通过 SSH 执行命令
查看远程主机是否运行进程httpd:
$ ssh user@host 'ps ax | grep [h]ttpd'
Demo
-p - 指定连接端口
Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file.
Example
SSH默认端口是22。大多现代的Linux系统22端口是开放的。如果你运行ssh程序而没有指定端口号,它直接就是通过22端口发送请求。
一些系统管理员会改变SSH的默认端口号。让我们试试,现在端口号是1234。要连上主机,就要使用**-p**选项,后面再加上SSH端口
$ ssh 192.168.1.1 -p 1234
要改变端口号,我们需要修改/etc/ssh/ssh_config文件,找到此行:
Port 22
把它换成其他端口号,比如上面的1234.然后重启SSH服务。
-D - 绑定本地端口
-D [bind_address:]port
Specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.
Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also bespecified in the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets.Only the superuser can forward privileged ports. By default, the local port isbound in accordance with the GatewayPorts setting. However, an explicitbind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound forlocal use only, while an empty address or * indicates that the port should beavailable from all interfaces.
Example
既然SSH可以传送数据,那么我们可以让那些不加密的网络连接,全部改走SSH连接,从而提高安全性。
假定我们要让8080端口的数据,都通过SSH传向远程主机,命令就这样写:
$ ssh -D 8080 user@host
SSH会建立一个socket,去监听本地的8080端口。一旦有数据传向那个端口,就自动把它转移到SSH连接上面,发往远程主机。可以想象,如果8080端口原来是一个不加密端口,现在将变成一个加密端口。
-C - 进行数据压缩
Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11, TCP and UNIX-domain connections). The compression algorithm is the same used by gzip. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.
-NT - 不执行远程命令,用于转发端口
Do not execute a remote command. This is useful for just forwarding ports.
-NT - 这个SSH连接只用来传数据,不执行远程操作
-N:只连接远程主机,不打开远程shell-T:表示不为这个连接分配TTY
这个两个参数可以放在一起用,代表这个SSH连接只用来传数据,不执行远程操作。
$ ssh -NT -D 8080 host
-L - 正向代理(Forward Proxy)- 将本地机器(即客户机)的某个端口转发到远端指定机器的指定端口
-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be forwarded to the given host and port, or Unix socket, on the remote side.
This works by allocating a socket to listen to either a TCP port on the local side, optionally bound to the specified bind_address, or to a Unix socket.
Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either host port hostport, or the Unix socket remote_socket, from the remote machine.
Port forwardings can also be specified in the configuration file. Only the superuser can forward privileged ports. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound for local use only, while an empty address or * indicates that the port should be available from all interfaces.
-L - 通过跳板机(Jumping Server)进行本地端口转发到远端主机
Example 1
假定host1是本地主机,host2是远程主机。由于种种原因,这两台主机之间无法连通。但是,另外还有一台host3,可以同时连通前面两台主机。因此,很自然的想法就是,通过host3,将host1连上host2。
我们在host1执行下面的命令:
$ ssh -L 2121:host2:21 host3
命令中的L参数一共接受三个值,分别是"本地端口:目标主机:目标主机端口",它们之间用冒号分隔。这条命令的意思,就是指定SSH绑定本地端口2121,然后指定host3将所有的数据,转发到目标主机host2的21端口(假定host2运行FTP,默认端口为21)。
这样一来,我们只要连接host1的2121端口,就等于连上了host2的21端口。
$ ftp localhost:2121
“本地端口转发"使得host1和host3之间仿佛形成一个数据传输的秘密隧道,因此又被称为"SSH隧道”。
Example 2
另一个例子是通过host3的端口转发,ssh登录host2。
$ ssh -L 9001:host2:22 host3
这时,只要ssh登录本机的9001端口,就相当于登录host2了。
$ ssh -p 9001 localhost
上面的-p参数表示指定登录端口。
-R - 反向代理(Reverse Proxy)- 通过跳板机(Jumping Server)进行远端端口转发
-R [bind_address:]port:host:hostport
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side.
This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address `*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server’s GatewayPorts option is enabled (see sshd_config(5)).
If the port argument is `0’, the listen port will be dynamically allocated on the server and reported to the client at run time. When used together with -O forward the allocated port will be printed to the standard output.
Example
还是接着看上面那个例子,host1与host2之间无法连通,因而必须借助host3转发。
但是,特殊情况出现了,host3是一台内网机器(没有公网IP),即跳板机没有公网IP,它可以连接外网的host1(有公网IP);但是反过来就不行了,即外网的host1连不上内网的host3。这时,“本地端口转发"就不能用了,怎么办?
解决办法是,既然host3可以连host1,那么就从host3上建立与host1的SSH连接,然后在host1上使用这条连接就可以了。
我们在host3执行下面的命令:
$ ssh -R 2121:host2:21 host1
R参数也是接受三个值,分别是"远程主机端口:目标主机:目标主机端口”。
这条命令的意思,就是让host1监听它自己的2121端口,然后将所有数据经由host3,转发到host2的21端口。由于对于host3来说,host1是远程主机,所以这种情况就被称为"远程端口绑定"。
绑定之后,我们在host1就可以连接host2了:
$ ftp localhost:2121
这里必须指出,“远程端口转发"的前提条件是,host1和host3两台主机都有sshD和ssh客户端。
-f - 在后台执行
Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background. This implies -n. The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm.
Example
f参数,表示SSH连接成功后,转入后台运行。这样一来,你就可以在不中断SSH连接的情况下,在本地shell中执行其他操作。
$ ssh -f -D 8080 host
要关闭这个后台连接,就只有用kill命令去杀掉进程。
-v - Verbose Mode
Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems.
Multiple -v options increase the verbosity.
The maximum is 3.
-o option
Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. For full details of the options listed below, and their possible values, see ssh_config(5).
-l login_name - 指定用户名
Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file.
Example
默认的,ssh会尝试用当前用户作为用户名来连接。因为是在当前用户客户机上使用ssh客户端。
$ ssh -l sw 192.168.1.1
# 等价于
$ ssh sw@192.168.1.1
-i identity_file - 指定私钥
Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the CertificateFile directive, ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
-W host:port - 指定跳板机
Requests that standard input and output on the client be forwarded to host on port over the secure channel. Implies -N, -T, ExitOnForwardFailure and ClearAllForwardings, though these can be overridden in the configuration file or using -o command line options.
Reference
- man ssh
- https://zh.wikipedia.org/wiki/Secure_Shell
- https://en.wikipedia.org/wiki/Ssh_(Secure_Shell)
- 如何使用SSH登录远程服务器 - https://blog.csdn.net/u011054333/article/details/52443061
- SSH原理与运用(一):远程登录 - http://www.ruanyifeng.com/blog/2011/12/zen_and_the_art_of_motorcycle_maintenance.html
- SSH原理与运用(二):远程操作与端口 - http://www.ruanyifeng.com/blog/2011/12/ssh_port_forwarding.html
- https://www.jianshu.com/p/ffe227aa13fb