Brucekomike(讨论 | 贡献) (→错误排查) |
Brucekomike(讨论 | 贡献) (→服务端配置) |
||
(未显示同一用户的14个中间版本) | |||
第2行: | 第2行: | ||
[[category:WAN]] | [[category:WAN]] | ||
[[category:系统]] | [[category:系统]] | ||
[[category:知识库]] | |||
ssh是用来连接其他电脑的工具软件,广泛用于服务器运维。 | ssh是用来连接其他电脑的工具软件,广泛用于服务器运维。 | ||
== 客户端配置 == | |||
用户的配置文件位于 <code>~/.ssh/config</code> 下。 | |||
=== 参数 === | |||
禁用局域网内部的主机密钥检查 | |||
Host 192.168.*.* | |||
UserKnownHostsFile /dev/null | |||
StrictHostKeyChecking no | |||
为github配置ssh | |||
Host github | |||
User git | |||
HostName github.com | |||
IdentityFile ~/.ssh/github | |||
ProxyCommand nc -X 5 -x 127.0.0.1:2080 %h %p | |||
ssh over ssl | |||
Host ossmedia | |||
HostName ossmedia.cn | |||
ProxyCommand openssl s_client -quiet -servername <host> -connect <host:port> | |||
User username | |||
默认为所有ssh目标主机配置代理 | |||
Host * | |||
RemoteForward 12321 127.0.0.1:2080 | |||
使用多个配置文件 | |||
Include config.d/* | |||
== 服务端配置 == | |||
服务器 | |||
UseDNS no | |||
AddressFamily inet | |||
SyslogFacility AUTHPRIV | |||
PermitRootLogin no | |||
PasswordAuthentication yes | |||
TCPKeepAlive yes | |||
ClientAliveInterval 30 | |||
ClientAliveCountMax 2 | |||
局域网 | |||
PermitRootLogin no | |||
PasswordAuthentication no | |||
PubkeyAuthentication no | |||
Match Address 192.168.*,fe80::* | |||
PermitRootLogin yes | |||
PasswordAuthentication yes | |||
PubkeyAuthentication yes | |||
== 密钥操作 == | |||
=== 创建密钥对 === | |||
cd ~/.ssh | |||
ssh-keygen -t ed25519 -f <filename> | |||
=== 引用公钥 === | |||
mkdir ~/.ssh | |||
touch ~/.ssh/authorized_keys | |||
curl https://github.com/username.git >> ~/.ssh/authorized_keys | |||
== 组合用法 == | |||
=== 创建SFTP专供进程 === | |||
[[SSH/SFTP]] | |||
=== SSH反向代理 === | |||
[[SSH/反向代理]] | |||
== 错误排查 == | == 错误排查 == | ||
详见[[SSH/错误排查]] | 详见[[SSH/错误排查]] |
2024年11月3日 (日) 20:02的最新版本
ssh是用来连接其他电脑的工具软件,广泛用于服务器运维。
客户端配置
用户的配置文件位于 ~/.ssh/config
下。
参数
禁用局域网内部的主机密钥检查
Host 192.168.*.* UserKnownHostsFile /dev/null StrictHostKeyChecking no
为github配置ssh
Host github User git HostName github.com IdentityFile ~/.ssh/github ProxyCommand nc -X 5 -x 127.0.0.1:2080 %h %p
ssh over ssl
Host ossmedia HostName ossmedia.cn ProxyCommand openssl s_client -quiet -servername <host> -connect <host:port> User username
默认为所有ssh目标主机配置代理
Host * RemoteForward 12321 127.0.0.1:2080
使用多个配置文件
Include config.d/*
服务端配置
服务器
UseDNS no AddressFamily inet SyslogFacility AUTHPRIV PermitRootLogin no PasswordAuthentication yes TCPKeepAlive yes ClientAliveInterval 30 ClientAliveCountMax 2
局域网
PermitRootLogin no PasswordAuthentication no PubkeyAuthentication no Match Address 192.168.*,fe80::* PermitRootLogin yes PasswordAuthentication yes PubkeyAuthentication yes
密钥操作
创建密钥对
cd ~/.ssh ssh-keygen -t ed25519 -f <filename>
引用公钥
mkdir ~/.ssh touch ~/.ssh/authorized_keys curl https://github.com/username.git >> ~/.ssh/authorized_keys
组合用法
创建SFTP专供进程
SSH/SFTP
SSH反向代理
SSH/反向代理
错误排查
详见SSH/错误排查