ssh
檢視連線參數的設定
$ ssh -F ~/.ssh/config -G remote-host-name
user root
hostname 173.82.136.138
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
...複製主機 A 的公鑰檔 id_rsa.pub 至遠端主機上
指令一:從主機 A 上執行
ssh-copy-id [email protected]
or
ssh-copy-id -f -i $HOME/.ssh/id_rsa.pub [email protected]指令二:從主機 A 上執行
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"從主機 B 上執行,以手動方式複製:
cd ~/.ssh
mv id_rsa.pub host-A-hostname.pub
cat host-A-hostname.pub >> authorized_keys
chmod 0700 ~/.ssh
chmod 0640 authorized_keysNOTE:
如果 .ssh 目錄裡已經有 authorized_keys 檔案,可以另存一個檔名加上 2,例如 authorized_keys2
測試連線: 從主機 A 上執行
ssh <remote-userB>@<remote-hostB-name>不需要輸入密碼就可以登入。
sshpass
整合 shell 做自動化的指令
1. ssh 執行指令
# Use the -p (this is considered the least secure choice and shouldn't be used)
sshpass -p !4u2tryhack ssh -o StrictHostKeyChecking=no [email protected] hostname
# Use the -f option (the password should be the first line of the filename)
echo '!4u2tryhack' >pass_file
chmod 0400 pass_file
sshpass -f pass_file ssh -o StrictHostKeyChecking=no [email protected] hostname
# Use the -e option (the password should be the first line of the filename)
SSHPASS='!4u2tryhack' sshpass -e ssh -o StrictHostKeyChecking=no [email protected] hostname2. 整合 rsync
# Use -e
SSHPASS='!4u2tryhack' rsync --rsh="sshpass -e ssh -l username" /custom/ host.example.com:/opt/custom/
# Use -f
rsync --rsh="sshpass -f pass_file ssh -l username" /custom/ host.example.com:/opt/custom/3. 整合 scp
scp -r /var/www/html/example.com --rsh="sshpass -f pass_file ssh -l user" host.example.com:/var/www/html4. With a GPG-encrypted file
echo '!4u2tryhack' > .sshpasswd
gpg -c .sshpasswd
rm .sshpasswd
gpg -d -q .sshpassword.gpg > pass_file; sshpass -f pass_file ssh [email protected] hostnameOTP - Google Authenticator
限制遠端登入
AllowUsers joe [email protected] [email protected]* [email protected]* [email protected]:288:5400:*
# OR
AllowGroups ssh-users從遠端一行指令修改密碼會顯示明碼
# add the option -t to have the password to be invisible.
ssh -t <username>@<remote-host-ip> passwd
No Comments