devops之ssh

发表于 2020-09-17 更新于 2020-12-25 分类于 devops

devops之ssh

无密码访问

publickey 添加ssh server的 authorized_keys

ls ~/.ssh/id_*

ssh-copy-id remote_username@server_ip_address

or

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys

https://linuxize.com/post/how-to-setup-passwordless-ssh-login/

连接关闭后保留ssh session

screen command
nohup
etc...

https://www.tecmint.com/keep-remote-ssh-sessions-running-after-disconnection/

SSH Portforward

使用场景：

Make Remote Resources Accessible on Your Local System

使用Local port forward，例如企业内部服务（例如特定端口的数据库etc...）只能从内部网络访问，如果可以ssh连接企业内网的服务器作为jump server，可以使用local port forward 来通过ssh tunnel从外部访问。

kubectk portforward 访问调试k8s resource

local port forward

eg: ssh -L 8080:127.0.0.1:80 user@webserver

当本地browser http://localhost:8080/ , 到sshserver ，然后向ssh server的本地（127.0.0.1）的80 端口发送请求。

127.0.0.1 is actually the remote server's localhost, but it could have been a host/IP available at the remote machine's network.

示例图：

https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work

其他参数：

-N  Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

除了loca port forward 还有remote、dynamic port forward

https://serversforhackers.com/c/ssh-tricks