SSH (Secure Shell) is a core tool in Linux systems used for secure remote login and command execution, implementing secure communication between hosts based on encryption protocols. The default port is 22, supporting password authentication and key pair authentication, and providing features such as port forwarding and file transfer.
๐ 1. <span>ssh</span> Command Basic Syntax
ssh [options] username@remote_host| Parameter | Description |
|---|---|
<span>-p <port></span> |
Specify the SSH port (default 22) |
<span>-i <private_key_file></span> |
Use the specified private key file |
<span>-C</span> |
Enable compression to improve performance on slow networks |
<span>-X/</span><code><span>-Y</span> |
Enable X11 forwarding (for remote GUI applications) |
<span>-L/</span><code><span>-R</span> |
Port forwarding (local/remote) |
๐ 2. Basic SSH Connection
๐ฏ 2.1 Remote Login
ssh user@remote_host๐ Example:
ssh [email protected] # Log in to the 192.168.1.1 server as root user๐ฏ 2.2 Specify Port
ssh -p 2222 user@remote_host Function:If the remote server’s <span><span>SSH</span></span> port is not the default <span><span>22</span></span>, specify the port <span><span>2222</span></span>.
๐ฏ 2.3 Passwordless Login (Using SSH Keys)
๐ ๏ธ 1๏ธโฃ Generate SSH Key
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsaFunction๏ผGenerate a 4096-bit <span><span>RSA</span></span> key (public key <span><span>id_rsa.pub</span></span> and private key <span><span>id_rsa</span></span>).
๐ ๏ธ 2๏ธโฃ Copy Public Key to Remote Server
ssh-copy-id user@remote_hostFunction๏ผCopy the public key <span><span>~/.ssh/id_rsa.pub</span></span> to the remote <span><span>~/.ssh/authorized_keys</span></span>.
After copying the public key, login without entering a password:ssh user@remote_host
๐ฏ 2.4 Configure SSH Passwordless Alias
Edit the <span><span>~/.ssh/config</span></span> file:
Host myserver
HostName 192.168.1.1
User root
Port 3333
IdentityFile ~/.ssh/id_rsaFunction๏ผNext time you log in, just enter: ssh myserver, to connect to <span><span>192.168.1.1</span></span>, without entering the full command each time.
๐ 3. Remote Command Execution
๐ฏ 3.1 Execute a Single Command on Remote Server
ssh user@remote_host "ls -lrt"Function๏ผExecute <span><span>ls -lrt</span></span> on <span><span>remote_host</span></span> and return the result.
๐ฏ 3.2 Execute Multiple Commands
ssh user@remote_host "cd /var/www && ls -lrt"Function๏ผFirst <span><span>cd</span></span> to the directory, then execute ls -lrt.
You can also use <span><span><< EOF</span></span> to run multiple lines of commands:
ssh user@remote_host << EOF
cd /var/log
ls -la
exit
EOF๐ 4. SSH Port Forwarding
๐ฏ 4.1 Local Port Forwarding (Access Remote Services)
ssh -L 8080:localhost:3306 user@remote_host๐ Function:
- Map local port 8080 to remote MySQL 3306
- Thus, local
<span><span>127.0.0.1:8080</span></span>is equivalent to accessing the remote<span><span>3306</span></span>port
Local MySQL Connection Example:mysql -h 127.0.0.1 -P 8080 -u root -p
๐ฏ 4.2 Remote Port Forwarding (Allow Remote Access to Local Services)
ssh -R 9000:localhost:80 user@remote_hostFunction:
- Allow remote
<span><span>9000</span></span>port to accesslocal<span><span>80</span></span>port - Suitable forallowing public servers to access internal services
Remote server access:curl http://localhost:9000
๐ 5. Proxy & Jump Host
๐ฏ 5.1 SOCKS5 Proxy (Scientific Internet Access)
ssh -D 1080 user@remote_hostFunction๏ผ
- Create a
<span><span>SOCKS5 proxy</span></span>on local port 1080 - Can be used for browser proxy or
<span><span>proxychains</span></span>
๐ฏ 5.2 Connect via Jump Host
ssh -J jump_host user@target_hostFunction๏ผ
- First log in through
<span><span>jump_host</span></span>(jump host), then connect to<span><span>target_host</span></span>
Equivalent to:
ssh user@jump_host
ssh user@target_host๐ 6. Stop & Restart SSH Service
๐ฏ 7.1 Stop SSH
sudo systemctl stop ssh๐ฏ 7.2 Start SSH
sudo systemctl start ssh๐ฏ 7.3 Restart SSH
sudo systemctl restart sshApplicable for restarting the service after modifying SSH configuration.