ssh
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSSH Skill
SSH 实用技能
Use SSH for secure remote access, file transfers, and tunneling.
使用SSH实现安全远程访问、文件传输与隧道功能。
Basic Connection
基础连接
Connect to server:
bash
ssh user@hostnameConnect on specific port:
bash
ssh -p 2222 user@hostnameConnect with specific identity:
bash
ssh -i ~/.ssh/my_key user@hostname连接到服务器:
bash
ssh user@hostname指定端口连接:
bash
ssh -p 2222 user@hostname使用特定身份文件连接:
bash
ssh -i ~/.ssh/my_key user@hostnameSSH Config
SSH 配置
Config file location:
~/.ssh/configExample config entry:
Host myserver
HostName 192.168.1.100
User deploy
Port 22
IdentityFile ~/.ssh/myserver_key
ForwardAgent yesThen connect with just:
bash
ssh myserver配置文件位置:
~/.ssh/config配置示例:
Host myserver
HostName 192.168.1.100
User deploy
Port 22
IdentityFile ~/.ssh/myserver_key
ForwardAgent yes之后只需使用以下命令连接:
bash
ssh myserverRunning Remote Commands
执行远程命令
Execute single command:
bash
ssh user@host "ls -la /var/log"Execute multiple commands:
bash
ssh user@host "cd /app && git pull && pm2 restart all"Run with pseudo-terminal (for interactive):
bash
ssh -t user@host "htop"执行单个命令:
bash
ssh user@host "ls -la /var/log"执行多个命令:
bash
ssh user@host "cd /app && git pull && pm2 restart all"使用伪终端执行(用于交互式操作):
bash
ssh -t user@host "htop"File Transfer with SCP
使用SCP传输文件
Copy file to remote:
bash
scp local.txt user@host:/remote/path/Copy file from remote:
bash
scp user@host:/remote/file.txt ./local/Copy directory recursively:
bash
scp -r ./local_dir user@host:/remote/path/将文件复制到远程服务器:
bash
scp local.txt user@host:/remote/path/从远程服务器复制文件:
bash
scp user@host:/remote/file.txt ./local/递归复制目录:
bash
scp -r ./local_dir user@host:/remote/path/File Transfer with rsync (preferred)
使用rsync传输文件(推荐)
Sync directory to remote:
bash
rsync -avz ./local/ user@host:/remote/path/Sync from remote:
bash
rsync -avz user@host:/remote/path/ ./local/With progress and compression:
bash
rsync -avzP ./local/ user@host:/remote/path/Dry run first:
bash
rsync -avzn ./local/ user@host:/remote/path/将目录同步到远程服务器:
bash
rsync -avz ./local/ user@host:/remote/path/从远程服务器同步目录:
bash
rsync -avz user@host:/remote/path/ ./local/显示进度并启用压缩:
bash
rsync -avzP ./local/ user@host:/remote/path/先执行 dry run(模拟运行):
bash
rsync -avzn ./local/ user@host:/remote/path/Port Forwarding (Tunnels)
端口转发(隧道)
Local forward (access remote service locally):
bash
ssh -L 8080:localhost:80 user@host本地转发(在本地访问远程服务):
bash
ssh -L 8080:localhost:80 user@hostNow localhost:8080 connects to host's port 80
现在通过localhost:8080可连接到服务器的80端口
Local forward to another host:
```bash
ssh -L 5432:db-server:5432 user@jumphost
本地转发到其他主机:
```bash
ssh -L 5432:db-server:5432 user@jumphostAccess db-server:5432 via localhost:5432
通过localhost:5432访问db-server:5432
Remote forward (expose local service to remote):
```bash
ssh -R 9000:localhost:3000 user@host
远程转发(将本地服务暴露给远程):
```bash
ssh -R 9000:localhost:3000 user@hostRemote's port 9000 connects to your local 3000
远程服务器的9000端口可连接到本地的3000端口
Dynamic SOCKS proxy:
```bash
ssh -D 1080 user@host
动态SOCKS代理:
```bash
ssh -D 1080 user@hostUse localhost:1080 as SOCKS5 proxy
使用localhost:1080作为SOCKS5代理
undefinedundefinedJump Hosts / Bastion
跳转主机/堡垒机
Connect through jump host:
bash
ssh -J jumphost user@internal-serverMultiple jumps:
bash
ssh -J jump1,jump2 user@internal-serverIn config file:
Host internal
HostName 10.0.0.50
User deploy
ProxyJump bastion通过跳转主机连接:
bash
ssh -J jumphost user@internal-server多跳连接:
bash
ssh -J jump1,jump2 user@internal-server在配置文件中设置:
Host internal
HostName 10.0.0.50
User deploy
ProxyJump bastionKey Management
密钥管理
Generate new key (Ed25519, recommended):
bash
ssh-keygen -t ed25519 -C "your_email@example.com"Generate RSA key (legacy compatibility):
bash
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"Copy public key to server:
bash
ssh-copy-id user@hostCopy specific key:
bash
ssh-copy-id -i ~/.ssh/mykey.pub user@host生成新密钥(推荐使用Ed25519):
bash
ssh-keygen -t ed25519 -C "your_email@example.com"生成RSA密钥(兼容旧系统):
bash
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"将公钥复制到服务器:
bash
ssh-copy-id user@host复制特定公钥:
bash
ssh-copy-id -i ~/.ssh/mykey.pub user@hostSSH Agent
SSH Agent
Start agent:
bash
eval "$(ssh-agent -s)"Add key to agent:
bash
ssh-add ~/.ssh/id_ed25519Add with macOS keychain:
bash
ssh-add --apple-use-keychain ~/.ssh/id_ed25519List loaded keys:
bash
ssh-add -l启动Agent:
bash
eval "$(ssh-agent -s)"将密钥添加到Agent:
bash
ssh-add ~/.ssh/id_ed25519添加到macOS钥匙串:
bash
ssh-add --apple-use-keychain ~/.ssh/id_ed25519列出已加载的密钥:
bash
ssh-add -lMultiplexing (Connection Sharing)
多路复用(连接共享)
In ~/.ssh/config:
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600Create socket directory:
bash
mkdir -p ~/.ssh/sockets在~/.ssh/config中添加:
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600创建套接字目录:
bash
mkdir -p ~/.ssh/socketsKnown Hosts
已知主机
Remove old host key:
bash
ssh-keygen -R hostnameScan and add host key:
bash
ssh-keyscan hostname >> ~/.ssh/known_hosts移除旧主机密钥:
bash
ssh-keygen -R hostname扫描并添加主机密钥:
bash
ssh-keyscan hostname >> ~/.ssh/known_hostsDebugging
调试
Verbose output:
bash
ssh -v user@hostVery verbose:
bash
ssh -vv user@hostMaximum verbosity:
bash
ssh -vvv user@host详细输出:
bash
ssh -v user@host更详细输出:
bash
ssh -vv user@host最详细输出:
bash
ssh -vvv user@hostSecurity Tips
安全建议
- Use Ed25519 keys (faster, more secure than RSA)
- Set on servers
PasswordAuthentication no - Use on servers to block brute force
fail2ban - Keep keys encrypted with passphrases
- Use to avoid typing passphrase repeatedly
ssh-agent - Restrict key usage with in authorized_keys
command=
- 使用Ed25519密钥(比RSA更快、更安全)
- 在服务器上设置
PasswordAuthentication no - 在服务器上使用阻止暴力破解
fail2ban - 为密钥设置密码短语进行加密
- 使用避免重复输入密码短语
ssh-agent - 在authorized_keys中使用限制密钥用途
command=