Linux Server SSH commands

Login: SSH [hostname]-u user

Enter the password :*****

After login, you can control it like you control your own machine, but there is no visual interface. But now I have used two versions of Linux (SUSE and fc5) that can use tools similar to the FTP interface. When using the tool to connect, select ssh. The port is the ssh port of the server. The default port is 22, but it must be manually entered. After the connection, the FTP interface and shell can be used at the same time to improve work efficiency.

Simple transfer command: SCP

SCP/etc/PHP. ini user@www.linuxidc.com:/home/user

Copy the local/etc/PHP. ini file to www.linuxidc.com.

After the command is executed, you need to enter the password and then start transmission.

SCP user@ww.linuxidc.com:/etc/PHP. INI/home/user2

Copy the/etc/PHP. ini file on the host ww.liniux.cn to the local/home/user2 directory.

Ssh-l user-P 22 britepic.org

Enter the password to log on.

L login_name

If this option is not added to the user specified to log on to the remote machine, ssh lost can also be played directly. It is used by the current user of the reader to log on. Example: SSH-l root http://www.britepic.org

========================================================== ==============

-C blowfish | 3DES

Select the encrypted password type during the period. The default value is 3DES, and 3DES (Data Encryption by three times) uses three different cryptographic keys for three encryption-decryption-encryption. Blowfish is a fast block cryptographic tool, which is safer and faster than 3DES.

========================================================== ==============

-V

Verbose mode. Enable SSH to print out the error message about the trip, which is helpful in connection debugging, authentication, and setting.

========================================================== ==============

-F

Require SSH to execute commands in the background. If SSH needs to ask for a password or a pass, you can use this method if you want it to be executed in the background, it is better to add-l user, for example, activating X11 in a remote location, a bit like ssh-F host xterm.

========================================================== ==============

-I identity_file

Select the file to be read by the RSA Authentication. The default is. Ssh/identity in the user's home directory.

========================================================== ==============

-N

Re-import stdin to/dev/null (in fact, to avoid reading stdin ). It must be used only when SSH is executed behind the scenes. A common trick is to use this option to execute X11 programs on a remote machine, such as SSH-N shadows. CS. hut. FI Emacs &, will be in shadows. CS. hut. emace is activated on fi, And the X11 connection is automatically sent over the encrypted channel. The SSH program will put it behind the scenes. (This will not work if SSH needs to ask for the password)

========================================================== ==============

-T

Forcibly configure the pseudo-tty. This allows you to execute any screen-based procedure on a remote machine, for example, menu services.

========================================================== ==============

-C

To compress all data (including stdin, stdout, stderr, and X11 and TCP/IP connections), the computation rules are the same as those of gzip, but the compression level cannot be controlled. Compression is a good choice when the modem or online speed is slow, but if the reader's network speed is fast, the speed will slow down.

========================================================== ==================

-P Port

Connect to the port on the remote machine. This option is not used. The default value is 22.

========================================================== ====================

-P

Use a non-specific port to connect to the Internet. This option can be used if the reader's firewall does not need to be connected from a specific port. Note that this option will disable RhostsAuthentication and RhostsRSAAuthentication.

========================================================== ==================

-L listen-Port: Host: Port

Specify the port on the machine where the local port is located.

========================================================== ================

-R listen-Port: Host: Port

Assign a remote port to the local address.

-2 force SSH to use Protocol version 2.

-4 force SSH to use IPv4 addresses.

-6 force SSH to use IPv6 addresses.

========================================================== ==================

-G

Allow the remote host to connect to the ports specified locally.

-

Disable online Authentication Proxy.

-E character

Set escape characters

SCP uses SCP to copy files on a remote machine

========================================================== ====================

Copy local files to a remote machine

SCP/etc/Lilo. conf my@www.britepic.org:/home/My

Copy the local/etc/Lilo. conf file to www.britepic.org.

========================================================== ==================

Copy the files on the remote machine to the local device

SCP my@www.britepic.org:/etc/Lilo. CONF/etc

The/etc/Lilo. conf file in the http://www.britepic.org is copied to the local/etc directory.

========================================================== ==================

Keep the attribute of the source host file

SCP-P my@www.britepic.org:/etc/Lilo. CONF/etc

Ssh-keygen

Generate a Public Key (pulib key) and a private key to ensure the security of SSH connection.

When SSH is connected to the SHD server, the Public Key is exchanged, and the system checks the key stored in/etc/ssh_know_hosts, if a client is found, this key is used to generate a randomly generated session key and send it to the server. Both ENDS use this key to continue the remaining stages of SSH.

It generates identity. pub and identity files. Private keys are stored in identity, and public keys are stored in identity. pub, then use SCP to set the identity. pub copy to the Home Directory of the remote machine. authorized_keys under ssh. . Ssh/authorized_keys (this authorized_keys file is equivalent to the Protocol's rhosts file). Then, the user can log in without a password. RSA Authentication is definitely more secure and reliable than rhosts authentication.

Run:

SCP identity. Pub my@sohu.com:. Ssh/authorized_keys

If you do not enter a password when using SSH-keygen to generate a key pair, as shown above, you do not need to enter a password to log on to sohu.com from the http://www.britepic.org.

Here, the password entered here can be different from the account password or not.

SSH protocol version 1:

Each host can use the RSA encryption method to generate a 1024-bit RSA key. This RSA encryption method is mainly used to generate public keys and private keys! The entire online encryption step of version 1 can be simply described as follows:

1. Each time SSH daemon (sshd) is activated, A 768-bit Public Key (or server key) is generated and stored on the server;

2. If a client needs to transfer the public key, the server will send the public key to the client, and the client will confirm this public key by comparing its RSA encryption method;

3. after the client accepts the 768-bit server key, the client will randomly generate a 256-bit private key ), in addition, the server key and host key are encrypted into a complete key, and the key is also transmitted to the server;

4. Later, the server and client will use this 1024-bit key to transfer data online!

Of course, because the 256-bit key of the client is randomly obtained at a time, your online connection will be different from the next online key!

========================================================== ======

SSH protocol version 2:

Different from version 1, server keys are no longer generated in version 2. Therefore, when the client is online to the server, the two will generate a shared key using the Diffie-Hellman key calculation method, and then the two will perform synchronous decryption through the computation method similar to Blowfish!

Each sshd provides the two versions online. To decide whether the two modes are online, you must select the online mode when the client is online. Currently, the online mode of version 2 is automatically used by default! Since our online materials have been encrypted and decrypted by the public and private keys, the transmission process in the middle is certainly much safer!

If you directly use SSH hostname to connect to the host hostname, the "account name" of the host hostname will be the user account in your current environment! For example, if I run the command as root. domain. name, then the other host. domain. name is the host, and the root identity will be used for me to confirm the password login action! Therefore, to avoid such troubles, I usually log on to a remote host using a simple e-mail method, for example, "SSH user @ hostname, I use the user account to log on to the host hostname. Of course, you can also use the-l username format! After logging on to the host, all other executions are the same as those on the Linux host ~ So, it's really easy! ^_^ To remotely control the host! In addition, by default, SSH is "allow you to log on as root! Haha! It's even better! In addition, please note that when you want to connect to the host of the other party, if it is the first connection, the server will ask you that your online key has not yet been established, do you want to accept keys sent from the server and establish an online connection? Haha! In this case, please enter yes instead of Y or y so that the program will accept

Sftp-l username hostname or SFTP user @ hosname

After entering SFTP, it is similar to the normal FTP mode.

CD

Ls dir

Mkdir

Rmdir

PWD

Chgrp

Chown

Chmod

Ln oldname newname

Rm path

Rename oldname newname

Exit bye

==========================================

LCD path

Lls

Lmkdir

Lpwd

Put [local] [remote]

Get [remote] [local]

Sshcommand uses skill .txt

Preface

I don't need to talk about the benefits of SSH?

In short, the previous RPC command and telnet are all replaced by SSH.

For example, the following common functions:

-Remote Logon

SSH user@remote.machine

-Remote Execution

SSH user@remote.machine 'COMMAND ...'

-Remote replication

SCP user@remote.machine:/remote/path/local/path

SCP/local/path user@remote.machine:/remote/path

-X forward

Ssh-x user@remote.machine

Xcommand...

-Tunnel/portforward

Ssh-l 1234: Remote. Machine: 4321 user@remote.machine

Ssh-r 1234: Local. Machine: 4321 user@remote.machine

Ssh-l 1234: Other. Machine: 4321 user@remote.machine

II. Implementation

1) prohibit Root Login

# Vi/etc/ssh/sshd_config

Permitrootlogin No

2) Cancel Password Logon and force RSA Authentication (assume that the SSH account is user1)

# Vi/etc/ssh/sshd_config

Rsaauthentication Yes

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

Passwordauthentication No

# Service sshd restart

# Su-user1

$ Mkdir ~ /. Ssh 2>/dev/null

$ Chmod 700 ~ /. SSH

$ Touch ~ /. Ssh/authorized_keys

$ Chmod 644 ~ /. Ssh/authorized_keys

--------------------------------------------------

To the client:

$ Ssh-keygen-T RSA

(You do not need to set a password when you press enter three times, unless you use SSH-agent .)

$ SCP ~ /. Ssh/id_rsa.pub user1@server.machine: id_rsa.pub

(For Windows client, puttygen.exe can be used to generate a public key,

Copy it to the server and modify it to make the content a single line .)

---------------------------------------------------