通过已建立的 ssh 连接复制文件

通过已建立的 ssh 连接复制文件
  1. 如果我已经建立了从系统源到系统目标的 ssh 连接,我可以在 ssh 连接内将文件从系统源复制到系统目标吗?还是我需要建立一个从系统源到系统目标的单独 scp 连接?另外,由于我通过 ssh 连接到系统目标,我是否有办法列出系统源上的文件?

  2. 当我执行 scp 命令(例如 user@system-destination:/folder/file.txt)时,参数以明文形式显示。在 ssh 握手完成后,有没有办法传递文件夹信息?

答案1

  1. 如果我已经建立了从系统源到系统目标的 ssh 连接,我是否可以在该 ssh 连接内将文件从系统源复制到系统目标

是的,man ssh_configControlMaster一下ControlPath

 ControlMaster
         Enables the sharing of multiple sessions over a single network connection.  When set to “yes”, ssh(1) will listen
         for connections on a control socket specified using the ControlPath argument.  Additional sessions can connect to
         this socket using the same ControlPath with ControlMaster set to “no” (the default).  These sessions will try to
         reuse the master instance's network connection rather than initiating new ones, but will fall back to connecting
         normally if the control socket does not exist, or is not listening.

         Setting this to “ask” will cause ssh to listen for control connections, but require confirmation using the
         SSH_ASKPASS program before they are accepted (see ssh-add(1) for details).  If the ControlPath cannot be opened,
         ssh will continue without connecting to a master instance.

         X11 and ssh-agent(1) forwarding is supported over these multiplexed connections, however the display and agent
         forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays
         or agents.

         Two additional options allow for opportunistic multiplexing: try to use a master connection but fall back to cre‐
         ating a new one if one does not already exist.  These options are: “auto” and “autoask”.  The latter requires
         confirmation like the “ask” option.

 ControlPath
         Specify the path to the control socket used for connection sharing as described in the ControlMaster section
         above or the string “none” to disable connection sharing.  In the path, ‘%L’ will be substituted by the first
         component of the local host name, ‘%l’ will be substituted by the local host name (including any domain name),
         ‘%h’ will be substituted by the target host name, ‘%n’ will be substituted by the original target host name spec‐
         ified on the command line, ‘%p’ the port, ‘%r’ by the remote login username, and ‘%u’ by the username of the user
         running ssh(1).  It is recommended that any ControlPath used for opportunistic connection sharing include at
         least %h, %p, and %r.  This ensures that shared connections are uniquely identified.

将以下 2 行添加到~/.ssh/config

ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r

然后退出所有现有的 SSH 连接,并建立与服务器的新连接。现在在第二个窗口中,会话scp将通过第一个窗口进行隧道传输。

另外,由于我通过 ssh 连接到系统目标,有没有办法列出系统源上的文件?

远程端口转发正是您正在寻找的。

man ssh

 -R [bind_address:]port:host:hostport
         Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the
         local side.  This works by allocating a socket to listen to port on the remote side, and whenever a connection is
         made to this port, the connection is forwarded over the secure channel, and a connection is made to host port
         hostport from the local machine.

         Port forwardings can also be specified in the configuration file.  Privileged ports can be forwarded only when
         logging in as root on the remote machine.  IPv6 addresses can be specified by enclosing the address in square
         braces.

         By default, the listening socket on the server will be bound to the loopback interface only.  This may be over‐
         ridden by specifying a bind_address.  An empty bind_address, or the address ‘*’, indicates that the remote socket
         should listen on all interfaces.  Specifying a remote bind_address will only succeed if the server's GatewayPorts
         option is enabled (see sshd_config(5)).

         If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the
         client at run time.  When used together with -O forward the allocated port will be printed to the standard out‐
         put.

在服务器上,从 ssh 命令行输入以下命令创建远程端口转发:

  • ~C Enter
  • -R 2302:localhost:22 Enter

你会看到类似这样的内容:

[user@server ~] $ 
ssh> -R 2302:localhost:22       
Forwarding port.

然后您可以通过运行以下命令列出客户端上的文件:

ssh localhost -p 2302 "ls"

答案2

ssh_config 手册揭示了:

控制大师 允许通过单个网络连接共享多个会话。设置为“yes”时,ssh(1) 将监听使用 ControlPath 参数指定的控制套接字上的连接。其他会话可以使用相同的 ControlPath 连接到此套接字,并将 ControlMaster 设置为“no”(默认值)。这些会话将尝试重用主实例的网络连接,而不是启动新的网络连接,但如果控制套接字不存在或未监听,则会恢复正常连接。

相关内容