如果我已经建立了从系统源到系统目标的 ssh 连接,我可以在 ssh 连接内将文件从系统源复制到系统目标吗?还是我需要建立一个从系统源到系统目标的单独 scp 连接?另外,由于我通过 ssh 连接到系统目标,我是否有办法列出系统源上的文件?
当我执行 scp 命令(例如 user@system-destination:/folder/file.txt)时,参数以明文形式显示。在 ssh 握手完成后,有没有办法传递文件夹信息?
答案1
- 如果我已经建立了从系统源到系统目标的 ssh 连接,我是否可以在该 ssh 连接内将文件从系统源复制到系统目标
是的,man ssh_config
看ControlMaster
一下ControlPath
:
ControlMaster
Enables the sharing of multiple sessions over a single network connection. When set to “yes”, ssh(1) will listen
for connections on a control socket specified using the ControlPath argument. Additional sessions can connect to
this socket using the same ControlPath with ControlMaster set to “no” (the default). These sessions will try to
reuse the master instance's network connection rather than initiating new ones, but will fall back to connecting
normally if the control socket does not exist, or is not listening.
Setting this to “ask” will cause ssh to listen for control connections, but require confirmation using the
SSH_ASKPASS program before they are accepted (see ssh-add(1) for details). If the ControlPath cannot be opened,
ssh will continue without connecting to a master instance.
X11 and ssh-agent(1) forwarding is supported over these multiplexed connections, however the display and agent
forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays
or agents.
Two additional options allow for opportunistic multiplexing: try to use a master connection but fall back to cre‐
ating a new one if one does not already exist. These options are: “auto” and “autoask”. The latter requires
confirmation like the “ask” option.
ControlPath
Specify the path to the control socket used for connection sharing as described in the ControlMaster section
above or the string “none” to disable connection sharing. In the path, ‘%L’ will be substituted by the first
component of the local host name, ‘%l’ will be substituted by the local host name (including any domain name),
‘%h’ will be substituted by the target host name, ‘%n’ will be substituted by the original target host name spec‐
ified on the command line, ‘%p’ the port, ‘%r’ by the remote login username, and ‘%u’ by the username of the user
running ssh(1). It is recommended that any ControlPath used for opportunistic connection sharing include at
least %h, %p, and %r. This ensures that shared connections are uniquely identified.
将以下 2 行添加到~/.ssh/config
:
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r
然后退出所有现有的 SSH 连接,并建立与服务器的新连接。现在在第二个窗口中,会话scp
将通过第一个窗口进行隧道传输。
另外,由于我通过 ssh 连接到系统目标,有没有办法列出系统源上的文件?
远程端口转发正是您正在寻找的。
man ssh
:
-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the
local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is
made to this port, the connection is forwarded over the secure channel, and a connection is made to host port
hostport from the local machine.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when
logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square
braces.
By default, the listening socket on the server will be bound to the loopback interface only. This may be over‐
ridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket
should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts
option is enabled (see sshd_config(5)).
If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the
client at run time. When used together with -O forward the allocated port will be printed to the standard out‐
put.
在服务器上,从 ssh 命令行输入以下命令创建远程端口转发:
~C
Enter-R 2302:localhost:22
Enter
你会看到类似这样的内容:
[user@server ~] $
ssh> -R 2302:localhost:22
Forwarding port.
然后您可以通过运行以下命令列出客户端上的文件:
ssh localhost -p 2302 "ls"
答案2
ssh_config 手册揭示了:
控制大师 允许通过单个网络连接共享多个会话。设置为“yes”时,ssh(1) 将监听使用 ControlPath 参数指定的控制套接字上的连接。其他会话可以使用相同的 ControlPath 连接到此套接字,并将 ControlMaster 设置为“no”(默认值)。这些会话将尝试重用主实例的网络连接,而不是启动新的网络连接,但如果控制套接字不存在或未监听,则会恢复正常连接。