linux中ssh如何远程执行一条命令,而且不登录远程服务器?

2022-08-21 科技 266阅读

一 SSH命令使用技巧

- 远程登录

ssh user@remote.machine

- 远程执行

ssh user@remote.machine 'command ...'

- 远程复制

scp user@remote.machine:/remote/path /local/path

scp /local/path user@remote.machine:/remote/path

- X forward

ssh -X user@remote.machine

xcommand ...

- Tunnel / Portforward

ssh -L 1234:remote.machine:4321 user@remote.machine

ssh -R 1234:local.machine:4321 user@remote.machine

ssh -L 1234:other.machine:4321 user@remote.machine

二, 实作

1) 禁止 root 登录

# vi /etc/ssh/sshd_config

PermitRootLogin no

2) 废除密码登录, 强迫使用 RSA 验证(假设 ssh 账户为 user1 )

# vi /etc/ssh/sshd_config

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no

# service sshd restart

# su - user1

$ mkdir ~/.ssh 2>/dev/null

$ chmod 700 ~/.ssh

$ touch ~/.ssh/authorized_keys

$ chmod 644 ~/.ssh/authorized_keys

登入 端:

$ ssh-keygen -t rsa

(按三下 enter 完成﹔不需设密码,除非您会用 ssh-agent 。)

$ scp ~/.ssh/id_rsa.pub user1@server.machine:id_rsa.pub

(若是 windows client, 可用 puttygen.exe 产生 public key,

然后复制到 server 端后修改之, 使其内容成为单一一行.)

回到 server 端:

$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

$ rm ~/id_rsa.pub

$ exit

3) 限制 su / sudo 名单:

# vi /etc/pam.d/su

auth required /lib/security/$ISA/pam_wheel.so use_uid

# visudo

%wheel ALL=(ALL) ALL

# gpasswd -a user1 wheel

4) 限制 ssh 使用者名单

# vi /etc/pam.d/sshd

auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users ōnerr=fail

# echo user1 >> /etc/ssh_users

声明:你问我答网所有作品(图文、音视频)均由用户自行上传分享,仅供网友学习交流。若您的权利被侵害,请联系fangmu6661024@163.com