转入后台运行。这样一来,你就可以在不中断 SSH 连接的情况下,在本地 shell 中执行其他操作。
$ ssh -f -D 8080 host
要关闭这个后台连接,就只有用 kill 命令去杀掉进程。
-v - Verbose Mode
Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems.
Multiple -v options increase the verbosity.
The maximum is 3.
-o option
Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. For full details of the options listed below, and their possible values, see ssh_config(5).
-l login_name - 指定用户名
Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file.
Example
默认的,ssh 会尝试用当前用户作为用户名来连接。因为是在当前用户客户机上使用 ssh 客户端。
$ ssh -l sw 192.168.1.1
# 等价于
$ ssh sw@192.168.1.1
-i identity_file - 指定私钥
Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the CertificateFile directive, ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
-W host:port - 指定跳板机
Requests that standard input and output on the client be forwarded to host on port over the secure channel. Implies -N, -T, ExitOnForwardFailure and ClearAllForwardings, though these can be overridden in the configuration file or using -o command line options.
Reference
- man ssh
- https://zh.wikipedia.org/wiki/Secure_Shell
- https://en.wikipedia.org/wiki/Ssh_(Secure_Shell)
- 如何使用 SSH 登录远程服务器 - https://blog.csdn.net/u011054333/article/details/52443061
- SSH 原理与运用(一):远程登录 - http://www.ruanyifeng.com/blog/2011/12/zen_and_the_art_of_motorcycle_maintenance.html
- SSH 原理与运用(二):远程操作与端口 - http://www.ruanyifeng.com/blog/2011/12/ssh_port_forwarding.html
- https://www.jianshu.com/p/ffe227aa13fb