420 likes | 780 Views
奇巧淫技. USTC LUG 每周小聚 - 2013.03.30. SSH 篇. 加速登录第一招 : 使用 key. ssh-keygen ssh -copy-id $user@$host. 加速登录第二招 : ControlMaster. cat <<EOF >>$HOME/. ssh / config Host * ControlMaster auto ControlPath / tmp / ssh_mux_%h_%p_%r ControlPersist 1h EOF. 其他有用的选项. ServerAliveInterval 30
E N D
奇巧淫技 USTC LUG 每周小聚 - 2013.03.30
加速登录第一招:使用key • ssh-keygen • ssh-copy-id $user@$host
加速登录第二招:ControlMaster • cat <<EOF >>$HOME/.ssh/config • Host * • ControlMasterauto • ControlPath /tmp/ssh_mux_%h_%p_%r • ControlPersist1h • EOF
其他有用的选项 • ServerAliveInterval 30 • StrictHostKeyChecking no (不推荐) • IdentityFile ~/.ssh/id_rsa.bla • ProxyCommandbla
ssh_config样例 • cat ~/.ssh/config • Host github.com • User git • IdentityFile ~/.ssh/keys/id_rsa.github • ControlMaster no • Host node-* • User myname • HostName %h.lab.ustc.edu.cn • IdentityFile ~/.ssh/keys/id_rsa • ProxyCommandnc -x proxy.lab.ustc.edu.cn:1234 %h %p • Host * • ControlMaster auto • ControlPath /tmp/ssh_mux_%h_%p_%r • ControlPersist 1h • ServerAliveInterval 30
端口转发:-D [bind_address:]port • ssh-CfND 1080 user@example.com • socks代理: localhost:1080
端口转发:-L [bind_address:]port:host:hostport • ssh-CfNL 8080:ifconfig.me:80 \ • user@example.com • curl -I http://localhost:8080/ \ • -H “Host: ifconfig.me”
进阶:使用key限制可以运行的命令 • cat ~/.ssh/authorized_keys • no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/ftpsync &" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWAYdfifALGPhZUInaqDEgUqM2JQRtf0Eb9TbEHU+3ii1kQvO1mrk+qDUsEPv/d9YA8PWRUXtXyzlB60d/sTrLKI0UBi6ZSH5y7uxEdReXLHysIpT65VCmfHqe72XEYrLeufnkCECrQ8zk+VvhqFPezIqFXHLRY2P0u0Xwkx7Fl2e2tEd9KcHqn1FY5gP92CWta8Ym/+E9g5cn7wDDdJSRaWCHFhxMdOfMMkUwgst4ZpHbO/JgENOA3kZ+mI4Otw5zeqEYdz+/ZD6h0Y/5lAzqEg/Nz/QTBi5KuLRc2slRkkMb3HjJ3pnnmMIcwUNnvV7v0VzgcLcJaCN2YPAW3Wr3 mirror@ftp.cn.debian.org
练习 假设某authorized_keys中指定了command=“your-script.sh”,然后远程执行命令: $ ssh $host your-script.sh arg1 arg2 … 在your-script.sh中,如何获取arg1, arg2, …这些参数?
判断某端口是否打开: nc -z host port • nc -zvmirrors.ustc.edu.cn 80
扫描端口 • nc -zvmirrors.ustc.edu.cn 21-80
ssh代理自动重连脚本 while true; do while read lportrhost; do if ! nc -z localhost $lport; then echo "proxy on $lport lost, reconnecting..." ssh -CfND $lport $rhost fi done < proxy-list.txt sleep 1 done
传输文件 @server $ nc -l 1234 > file.gz @client $ nc $server 1234 < file.gz more: tar cf - filelist… | nc $server 1234 nc $server 1234 < /dev/zero …
测试内存读写速度 • pv /dev/zero > /dev/null • 27GB 0:00:02 [13.5GB/s] [ <=> ]
测试网络速度 @s $ nc -l 1234 > /dev/null @c $ pv /dev/zero | nc $server 1234 74.5MB 0:00:02 [37.5MB/s] [ <=> ]
更复杂一些的例子 $ tar -cf - /usr/ | pv -cNtar \ | bzip2 -c | pv -cN bzip2 \ > /dev/null tar: 43MB 0:00:06 [6.19MB/s] [ <=> ] bzip2: 24MB 0:00:06 [5.45MB/s] [ <=> ]
显示处理日志的速度 • pvaccess.log|awk'/kali/{i+=1}END{print i}’ • 90.8MB 0:00:05 [18.7MB/s] [=====> ]
ping + traceroute mtr $ mtr -nrc 20 202.38.64.59 HOST: pcg-mac Loss% Snt Last Avg Best Wrst StDev 1.|-- 10.0.0.1 0.0% 20 1.2 2.8 1.2 11.4 2.6 2.|-- 202.38.75.254 35.0% 20 4.3 5.3 1.5 33.1 8.5 3.|-- 202.38.96.188 65.0% 20 1.4 2.1 1.4 3.6 0.7 4.|-- 202.38.64.59 50.0% 20 3.2 3.8 1.4 16.6 4.6
tcpping?, tcptraceroute # tcptraceroute 122.11.35.108 80 Selected device eth0, address 10.132.153.217, port 23240 for outgoing packets Tracing the path to 122.11.35.108 on TCP port 80 (www), 30 hops max 1 10.143.126.129 6.661 ms 0.551 ms 0.502 ms 2 100.65.72.145 0.698 ms 0.580 ms 2.486 ms 3 100.65.81.194 0.617 ms 3.271 ms 0.515 ms 4 100.67.80.1 0.213 ms 0.285 ms 0.217 ms 5 100.64.28.3 0.496 ms 1.901 ms 0.474 ms 6 175.41.192.215 0.430 ms 0.305 ms 0.508 ms 7 27.0.0.210 11.036 ms 29.086 ms 10.686 ms 8 27.0.0.196 11.278 ms 11.253 ms 11.355 ms 9 113.157.231.13 11.861 ms 12.947 ms 17.938 ms 10 118.155.199.25 11.365 ms 11.298 ms 11.533 ms 11 203.181.99.61 26.027 ms 25.931 ms 25.972 ms 12 106.187.6.170 25.893 ms 25.969 ms 25.780 ms 13 118.155.194.110 81.174 ms 81.197 ms 81.085 ms 14 219.158.96.209 78.541 ms 78.399 ms 78.323 ms 15 219.158.11.25 76.163 ms GFW设备? 122.11.35.108 [open] -8.127 ms 219.158.11.25 76.075 ms
wget整站下载 $ alias getsite='wget -r -k -p -np’ $ getsitehttp://tldp.org/LDP/abs/html/
lftp整站下载 $ lftphttp://tldp.org/LDP/abs/html/ lftptldp.org:/LDP/abs/html> mirror . abs
lftp整站下载 $ lftphttp://tldp.org/LDP/abs/html/ lftptldp.org:/LDP/abs/html> mirror . abs 当然,这样获取abs更好: $ sudo apt-get install abs-guide $ browser file:///usr/share/doc/abs-guide/html/
快捷键 • ctrl-a, ctrl-e, alt-b, alt-f • ctrl-u, ctrl-w, ctrl-k • ctrl-r • alt-.
操作技巧 • 命令敲到一半,想先做一下其他事情 • ^a,#,^j 注释之