1、適用命令及方案如下:
【遠程連接及執行命令】
ssh -p22 [email protected]
ssh -p22 [email protected] /sbin/ifconfig
【遠程拷貝:推送及拉取】
scp -P22 -r -p /etc [email protected]:/tmp/
scp -P22 -r -p [email protected]:/tmp/ /etc
【安全的FTP功能】
sftp -oPort=22 [email protected]
【無密碼驗證方案】
例如利用sshkey批量分發文件,執行部署操作。
2、連接慢的主要原因是DNS解析導致
解決方法:
1、在ssh服務端上更改/etc/ssh/sshd_config文件中的配置為如下內容:
UseDNS no
# GSSAPI options
GSSAPIAuthentication no
然後,執行/etc/init.d/sshd restart重啟sshd進程使上述配置生效,在連接一般就不慢了。
2、如果還慢的話,檢查ssh服務端上/etc/hosts文件中,127.0.0.1對應的主機名是否和
uname -n的結果一樣,或者把本機ip和hostname(uname -n結果)加入到/etc/hosts裡。
[root@C64 ~]# uname -n C64 [root@C64 ~]# cat /etc/hosts #modi by oldboy 11:12 2013/9/24 127.0.0.1 C64 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.18 C64 ################
3、利用ssh-v的調試功能查找慢的原因
其實可以用下面的命令調試為什麼慢的細節(學習這個思路很重要)。
[root@C64 ~]# ssh -v [email protected] OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.0.0.19 [10.0.0.19] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host '10.0.0.19 (10.0.0.19)' can't be established. RSA key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9. Are you sure you want to continue connecting (yes/no)? yes =======>老男孩老師評:這裡就是提示保存密鑰的交互提示。 Warning: Permanently added '10.0.0.19' (RSA) to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password [email protected]'s password: =======>老男孩老師評:這裡就是提示輸入密碼的交互提示。 debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Tue Sep 24 10:30:02 2013 from 10.0.0.18 在遠程連接時如果慢就可以確定卡在哪了。 [root@C64_A ~]# ssh -v [email protected] OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.0.0.17' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic
上述配置沒配就發現卡到gssapi這。就大概知道是gssapi的問題。
實際上在linux系統優化部分就應該優化SSH服務的此處。
本文出自 “老男孩linux運維” 博客,請務必保留此出處http://oldboy.blog.51cto.com/2561410/1300964