25 SSH commands that must be remembered. Have you used them?

Source: Internet
Author: User
Tags rsync

Editor's Guide: Any system administrator or webmaster is familiar with SSH. This great technology (51cto system channel just expressed thanks to it on Thanksgiving Day) this frees us from having to go to the server room to manage servers, or worry about content theft when remotely connecting to the server. This article will introduce 25 best SSH commands. If you haven't used them, record them.

OpenSSH is a free version of the SSH connection tool. Telnet, rlogin and FTP users may not realize that their passwords transmitted over the Internet are unencrypted, but SSH is encrypted. OpenSSH encrypts all communications (including passwords ), effectively eliminates eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides Security tunneling and multiple authentication methods, supporting all versions of the SSH protocol.

SSH is a great tool. If you want to remotely connect to the server on the internet, SSH is undoubtedly the best candidate. The following are the 25 best SSH commands selected by voting on the Internet.

(Note: Some commands with long content are displayed as truncated in this article. If you need to read the complete command, you can copy the entire line to your notepad for reading .)

1. Copy the SSH key to the target host and enable password-less SSH login.

ssh-copy-id user@host

If no key exists, use the ssh-keygen command to generate it.

2. Open a tunnel from port 80 of a host to port 2001 of the local host

ssh -N -L2001:localhost:80 somemachine

Now you can enter http: // localhost: 2001 in your browser to access this website.

3. Output your microphone to a remote computer speaker

dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp

In this way, the sound from your microphone port will be output on the speaker port of the SSH target computer, but unfortunately, the sound quality is poor and you will hear a lot of hissing.

4. Compare remote and local files

ssh user@host cat /path/to/remotefile | diff /path/to/localfile –

This command is useful when comparing the differences between local and remote files.

5. Mount the directory/file system through SSH

sshfs name@server:/path/to/folder /path/to/mount/point

Download sshfs from http://fuse.sourceforge.net/sshfs.htmlto allow you to upload a directory for cross-network security.

6. Establish an SSH connection through the intermediate host

ssh -t reachable_host ssh unreachable_host

Unreachable_host indicates that the host cannot be directly accessed from the local network, but can be accessed from the network where reachable_host is located. This command creates a connection to unreachable_host by "hiding" the connection to reachable_host.

7. Copy your SSH public key to a remote host and enable password-less logon.

ssh-copy-id username@hostname

8. directly connect to host a that can only be connected through host B

ssh -t hostA ssh hostB

Of course, you must be able to access host.

9. Create a persistent connection to the target host

ssh -MNf <user>@

Create a persistent connection to the target host in the background and send this command to you ~ The configuration in/. Ssh/config is used in combination:

Host hostControlPath ~/.ssh/master-%r@%h:%pControlMaster no

All SSH connections to the target host will use persistent SSH sockets. If you use SSH to regularly synchronize files (using rsync/SFTP/CVS/SVN), this command will be very useful, because no new socket is created each time an SSH connection is opened.

10. Connect to the screen through SSH

ssh -t remote_host screen –r

Connect directly to a remote screen SESSION (saves useless parent bash processes ).

11. Port detection (knocking)


To open a service port (such as SSH) on a port, and then close the port, you need to install knockd first. The following is a configuration file example.

[options]logfile = /var/log/knockd.log[openSSH]sequence = 3000,4000,5000seq_timeout = 5command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPTtcpflags = syn[closeSSH]sequence = 5000,4000,3000seq_timeout = 5command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPTtcpflags = syn

12. delete a line of content in a text file and fix it effectively.

ssh-keygen -R <the_offending_host>

In this case, it is best to use professional tools.

13. Run complex remote shell commands through SSH

ssh host -l user $(<cmd.txt)

More portable versions:

ssh host -l user “`cat cmd.txt`”

14. Copy the MySQL database to the new server through SSH

mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”

Dump a MySQL database through the compressed SSH tunnel and pass it as an input to the MySQL command. I think this is the fastest and best way to migrate the database to the new server.

15. delete a row in the text file and fix the "SSH host key change" Warning.

sed -i 8d ~/.ssh/known_hosts

16. Copy your SSH public key from a host without SSH-COPY-ID commands to the server

cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”

If you use Mac OS X or other * nix variants without the ssh-copy-id command, this command can copy your public key to a remote host, therefore, you can achieve SSH login without a password.

17. Real-time SSH network throughput Test

yes | pv | ssh $host “cat > /dev/null”

Connect to the host through SSH to display the real-time transmission speed. Point all transmitted data to/dev/null and install PV first.

For Debian:

apt-get install pv

If it is fedora:

yum install pv

(Additional Software repositories may need to be enabled ).

18. If you create a remote GNU screen that can be reconnected

ssh -t user@some.domain.com /usr/bin/screen –xRR

People always like to open many shells in a text terminal. If the session is suddenly interrupted or you press Ctrl-a D, the shell on the remote host will not be affected at all, you can reconnect. Other Useful screen Commands include "Ctrl-a c" (open a new shell) and "Ctrl-A" (switch back and forth between shells ), please visit http://aperiodic.net/screen/quick_referenceto read more about the screencommand quick reference.

19. Continue SCP large files

rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file

It can restore failed rsync commands. This command is very useful when you transmit large files through VPN, such as a backup database. You need to install rsync on both hosts.

rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote


rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local

20. analyze traffic through SSH w/Wireshark

ssh root@server.com ‘tshark -f “port !22″ -w -' | wireshark -k -i –

Use tshark to capture network communication on the remote host, send the original pcap data through an SSH connection, and display it in Wireshark. Press Ctrl + C to stop capturing, but also close the wireshark window, you can pass a "-C #" parameter to tshark so that it can only capture the data packet type specified by "#", or redirect data through the named pipe, instead of directly transmitting data to Wireshark through SSH, I suggest you filter data packets to save bandwidth. tshark can be replaced by tcpdump:

ssh root@example.com tcpdump -w – ‘port !22′ | wireshark -k -i –

21. Keep the SSH session open permanently

autossh -M50000 -t server.example.com ‘screen -raAd mysession’

After opening an SSH session, keep it permanently open. If you need to switch between Wi-Fi hotspots for laptop users, you can ensure that the connection will not be lost after the switch.

22. More stable, faster, and stronger SSH client

ssh -4 -C -c blowfish-cbc

Use IPv4 to compress data streams and use blowfish for encryption.

23. Use cstream to control bandwidth

tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’

Use bzip to compress the folder and transmit it to the remote host at 777 kb/s. Cstream has more features. Visit http://www.cons.org/cracauer/cstream.html#usageto learn more, for example:

echo w00t, i’m 733+ | cstream -b1 -t2

24. Transmit the SSH public key to another machine in one step

ssh-keygen; ssh-copy-id user@host; ssh user@host

This command combination allows you to log on without a password for ssh. Note that ~ /. There is already an SSH key pair in the SSH directory. The new keys generated by the ssh-keygen command may overwrite them. The Ssh-copy-ID copies the keys to the remote host, and append it to the Remote Account ~ In the/. Ssh/authorized_keys file, if you do not use the key password during SSH connection, a remote shell will be displayed shortly after you call SSH user @ host.

25. Copy the standard input (stdin) to your X11 Buffer

ssh user@host cat /path/to/some/file | xclip

Do you want to use SCP to copy files to a work computer so that they can be copied to an email? Xclip can help you. It can copy the standard input to the X11 buffer. You need to click and paste the content in the buffer.

If you have other SSH command skills, post them in this article.

Original article: http://blog.urfix.com/25-ssh-commands-tricks/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.