diff --git a/tools/ssh-tips.md b/tools/ssh-tips.md index 55a2a5f..62b4289 100644 --- a/tools/ssh-tips.md +++ b/tools/ssh-tips.md @@ -7,13 +7,22 @@ B服务器地址:10.8.216.26,下面简称B 实现A登录B免密码。 ## 1.1. 在A生成密钥对 + +无密码方式: + +```bash +ssh-keygen -t rsa -P +``` + +自定义密码参数: + ```bash ssh-keygen -C -f -t rsa -P "" ``` 执行上述命令,一路回车,会在当前登录用户的home目录下的.ssh目录下生成id_rsa和id_rsa.pub两个文件,分别代表密钥对的私钥和公钥,如下图所示: - +![](https://img-blog.csdn.net/20170916200144505?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvaHV3aF8=/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast) ## 1.2. 拷贝A的公钥(id_rsa.pub)到B @@ -31,9 +40,10 @@ scp /root/.ssh/id_rsa.pub root@10.8.216.26:/root cd /root cat id_rsa.pub >> .ssh/authorized_keys ``` + 如图: - +![](https://img-blog.csdn.net/20170916200919602?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvaHV3aF8=/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast) ## 1.4. 登录或拷贝 @@ -60,20 +70,41 @@ Host jump forwardagent yes identityfile ~/.ssh/id_rsa Host *.gw - user {username} - port {port} - proxycommand ssh -W $(echo %h | sed -e "s/.gw$//"):%p jump + user {username} + port {port} + proxycommand ssh -W $(echo %h | sed -e "s/.gw$//"):%p jump Host bj* User {username} Port {port} proxycommand ssh -W 192.168.123.$(echo %h | awk -F 'bj' '{print $2}'):%p jump ``` +多层跳板机 + +```bash +Host jump1 + Hostname {jump1_ip} + Port {port} + User {username} + forwardagent yes + identityfile ~/.ssh/id_rsa +Host jump2 + Hostname {jump2_ip} + Port {port} + User {username} + ProxyCommand ssh -q -x -W %h:%p jump1 +Host * + Hostname %h + Port {port} + User {username} + ProxyCommand ssh -q -x -W %h:%p jump2 +``` + ## 2.2. 记录机器文件 将关键字和IP写入文件记录,例如 `~/.my_hosts`。 -示例:可以是IP + 环境等关键字 +示例:可以是IP + 环境等关键字,中间用空格隔开。 ```bash # release @@ -101,7 +132,7 @@ brew install fzf 设置 alias 到shell rc 文件(.bashrc / .zshrc) -``` +```bash alias goto="ssh \$(cat ~/.my_hosts | fzf | awk '{ printf(\"%s.gw\", \$1)}')" ``` @@ -114,3 +145,43 @@ alias goto="ssh \$(cat ~/.my_hosts | fzf | awk '{ printf(\"%s.gw\", \$1)}')" ```bash ssh bj11 ``` + +# 3. ssh配置项说明 + +可以通过man查看ssh配置说明 + +```bash +man ssh_config +``` + +配置文件示例: + +```bash +Host jump + port 22 + +Host * !jump + StrictHostKeyChecking no + HostName %h + UserKnownHostsFile /dev/null + LogLevel ERROR + IdentityFile ~/.ssh/id_rsa + ProxyCommand ssh -p 22 -F /dev/null jump -W %h:%p + SendEnv LANG LC_* +``` + +配置项说明: + +- Host: 标识设备,`*`表示通配所有字符,`!`表示例外通配。 + +- StrictHostKeyChecking no:连接时不进行公钥交互确认操作。 + +- UserKnownHostsFile /dev/null:不提示确认known_hosts文件。 + +- ProxyCommand:代理命令 + +如果使用命令加参数的方式: + +```bash +ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -p 22 jump -W %h:%p" +```