Back to Details

ssh

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SSH Skill

SSH Skill

定位

Overview

这是一个轻量 SSH 操作网关。它不维护独立服务器数据库,默认只读取和写入标准 OpenSSH 配置:
text
~/.ssh/config
核心原则:
  • 使用 
    Host
    别名标识服务器,不直接记忆 IP/密码。
  • 优先密钥认证和 OpenSSH 原生命令。
  • 通过本 skill 的 
    scripts/
    脚本执行 SSH、SCP、配置检查和隧道操作。
  • 写入 
    ~/.ssh/config
    前必须自动备份。
  • 不鼓励密码落盘;如必须使用密码,优先让 OpenSSH 交互提示或由用户自行配置安全凭据。
This is a lightweight SSH operation gateway. It does not maintain an independent server database and only reads and writes the standard OpenSSH configuration by default:
text
~/.ssh/config
Core Principles:
  • Use 
    Host
    aliases to identify servers, do not directly memorize IPs/passwords.
  • Prioritize key authentication and native OpenSSH commands.
  • Execute SSH, SCP, configuration checks, and tunnel operations through the 
    scripts/
    scripts of this skill.
  • Automatic backup is required before writing to 
    ~/.ssh/config
    .
  • Storing passwords locally is discouraged; if passwords must be used, prioritize letting OpenSSH prompt interactively or having users configure secure credentials on their own.

何时触发

Trigger Scenarios

当用户提到以下任务时使用本 skill:
  • SSH、远程服务器、服务器 IP/主机名、
    user@host
  • 登录、执行远程命令、检查服务器状态
  • 上传、下载、部署、迁移文件
  • 跳板机、
    ProxyJump
    、内网访问
  • 隧道、端口转发、数据库连接
  • 配置 
    ~/.ssh/config
    、新增/查找服务器别名
不要用于本机 
localhost
、当前目录、本地文件操作或普通网络概念解释。
Use this skill when users mention the following tasks:
  • SSH, remote servers, server IP/hostname, 
    user@host
  • Login, execute remote commands, check server status
  • Upload, download, deploy, migrate files
  • Bastion host, 
    ProxyJump
    , intranet access
  • Tunnel, port forwarding, database connection
  • Configure 
    ~/.ssh/config
    , add/search server aliases
Do not use for local 
localhost
, current directory, local file operations, or general network concept explanations.

脚本入口

Script Entry

优先从当前 skill 目录调用脚本。脚本目录为:
text
scripts/
命令示例均以当前 skill 目录为基准。
Prioritize calling scripts from the current skill directory. The script directory is:
text
scripts/
Command examples are all based on the current skill directory.

常用命令

Common Commands

ssh_exec.py
ssh_transfer.py
ssh_tunnel.py
均支持:
bash
--accept-new-host-key
--known-hosts-file <临时known_hosts路径>
首次连接已确认可信的新开发板时,可显式追加 
--accept-new-host-key
。测试时如不想写入全局 
known_hosts
,可追加 
--known-hosts-file <临时known_hosts路径>
ssh_exec.py
, 
ssh_transfer.py
, 
ssh_tunnel.py
all support:
bash
--accept-new-host-key
--known-hosts-file <temporary known_hosts path>
When connecting to a trusted new development board for the first time, you can explicitly append 
--accept-new-host-key
. If you don't want to write to the global 
known_hosts
during testing, you can append 
--known-hosts-file <temporary known_hosts path>
.

列出服务器

List Servers

bash
python scripts/ssh_config.py list
bash
python scripts/ssh_config.py list

查找服务器

Search for Servers

bash
python scripts/ssh_config.py find <关键词>
bash
python scripts/ssh_config.py find <keyword>

验证别名解析

Verify Alias Resolution

bash
python scripts/ssh_config.py show <别名>
bash
python scripts/ssh_config.py show <alias>

新增服务器

Add Server

写入前脚本会自动备份 
~/.ssh/config
bash
python scripts/ssh_config.py add <别名> --host <IP或域名> --user <用户> --port 22 --key ~/.ssh/id_ed25519
可选:
bash
--description "说明"
--tags tag1,tag2
--location "位置"
--proxy-jump <跳板机别名>
The script will automatically back up 
~/.ssh/config
before writing:
bash
python scripts/ssh_config.py add <alias> --host <IP or domain> --user <user> --port 22 --key ~/.ssh/id_ed25519
Optional:
bash
--description "Description"
--tags tag1,tag2
--location "Location"
--proxy-jump <bastion host alias>

执行远程命令

Execute Remote Command

bash
python scripts/ssh_exec.py <别名> "命令" --timeout 30
脚本输出 JSON,包含 
success
exit_code
stdout
stderr
bash
python scripts/ssh_exec.py <alias> "command" --timeout 30
The script outputs JSON, including 
success
, 
exit_code
, 
stdout
, 
stderr
.

上传文件

Upload Files

bash
python scripts/ssh_transfer.py upload <别名> "<本地路径>" "<远程路径>"
bash
python scripts/ssh_transfer.py upload <alias> "<local path>" "<remote path>"

下载文件

Download Files

bash
python scripts/ssh_transfer.py download <别名> "<远程路径>" "<本地路径>"
bash
python scripts/ssh_transfer.py download <alias> "<remote path>" "<local path>"

建立本地端口转发

Establish Local Port Forwarding

bash
python scripts/ssh_tunnel.py <别名> --local-port <本地端口> --remote-host 127.0.0.1 --remote-port <远程端口>
隧道命令会前台运行。需要后台长期保持时,先向用户说明影响和停止方式。
bash
python scripts/ssh_tunnel.py <alias> --local-port <local port> --remote-host 127.0.0.1 --remote-port <remote port>
The tunnel command runs in the foreground. If long-term background operation is needed, explain the impact and stop method to the user first.

配置格式

Configuration Format

推荐配置:
ssh
undefined
Recommended Configuration:
ssh
undefined

description: 开发板

description: Development Board

tags: embedded,linux

tags: embedded,linux

location: lab

location: lab

Host 1380-P904 HostName 192.168.137.76 User root Port 22 IdentityFile ~/.ssh/id_ed25519

跳板机:

```ssh-config
Host bastion
    HostName bastion.example.com
    User root
    IdentityFile ~/.ssh/id_ed25519

Host internal-dev
    HostName 10.0.1.20
    User root
    IdentityFile ~/.ssh/id_ed25519
    ProxyJump bastion
允许保留注释元数据:
  • description
  • tags
  • location
不要在配置中写入真实密码、Token、私钥内容或其他敏感信息。
Host 1380-P904 HostName 192.168.137.76 User root Port 22 IdentityFile ~/.ssh/id_ed25519

Bastion Host:

```ssh-config
Host bastion
    HostName bastion.example.com
    User root
    IdentityFile ~/.ssh/id_ed25519

Host internal-dev
    HostName 10.0.1.20
    User root
    IdentityFile ~/.ssh/id_ed25519
    ProxyJump bastion
Comment metadata is allowed to be retained:
  • description
  • tags
  • location
Do not write real passwords, Tokens, private key contents, or other sensitive information in the configuration.

操作规则

Operation Rules

  • 查询类任务可以直接执行。
  • 新增或修改 
    ~/.ssh/config
    前,脚本必须创建备份。
  • 删除配置、覆盖远程文件、部署、批量执行、端口转发等有风险操作,先向用户确认。
  • 不直接运行裸 
    ssh
    /
    scp
    ,优先使用本 skill 的脚本;只有在脚本不可用或用户明确请求时,才说明原因并使用回退命令。
  • 不修改 Git、系统服务、防火墙、远程生产环境配置,除非用户明确要求。
  • 执行远程命令时优先只读检查;涉及重启、删除、覆盖、安装、升级时先确认。
  • 输出给用户时说明目标别名、实际 HostName、执行命令、关键结果和失败原因。
  • Query tasks can be executed directly.
  • The script must create a backup before adding or modifying 
    ~/.ssh/config
    .
  • For risky operations such as deleting configurations, overwriting remote files, deployment, batch execution, port forwarding, confirm with the user first.
  • Do not directly run bare 
    ssh
    /
    scp
    ; prioritize using the scripts of this skill; only explain the reason and use fallback commands when the scripts are unavailable or explicitly requested by the user.
  • Do not modify Git, system services, firewalls, or remote production environment configurations unless explicitly requested by the user.
  • Prioritize read-only checks when executing remote commands; confirm first when involving restart, deletion, overwriting, installation, or upgrade.
  • When outputting to the user, explain the target alias, actual HostName, executed command, key results, and failure reasons.

故障排查

Troubleshooting

优先检查:
  1. python scripts/ssh_config.py show <别名>
  2. ssh -G <别名>
    是否能解析 HostName/User/Port
  3. 密钥文件是否存在,权限是否合适
  4. ProxyJump
    别名是否也在 
    ~/.ssh/config
  5. 网络是否可达,端口是否开放
  6. 首次连接是否需要显式追加 
    --accept-new-host-key
如果脚本失败,保留真实 stderr,不要吞掉错误。
Prioritize checking:
  1. python scripts/ssh_config.py show <alias>
  2. Whether 
    ssh -G <alias>
    can resolve HostName/User/Port
  3. Whether the key file exists and has appropriate permissions
  4. Whether the 
    ProxyJump
    alias is also in 
    ~/.ssh/config
  5. Whether the network is reachable and the port is open
  6. Whether 
    --accept-new-host-key
    needs to be explicitly appended for the first connection
If the script fails, retain the actual stderr and do not suppress errors.