Back to Details

ssh

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SSH Skill

SSH技能

This skill provides capabilities for establishing and managing SSH connections to remote machines.
本技能提供建立和管理与远程机器SSH连接的功能。

Capabilities

功能特性

  • Establish SSH connections using password or key-based authentication
  • Generate and manage SSH key pairs
  • Configure SSH for easier connections
  • Execute commands on remote machines
  • Transfer files between local and remote machines
  • Manage SSH configurations and known hosts
  • 使用密码或基于密钥的认证方式建立SSH连接
  • 生成并管理SSH密钥对
  • 配置SSH以简化连接流程
  • 在远程机器上执行命令
  • 在本地与远程机器之间传输文件
  • 管理SSH配置与已知主机列表

Authentication Methods

认证方式

Password Authentication

密码认证

bash
ssh username@hostname
When prompted, you should ask the user for their password or a private key.
bash
ssh username@hostname
当出现提示时,应向用户索要密码或私钥。

Key-Based Authentication

基于密钥的认证

Generate a new SSH key pair:
bash
ssh-keygen -t ed25519 -f ~/.ssh/key_name -C "comment" -N ""
Copy the public key to the remote server:
bash
ssh-copy-id -i ~/.ssh/key_name.pub username@hostname
Connect using the private key:
bash
ssh -i ~/.ssh/key_name username@hostname
生成新的SSH密钥对:
bash
ssh-keygen -t ed25519 -f ~/.ssh/key_name -C "comment" -N ""
将公钥复制到远程服务器:
bash
ssh-copy-id -i ~/.ssh/key_name.pub username@hostname
使用私钥连接:
bash
ssh -i ~/.ssh/key_name username@hostname

SSH Configuration

SSH配置

Create or edit the SSH config file for easier connections:
bash
mkdir -p ~/.ssh
cat > ~/.ssh/config << 'EOF'
Host alias
    HostName hostname_or_ip
    User username
    IdentityFile ~/.ssh/key_name
    Port 22
    ServerAliveInterval 60
EOF
chmod 600 ~/.ssh/config
Then connect using the alias:
bash
ssh alias
创建或编辑SSH配置文件以简化连接:
bash
mkdir -p ~/.ssh
cat > ~/.ssh/config << 'EOF'
Host alias
    HostName hostname_or_ip
    User username
    IdentityFile ~/.ssh/key_name
    Port 22
    ServerAliveInterval 60
EOF
chmod 600 ~/.ssh/config
之后即可使用别名连接:
bash
ssh alias

Common SSH Options

常用SSH选项

  • -p PORT
    : Connect to a specific port
  • -X
    : Enable X11 forwarding
  • -L local_port:remote_host:remote_port
    : Set up local port forwarding
  • -R remote_port:local_host:local_port
    : Set up remote port forwarding
  • -N
    : Do not execute a remote command (useful for port forwarding)
  • -f
    : Run in background
  • -v
    : Verbose mode (add more v's for increased verbosity)
  • -p PORT
    : 连接到指定端口
  • -X
    : 启用X11转发
  • -L local_port:remote_host:remote_port
    : 设置本地端口转发
  • -R remote_port:local_host:local_port
    : 设置远程端口转发
  • -N
    : 不执行远程命令(适用于端口转发场景)
  • -f
    : 在后台运行
  • -v
    : 详细模式(添加更多v可提高日志详细程度)

File Transfer with SCP

使用SCP进行文件传输

Copy a file to the remote server:
bash
scp /path/to/local/file username@hostname:/path/to/remote/directory/
Copy a file from the remote server:
bash
scp username@hostname:/path/to/remote/file /path/to/local/directory/
Copy a directory recursively:
bash
scp -r /path/to/local/directory username@hostname:/path/to/remote/directory/
将文件复制到远程服务器:
bash
scp /path/to/local/file username@hostname:/path/to/remote/directory/
从远程服务器复制文件:
bash
scp username@hostname:/path/to/remote/file /path/to/local/directory/
递归复制目录:
bash
scp -r /path/to/local/directory username@hostname:/path/to/remote/directory/

SSH Agent

SSH代理

Start the SSH agent:
bash
eval "$(ssh-agent -s)"
Add a key to the agent:
bash
ssh-add ~/.ssh/key_name
启动SSH代理:
bash
eval "$(ssh-agent -s)"
向代理中添加密钥:
bash
ssh-add ~/.ssh/key_name

Troubleshooting

故障排查

  • Check SSH service status on remote: 
    systemctl status sshd
  • Verify SSH port is open: 
    nc -zv hostname 22
  • Debug connection issues: 
    ssh -vvv username@hostname
  • Check permissions: SSH private keys should have 600 permissions (
    chmod 600 ~/.ssh/key_name
    )
  • Verify known_hosts: If host key changed, remove the old entry with 
    ssh-keygen -R hostname
  • 检查远程SSH服务状态:
    systemctl status sshd
  • 验证SSH端口是否开放:
    nc -zv hostname 22
  • 调试连接问题:
    ssh -vvv username@hostname
  • 检查权限:SSH私钥应设置600权限(
    chmod 600 ~/.ssh/key_name
  • 验证已知主机:如果主机密钥变更,使用
    ssh-keygen -R hostname
    移除旧条目

Secure SSH Key Management

安全的SSH密钥管理

Local Storage with Proper Permissions

带正确权限的本地存储

The most basic approach is to ensure proper file permissions:
bash
undefined
最基础的方法是确保文件权限正确:
bash
undefined

Set correct permissions for private keys

为私钥设置正确权限

chmod 600 ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519

Set correct permissions for public keys

为公钥设置正确权限

chmod 644 ~/.ssh/id_ed25519.pub
chmod 644 ~/.ssh/id_ed25519.pub

Set correct permissions for SSH directory

为SSH目录设置正确权限

chmod 700 ~/.ssh
undefined
chmod 700 ~/.ssh
undefined