Introduction of SSH
SSH is a network protocol used for encrypted login between computers. Principle:
- The remote host receives the login request from the user and sends its public key to the user.
- The user uses the public key to encrypt the login password and send it back.
- Using its own private key, the remote host decrypts the login password and, if the password is correct, allows the user to log in.
When the public key of the remote host is accepted, it is stored in the local file ~/.ssh/known_hosts. In addition, the system also has such a file, usually /etc/ssh/ssh_known_hosts, which holds the public key of the remote host that can be trusted by all users.
Commonly used instructions
- Log in to the server locally SSH user@remote -p port. If the port number is 22, SSH user@remote and log in to exit
- Local password-free login to ssh-copy-id user@remote -p port, which is especially useful when writing script server control
- Add some content to the alias code ~/. SSH /config to log in to the server using SSH selfname without remembering the server IP address
- Run the SSH selfname “CD ~; Ls “will execute the command in quotes on the server, after which it will automatically shut down the remote service
- SCP username@a PC IP: file path username@b PC IP: folder path: SCP username@a PC IP: file path username@b PC IP: folder path: SCP username@a PC IP: file path username@b PC IP: folder path: -r
ssh user@remote -p port
# user is your user name on the remote machine, which defaults to the current user if not specified
# remote is the address of the remote machine, which can be an IP address, domain name, or an alias mentioned later
# port is the port on which the SSH Server listens. If not specified, the default value is 22
# SSH [email protected] for example
Copy the codeSSH: connect to host remote port 22: SSH: connect to host remote port 22: Connect to host remote port 22: Sudo apt-get install openssh-server sudo apt-get install openssh-server sudo apt-get install openssh-server
Avoid close login
Is it annoying to have to enter a password every time you SSH? The opposite of password authentication is public key authentication. In other words, to achieve password-free login, you need to set an SSH key first. That is, the local computer generates a public key private key, and then put the public key on the remote server! The principle is simple: users store their public keys on a remote host. At login, the remote host sends the user a random string, which the user encrypts with his private key, and sends back. The remote host decrypts the shell using the public key stored in advance. If successful, the user is proved to be trusted and is allowed to log in to the shell without requiring a password.
# check to see if there is any
ls ~/.ssh
# generate if no
ssh-keygen
# in ~/. SSH /, two new files will be generated: id_rsa.pub and id_rsa. The former is your public key and the latter is your private key.
Put the public key on the remote server
ssh-copy-id user@remote -p port
# For example my ssh-copy-id [email protected]
Copy the codeBrew install ssh-copy-id on MAC. SSH user@remote -p port ‘mkdir -p SSH && cat >>.ssh/authorized_keys’ < ~/.ssh/id_rsa.pub, SSH /id_rsa.pub (public key) to.ssh/authorized_keys. Of course, if you don’t use this command, you can manually copy the public key, log in to the remote machine, and paste it into.ssh/authorized_keys.
Configure an alias
SSH user@remote -p port SSH user@remote -p port SSH user@remote -p port Configuring aliases allows us to be lazy even further. Let’s say I want to replace the string above with SSH lab
<
Because it is the front end, edit it directly with vscode
code ~/.ssh/config
# Append the following and save
Host lab
HostName remote
User user
Port port
# Log in
ssh lab
# Like mine
# Host han
# the HostName 120.79.52.223
# User zhm
# Port 22
# ssh han
Copy the codeCommand line performs login and executes commands on the target server
Command line performs login and executes commands on the target server:
# Single or double quotation marks enclose commands and separate them with semicolons
ssh user@remoteNode "cd /home ; ls"
Copy the codeIf you have a lot of commands, you need to build a script.
# create a script file called test.sh, write this in it, and execute sh test.sh
#! /bin/bash
SSH user@remoteNode >/dev/null 2>&1 << remotessh
ssh user@remoteNode << remotessh
ls
exit
remotessh
Copy the codeTransfer files
SCP can be used for file transfer between two machines. The address format of SCP is basically the same as that of SSH, but the user name and port can be omitted. The slight difference is that -p is uppercase instead of lowercase for the specified port. However, this does not matter if you have configured an alias, as SCP also supports direct aliases
The default remote current folder is Home directory (~). Copy files from COMPUTER A to computer B
# Note: If A is A file and B is the path of the file, the contents of file A will be written to file B regardless of whether the file exists.
If A folder exists on computer A, it will generate files and contents with the same name on computer A. If so, it will overwrite the files with the same name
# if A folder, add - r, if B computer file path complains, if B computer folder path and folder does not exist, it will establish the contents of this folder and put in A folder inside (equivalent to A folder to move over and then rename), folder exists, in the folder below to generate A and A folder with the same, It's the same thingSCP A PC: file path B PC: file path/path/to/local/file to/ path/to/remote/file
scp -P port /path/to/local/file user@remote:/path/to/remote/file
You can also use an alias
scp /path/to/local/file lab:/path/to/remote/file
/path/to/remote/file to/ path/to/local/file
scp lab:/path/to/remote/file /path/to/local/file
The default path for remote is the home directory
/ /dir/file
scp file lab:dir/file
# Add the -r command to transfer folders
The following command can transfer the current directory dir folder to the remote home directory
scp -r dir lab:
Don't forget. Can be used to refer to the current directory
The following command can be used to download the remote ~/dir directory to the current directory
scp -r lab:dir/ .
Copy the codeIf you don’t feel comfortable transferring files from the command line, you can also use SFTP. Any CLIENT that supports SFTP can use your SSH account information to log in and manage files, such as FileZilla, the open source FTP client with a graphical interface. Don’t forget that with these clients, you can also specify your private key (~/.ssh/id_rsa) and log in without a password.
Keep the program running in the background
The following commands are executed on the server
nohup
Make the program run in the background like nohup node index.js &Nohup has been executing orders &# Look at the task node
ps
# Terminate if necessary
kill 21455
Copy the codetmux
Tmux is more capable of executing complex programs, tMUx can also manage multiple Windows, window splicing, copy and paste, etc., it is more convenient for MAC users to use TMUx, new session TMUx-CC, tMUx-CC attach when recovery
Install TMUX on the server
sudo apt-get install tmux
# Run tMUx and enter the session. Anything running at this point will not be killed by exiting SSH
tmux
CTRL + B then press D
# restore session
# tmux attach
The # tmux command must run on the server
Copy the codeThe above content comes from SSH secret free login server and the use of SCP
Rsync-based deployment
Refer to the usage of rsync
Difference between SCP and RSYNC
The SCP command
1. SCP stands for Secure Copy, which is used for remote file replication.
2. The parameters:
-r: recursively copies the entire directory.Copy the code3. Example:
scp /home/space/music/1.mp3 username@ip/home/root/others/music
scp /home/space/music/1.mp3 username@ip/home/root/others/music/001.mp3
Copy the codeIf the directory is a remote replication directory, add the -r parameter. (To rename the directory, add it to the command directly. Ensure that the target address does not have the directory.)
scp -r /home/space/music/ username@ip:/home/root/others/music_new
Copy the codeCopy the local music directory to others on another server and rename it music_new
rsync
1. Rsync is short for Remote sync. It is used to back up data images in Linux and copy files between remote servers. 2. The parameters:
-a, --archive Archive mode, which transfers files recursively and keeps all file attributes, is equal to -rlptGod. -v, --verbose Verbose mode output. -z, --compress Compresses backup files during transmission. -p, --partial preserves files that have not been fully transferred for some reason to speed up subsequent re-transfers.Copy the code3. Example:
rsync -avp mylog /home/
Copy the codeSCP is the equivalent of copying, pasting and, if anything, overwriting, which is time-consuming and not smart.
Rsync is copying, if there are duplicate files, will directly skip, and its own algorithm optimization.
SCP is used to copy all files to the past, or all files to the past after modification. Rsync first synchronizes all files to the past, and only the modified files to the past after modification.
Automatic deployment of the front end based on SCP or RSync
1. Add a deployment script file based on SCP, such as deploy.sh
Dist is the directory where the files to be uploaded are located
echoCompress the deployment package! tar -zcvf dist.tar.gz dist//home/savoygu/gusaifei is the directory where the uploaded files are stored
echoSCP -r dist. Tar. gz Account @server IP address: indicates the server upload path# login to the server (password required, not required if private key has been configured)
The server environment is enabledSSH account @server IP-tt << EOFEnter the target directory
cdServer Upload Path# decompression
sudo tar -zxvf dist.tar.gz --strip-components 1
# Remove online compressed files
sudo rm -rf
exit
EOF
End of server environment
echoUpload complete!# Remove the local zip file
echoDelete the local zip! rm -rf dist.tar.gzCopy the codeThe same goes for rsync
2. Use scripts at the front end
"scripts": {
"deploy": "cross-env NODE_ENV=production umi build && ./deploy.sh"
}
Copy the codeContinuous integration can be implemented in combination with gitlabCI and Travis CI, see
- Continuous Integration Services gitlabCI tutorial
- Continuous Integration Services Travis CI tutorial
Error handling
1. Permission issues
.ssh directory, and /home/current user requires 700 permissions, SSH sudo chmod 700 /. SSH sudo chmod 700 /home/authorized_keys file in the. SSH directory requires 600 or 644 permission. Modify sudo chmod 600 ~/.ssh/authorized_keysCopy the code2, StrictModes problems
Sudo vi /etc/ssh/sshd_config#StrictModes yesTo StrictModes noCopy the code