1、适用命令及方案如下:
【远程连接及执行命令】
ssh -p22 root@192.168.1.253
ssh -p22 root@192.168.1.253 /sbin/ifconfig
【远程拷贝:推送及拉取】
scp -P22 -r -p /etc root@192.168.1.253:/tmp/
scp -P22 -r -p root@192.168.1.253:/tmp/ /etc
【安全的FTP功能】
sftp -oPort=22 root@192.168.1.253
【无密码验证方案】
例如利用sshkey批量分发文件,执行部署操作。
2、连接慢的主要原因是DNS解析导致
解决方法:
最为常见的原因是因为server的sshd会去DNS查找访问client IP的hostname,如果DNS不可用或者没有相关记录,就会耗费大量时间。
1、在server上/etc/hosts文件中把你本机的IP和hostname加入
2、在ssh服务端上更改/etc/ssh/sshd_config文件中的配置为如下内容:
|
1
2
3
|
UseDNS no
# GSSAPI options
GSSAPIAuthentication no
|
GSSAPIAuthentication参数是用于Kerberos验证的,而对于绝大多数人来说,不可能使用这种验证机制的,所以要注意把他们停掉。
然后,执行/etc/init.d/sshd restart重启sshd进程使上述配置生效,在连接一般就不慢了。
3、如果还慢的话,检查ssh服务端上/etc/hosts文件中,127.0.0.1对应的主机名是否和
uname -n的结果一样,或者把本机ip和hostname(uname -n结果)加入到/etc/hosts里。
3、利用ssh-v的调试功能查找慢的原因
其实可以用下面的命令调试为什么慢的细节(学习这个思路很重要)。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
[root@localhost ~]
# ssh -v root@192.168.2.15
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options
for
*
debug1: Connecting to 192.168.2.15 [192.168.2.15] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0
/0
debug1: identity
file
/root/
.
ssh
/identity
type
-1
debug1: identity
file
/root/
.
ssh
/id_rsa
type
-1
debug1: identity
file
/root/
.
ssh
/id_dsa
type
-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode
for
protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host
'192.168.2.15 (192.168.2.15)'
can't be established.
RSA key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
=======>这里就是提示保存密钥的交互提示。
Warning: Permanently added
'192.168.2.15'
(RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can
continue
: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key:
/root/
.
ssh
/identity
debug1: Trying private key:
/root/
.
ssh
/id_rsa
debug1: Trying private key:
/root/
.
ssh
/id_dsa
debug1: Next authentication method: password
root@192.168.2.15's password:
=======>这里就是提示输入密码的交互提示。
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending
env
LANG = en_US.UTF-8
Last login: Tue Sep 24 10:30:02 2013 from 192.168.2.13
在远程连接时如果慢就可以确定卡在哪了。
[root@localhost ~]
# ssh -v oldboy@192.168.2.18
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options
for
*
debug1: Connecting to 192.168.2.18 [192.168.2.18] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0
/0
debug1: identity
file
/root/
.
ssh
/identity
type
-1
debug1: identity
file
/root/
.
ssh
/id_rsa
type
-1
debug1: identity
file
/root/
.
ssh
/id_dsa
type
2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode
for
protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host
'192.168.2.18'
is known and matches the RSA host key.
debug1: Found key
in
/root/
.
ssh
/known_hosts
:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can
continue
: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
|
上述配置没配就发现卡到gssapi这。就大概知道是gssapi的问题。
实际上在linux系统优化部分就应该优化SSH服务的此处。
本文转自ling118 51CTO博客,原文链接:http://blog.51cto.com/meiling/1622468如需转载请自行联系原作者
