使用 *nix 服务器肯定会用到 ssh,它是一个链接到远程服务器终端的工具。

基本常识

基本组成部分

1$ man ssh
2ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
3     [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11]
4     [-i identity_file] [-L [bind_address:]port:host:hostport]
5     [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
6     [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
7     [-w local_tun[:remote_tun]] [user@]hostname [command]

有没有被帮助手册的参数吓到,那我们精简一下:

ssh [user@]hostname [-p port]

登录到远程服务器和登录本地电脑系统没什么大的区别,都需要用户名,密码,除此之外我们还需要知道远程服务器的地址(IP 地址或域名均可)及允许的端口(默认 22 端口)。

1$ ssh [email protected] -p 22

有些时候大家发现一些教程没有提到用户,实际上 ssh 很聪明,默认会使用当前系统的用户名:

1(icyleaf) $ ssh 10.10.10.10

这个就等同于

1$ ssh [email protected]

有些服务器可能为了安全期间修改了默认的端口,比如 2020:

1$ ssh [email protected] -p 2020

高级参数

Socket 代理

呐,你可能因为 GFW 的威力,尝试使用 ssh 的 socket 代理,实际上就是用到的 -D 参数:

1-D [bind_address:]port
2   Specifies a local ``dynamic application-level port forwarding.
3   This works by allocating a socket to listen to port on the local
4   side, optionally bound to the specified bind_address.  Whenever a
5   connection is made to this port, the connection is forwarded over
6   the secure channel, and the application protocol is then used to
7   determine where to connect to from the remote machine.  Currently
8   the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
9   as a SOCKS server.  Only root can forward privileged ports.

我们来简单画下它的工作流程:

1|----client----|                    |-----server----|
2|              |                    |               |
3|   local port<|  <incoming         |               |
4|    ssh port<>|  <-------------->  |<> ssh port    |
5                                    |    forwarding>|  >outgoing connection
6
7                                     <<<------------local network-----------

它首先需要登录到远程服务器,并把本地的请求全部转发到服务器指定的端口上,然后通过由服务器再去请求。例如我们设置 8624 端口:

1$ ssh -D8624 [email protected] -p 22

这样保持这个连接,我们在设置浏览器或系统的 socket4/5 代理就能达到翻墙的目的。当前这个最大的前提是你的服务器在不手 GFW 的控制下(任意海外未被 GFW 服务器)

跳板代理

或许曾经你在看某本黑客杂志或电影出现过这样的片段,黑客使用肉鸡跳板不断的增加难度避开警察的追踪,实际上我们通过 ssh 也能非常简单又很酷的实现。

1-L [bind_address:]port:host:hostport
2   Specifies that the given port on the local (client) host is to be
3   forwarded to the given host and port on the remote side.  This
4   works by allocating a socket to listen to port on the local side,
5   optionally bound to the specified bind_address.  Whenever a con-
6   nection is made to this port, the connection is forwarded over
7   the secure channel, and a connection is made to host port
8   hostport from the remote machine.

同样给出工作流程:

1|----client----|                    |-----server----|                 |-----host-----|
2|              |                    |               |                 |              |
3|   local port<|  <incoming         |               |                 |              |
4|    ssh port<>|  <-------------->  |<> ssh port    |                 |              |
5                                    |    forwarding>|  -------------> |>host port    |
6
7                                     <<<------------local network------------------->>>

实际上我只需要操作 -L [bind_address:]port:host:hostport 即可。这里假设我们想登录的目标服务器 target(10.10.10.10),而我们希望在肉鸡 chicken(20.20.20.20) 上做成跳板:

1$ ssh -L2020:20.20.20.20:22 10.10.10.10

简化配置

反复的输入这些繁琐的参数,甚是苦恼,能不能通过一种起个别名就能把上面的参数全部自动设置好呢?!没问题!

创建 ~/.ssh/config 文件:

1Host linode
2HostName 10.10.10.10
3Port 22
4User icyleaf

这个就是基本组成部分。如果你想配置更多,下面是完整的参数:

 1AddressFamily
 2BatchMode
 3BindAddress
 4ChallengeResponseAuthentication
 5CheckHostIP
 6Cipher
 7Ciphers
 8ClearAllForwardings
 9Compression
10CompressionLevel
11ConnectionAttempts
12ConnectTimeout
13ControlMaster
14ControlPath
15ControlPersist
16DynamicForward
17EscapeChar
18ExitOnForwardFailure
19ForwardAgent
20ForwardX11
21ForwardX11Timeout
22ForwardX11Trusted
23GatewayPorts
24GlobalKnownHostsFile
25GSSAPIAuthentication
26GSSAPIDelegateCredentials
27HashKnownHosts
28Host
29HostbasedAuthentication
30HostKeyAlgorithms
31HostKeyAlias
32HostName
33IdentityFile
34IdentitiesOnly
35IPQoS
36KbdInteractiveAuthentication
37KbdInteractiveDevices
38KexAlgorithms
39LocalCommand
40LocalForward
41LogLevel
42MACs
43NoHostAuthenticationForLocalhost
44NumberOfPasswordPrompts
45PasswordAuthentication
46PermitLocalCommand
47PKCS11Provider
48Port
49PreferredAuthentications
50Protocol
51ProxyCommand
52PubkeyAuthentication
53RekeyLimit
54RemoteForward
55RequestTTY
56RhostsRSAAuthentication
57RSAAuthentication
58SendEnv
59ServerAliveInterval
60ServerAliveCountMax
61StrictHostKeyChecking
62TCPKeepAlive
63Tunnel
64TunnelDevice
65UsePrivilegedPort
66User
67UserKnownHostsFile
68VerifyHostKeyDNS
69VisualHostKey
70XAuthLocation

配置文件

刚才讲到的 ~/.ssh/config 是配置 ssh 服务器的文件,其实除了这些还有好多,比如大家可能会经常见到的:

 1~/.ssh/config
 2  This is the per-user configuration file.  The file format and
 3  configuration options are described in ssh_config(5).  Because of
 4  the potential for abuse, this file must have strict permissions:
 5  read/write for the user, and not accessible by others.
 6
 7~/.ssh/authorized_keys
 8  Lists the public keys (DSA/ECDSA/RSA) that can be used for log-
 9  ging in as this user.  The format of this file is described in
10  the sshd(8) manual page.  This file is not highly sensitive, but
11  the recommended permissions are read/write for the user, and not
12  accessible by others.
13
14~/.ssh/identity
15~/.ssh/id_dsa
16~/.ssh/id_ecdsa
17~/.ssh/id_rsa
18  Contains the private key for authentication.  These files contain
19  sensitive data and should be readable by the user but not acces-
20  sible by others (read/write/execute).  ssh will simply ignore a
21  private key file if it is accessible by others.  It is possible
22  to specify a passphrase when generating the key which will be
23  used to encrypt the sensitive part of this file using 3DES.
24
25~/.ssh/identity.pub
26~/.ssh/id_dsa.pub
27~/.ssh/id_ecdsa.pub
28~/.ssh/id_rsa.pub
29  Contains the public key for authentication.  These files are not
30  sensitive and can (but need not) be readable by anyone.
31
32~/.ssh/known_hosts
33  Contains a list of host keys for all hosts the user has logged
34  into that are not already in the systemwide list of known host
35  keys.  See sshd(8) for further details of the format of this
36  file.

更多文件:

 1~/.rhosts
 2  This file is used for host-based authentication (see above).  On
 3  some machines this file may need to be world-readable if the
 4  user's home directory is on an NFS partition, because sshd(8)
 5  reads it as root.  Additionally, this file must be owned by the
 6  user, and must not have write permissions for anyone else.  The
 7  recommended permission for most machines is read/write for the
 8  user, and not accessible by others.
 9
10~/.shosts
11  This file is used in exactly the same way as .rhosts, but allows
12  host-based authentication without permitting login with
13  rlogin/rsh.
14
15~/.ssh/
16  This directory is the default location for all user-specific con-
17  figuration and authentication information.  There is no general
18  requirement to keep the entire contents of this directory secret,
19  but the recommended permissions are read/write/execute for the
20  user, and not accessible by others.
21
22~/.ssh/environment
23  Contains additional definitions for environment variables; see
24  ENVIRONMENT, above.
25
26~/.ssh/rc
27  Commands in this file are executed by ssh when the user logs in,
28  just before the user's shell (or command) is started.  See the
29  sshd(8) manual page for more information.
30
31/etc/hosts.equiv
32  This file is for host-based authentication (see above).  It
33  should only be writable by root.
34
35/etc/shosts.equiv
36  This file is used in exactly the same way as hosts.equiv, but
37  allows host-based authentication without permitting login with
38  rlogin/rsh.
39
40/etc/ssh/ssh_config
41  Systemwide configuration file.  The file format and configuration
42  options are described in ssh_config(5).
43
44/etc/ssh/ssh_host_key
45/etc/ssh/ssh_host_dsa_key
46/etc/ssh/ssh_host_ecdsa_key
47/etc/ssh/ssh_host_rsa_key
48  These files contain the private parts of the host keys and are
49  used for host-based authentication.  If protocol version 1 is
50  used, ssh must be setuid root, since the host key is readable
51  only by root.  For protocol version 2, ssh uses ssh-keysign(8) to
52  access the host keys, eliminating the requirement that ssh be
53  setuid root when host-based authentication is used.  By default
54  ssh is not setuid root.
55
56/etc/ssh/ssh_known_hosts
57  Systemwide list of known host keys.  This file should be prepared
58  by the system administrator to contain the public host keys of
59  all machines in the organization.  It should be world-readable.
60  See sshd(8) for further details of the format of this file.
61
62/etc/ssh/sshrc
63  Commands in this file are executed by ssh when the user logs in,
64  just before the user's shell (or command) is started.  See the
65  sshd(8) manual page for more information.

资料参考:

  1. [Linux] man ssh
  2. Advanced SSH usage