Merge pull request #5230 from GHLandy/master

[Translated] 20170202 How to Configure Custom SSH Connections to Simplify Remote Access.md
2025-02-03 23:40:14 +08:00 · 2017-03-07 05:09:03 +08:00 · 2017-03-07 05:09:03 +08:00 · e91ad277b5
commit e91ad277b5
parent a06690a3a5 381e7d7e72
2 changed files with 172 additions and 168 deletions
--- a/sources/tech/20170202
+++ b/sources/tech/20170202
@ -1,168 +0,0 @@
-GHLandy Translating
-
-How to Configure Custom SSH Connections to Simplify Remote Access
-============================================================
-
-SSH (SSH client) is a program for remotely accessing a machine, it enables a user to [execute commands on a remote host][2]. It is one of the most recommended method for logging in to a remote host, since it is designed to provide secure encrypted communications between two untrusted hosts over an insecure network.
-
-SSH uses both a system-wide as well as a user-specific (custom) configuration file. In this tutorial, we will explain how to create a custom ssh configuration file and use certain options to connect to remote hosts.
-
-#### Requirements:
-
-1.  You must have installed [OpenSSH client on your Linux desktop][1].
-2.  Understand the common options used for remote connections via ssh.
-
-#### SSH Client Config Files
-
-Below are the locations of the ssh client configuration files:
-
-1.  `/etc/ssh/ssh_config` – this is the default, system-wide configuration file. It contains settings that apply to all users of ssh client machine.
-2.  `~/.ssh/config` or `$HOME/.ssh/config` – is the user-specific/custom configuration file. It has configurations that apply to a specific user. It therefore overrides default settings in the system-wide config file. This is the file we will create and use.
-
-By default, users are authenticated in ssh using passwords, however, you can setup [ssh passwordless login using ssh keygen][3] in 5 simple steps.
-
-Note: In case the directory `~/.ssh` does not exist on your desktop system, create it with the following permissions.
-
-```
-$ mkdir -p ~/.ssh
-$ chmod 0700 ~/.ssh   
-```
-
-The chmod command above implies that only the user can have read, write and execute permissions on the directory as required by ssh settings.
-
-### How To Create User Specific SSH Configuration File
-
-This file is usually not created by default, so you need to create it with the read/write permissions for only the user.
-
-```
-$ touch ~/.ssh/config
-$ chmod 0700 ~/.ssh/config
-```
-
-The above file contains sections defined by hosts specifications, and a section is only applied to hosts that match one of the patterns set in the specification.
-
-The conventional format of `~/.ssh/config` is as follows, and all empty lines as well as lines starting with `‘#’` are considered as comments:
-
-```
-Host    host1
-ssh_option1=value1
-ssh_option2=value1 value2
-ssh_option3=value1 
-Host    host2
-ssh_option1=value1
-ssh_option2=value1 value2
-Host  *
-ssh_option1=value1
-ssh_option2=value1 value2
-```
-
-From the format above:
-
-1.  Host host1 – is a header definition for host1, this is where a host specification starts and it ends with the next header definition, Host host2 making a section.
-2.  host1, host2 are simply host aliases to use on the command line, they are not the actual hostnames of the remote hosts.
-3.  The configuration options such as ssh_option1=value1, ssh_option2=value1 value2 apply to a matched host and should be indented for well organized formatting.
-4.  For an option such as ssh_option2=value1 value2, the value value1 is considered first, then value2.
-5.  The header definition Host * (where `*` is a pattern – wildcard that matches zero or more characters) will match zero or more hosts.
-
-Still considering the format above, this is how ssh reads the config file. If you execute a ssh command to remotely access host1 like so:
-
-```
-$ ssh host1
-```
-
-The above ssh command will does the following things:
-
-1.  match the host alias host1 in the config file and applies the options set under the definition header, Host host1.
-2.  then moves to the next host section, Host host2 and finds that the name provided on the command line doesn’t match, so no options are used from here.
-3.  It proceeds to the last section, Host *, which matches all hosts. Here, it applies all the options in this section to the host connection. But it can not override any values of options that where already used in the previous section(s).
-4.  The same applies to host2.
-
-### How To Use User Specific SSH Configuration File
-
-Once you have understood how the ssh client config file works, you can create it as follows. Remember to use options and values (host aliases, port numbers, usernames and so on) applicable to your server environment.
-
-Open the config file with your favorite editor:
-
-```
-$ vi ~/.ssh/config
-```
-
-And define the necessary sections:
-
-```
-Host fedora25
-HostName 192.168.56.15
-Port 22
-ForwardX11 no
-Host centos7
-HostName 192.168.56.10
-Port 22
-ForwardX11 no
-Host ubuntu
-HostName 192.168.56.5
-Port 2222
-ForwardX11 yes
-Host *
-User tecmint
-IdentityFile ~/.ssh/id_rsa
-Protocol 2
-Compression yes
-ServerAliveInterval 60
-ServerAliveCountMax 20
-LogLevel INFO
-```
-
-A detailed explanation of the above ssh configuration options.
-
-1.  HostName – defines the real host name to log into, alternatively, you can use a numeric IP addresses, it is also permitted (both on the command line and in HostName specifications).
-2.  User – specifies the user to log in as.
-3.  Port – sets the port number to connect on the remote host, the default is 22. Use the port number configured in the remote host’s sshd config file.
-4.  Protocol – this option defines the protocol versions ssh should support in order of preference. The usual values are ‘1’ and ‘2’, multiple versions must be comma-separated.
-5.  IdentityFile – specifies a file from which the user’s DSA, Ed25519, RSA or ECDSA authentication identity is read.
-6.  ForwardX11 – defines whether X11 connections will be automatically redirected over the secure channel and DISPLAY set. It has two possible values “yes” or “no”.
-7.  Compression – it’s used to set compression during the remote connection with the “yes” value. The default is “no”.
-8.  ServerAliveInterval – sets a timeout interval in seconds after which if no response (or data) has been received from the server, ssh will send a message through the encrypted channel to request a response from the server. The default value is 0, meaning no messages will be sent to the server, or 300 if the BatchMode option has been defined.
-9.  ServerAliveCountMax – sets the number of server alive messages which may be sent without ssh receiving any response from the server.
-10.  LogLevel – defines the verbosity level that is used when logging messages from ssh. The allowed values includes: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3\. And the default is INFO.
-
-The standard way of connecting to any remote Linux host (CentOS 7 – in my case), defined in section two of the config file above, we would normally type the command below:
-
-```
-$ ssh -i ~/.ssh/id_rsa -p 22 tecmint@192.168.56.10
-```
-
-However, with the use of the ssh client configuration file, we can simply type the following command:
-
-```
-$ ssh centos7 
-```
-
-You can find more options and usage examples in the ssh client config man page:
-
-```
-$man ssh_config
-```
-
-That’s it for now, in this guide, we explained you how to use a user-specific (custom) ssh client config file in Linux. Use the feedback form below to write back to us concerning this article.
-
--------------------------------------------------------------------------------
-
-译者简介：
-
-Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.
-
--------------------------------------------------------------------------------
-
-via: http://www.tecmint.com/configure-custom-ssh-connection-in-linux/
-
-作者：[Aaron Kili][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://www.tecmint.com/author/aaronkili/
-
-[1]:http://www.tecmint.com/install-openssh-server-in-linux/
-[2]:http://www.tecmint.com/execute-commands-on-multiple-linux-servers-using-pssh/
-[3]:http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/
--- a/translated/tech/20170202
+++ b/translated/tech/20170202
@ -0,0 +1,172 @@
+如何配合自定义的 SSH 来简化远程访问
+===================
+
+SSH (SSH 客户端) 是一个用于访问远程主机的程序，它使得用户能够 [在远程主机上执行命令][2]。这是在登录远程主机中的最受推崇的方法之一，因为其设计目的就是为两台不可信任主机通过不安全网络环境的通信提供安全加密。
+
+SSH 使用系统全局以及用户指定 (用户自定义) 的配置文件。在本文中，我们将介绍如何创建一个自定义的 ssh 配置文件，并且通过确切的选项来链接到远程主机。
+
+#### 先决条件：
+
+1. 你必须 [在你的桌面 Linux 上安装好 OpenSSH 客户端][1]。
+2. 理解通过 ssh 进行远程连接的常用选项
+
+#### SSH 客户端配置文件
+
+以下为 ssh 客户端配置文件：
+
+1. `/etc/ssh/ssh_config` 为默认的配置文件，属于系统全局配置文件，包含应用到所有用户的 ssh 客户端的设置。
+2. `~/.ssh/config` 或者 `$HOME/.ssh/config` 为用户指定/自定义配置文件，这个文件中的配置只对至指定的用户有效，因此，它是会覆盖掉默认的系统全局配置文件中的设置的。这也是我们要创建和使用的文件。
+
+默认情况下，用户是是通过在 ssh 中输入密码来获取验证的，你可以以一个简单的步骤来 [使用 Keygen 来设置 ssh 无密码登录][3]。
+
+注：如果你的系统上不存在 `~/.ssh`，那就手动创建它，并设置如下权限：
+
+```
+$ mkdir -p ~/.ssh
+$ chmod 0700 ~/.ssh   
+```
+
+以上的 chmod 命令表明，只有目录属主对该目录有读取、写入和执行权限，这也是 ssh 所要求的设置。
+
+### 如何创建用户指定的 SSH 配置文件
+
+该文件并不会被默认创建的，所以你需要使用具有读取/写入权限的用来来创建它。
+
+```
+$ touch ~/.ssh/config
+$ chmod 0700 ~/.ssh/config
+```
+
+上述文件包含由特定主机定义的各个部分，并且每个部分只应用到主机定义中相匹配的部分。
+
+`~/.ssh/config` 文件的常见格式如下，其中所有的空行和以 `‘#’` 开头的行为注释：
+
+```
+Host  host1
+ssh_option1=value1
+ssh_option2=value1 value2
+ssh_option3=value1
+Host  host2
+ssh_option1=value1
+ssh_option2=value1 value2
+Host  *
+ssh_option1=value1
+ssh_option2=value1 value2
+```
+
+如上格式详解：
+
+1. Host host1 为关于 host1 定义的头部，主机定义就从此处开始，直到下一个定义头部 Host host2 出现，这样形成一个完整的定义。
+2. host1 和 host2 是再命令行中使用的主机别名，并非实际的远程主机名。
+3. 其中，如 ssh_option1=value1、ssh_option2=value1 value2 等配置选项将应用到相匹配和想要以一定格式组织的主机。
+4. 对于 ssh_option2=value1 value2 这样的选项，ssh 执行时会按照顺序优先使用 value1 的值。
+5. Host * (其中 `*` 为匹配模式/通配符，匹配零个或多个字符) 定义头部会匹配零个或者多个主机。
+
+仍旧以上述的格式为例，ssh 也是也这样的形式类读取配置文件的。如果你执行 shh 命令来访问远程主机 host1，如下：
+
+```
+$ ssh host1
+```
+
+以上 ssh 命令会进行一下动作：
+
+1. 匹配配置文件中主机别名 host1，并使用定义头部中的各个设置项。
+2. 继续匹配下一个 host 定义，通过查找命令行中的名称发现不匹配，所有接下来的各个设置项会被略过。
+3. 最后执行到最后一个 host 定义，这会匹配所有的主机。这里，会将接下来的所有设置选项应用到所有的主机连接中。但是它不会覆写之前已经有 host 定义的那些选项。
+4. ssh host2 与此类似。
+
+### 如何使用用户指定的 shh 配置文件
+
+在你理解了 ssh 客户端配置文件的工作方式之后，你可以通过如下方式来创建它。记得使用你的服务器环境中对应的选项、值 (主机别名、端口号、用户名等)。
+
+通过你最喜欢的编辑器来打开配置文件：
+
+```
+$ vi ~/.ssh/config
+```
+
+并定于必要的部分：
+
+```
+Host fedora25
+HostName 192.168.56.15
+Port 22
+ForwardX11 no
+Host centos7
+HostName 192.168.56.10
+Port 22
+ForwardX11 no
+Host ubuntu
+HostName 192.168.56.5
+Port 2222
+ForwardX11 yes
+Host *
+User tecmint
+IdentityFile ~/.ssh/id_rsa
+Protocol 2
+Compression yes
+ServerAliveInterval 60
+ServerAliveCountMax 20
+LogLevel INFO
+```
+
+以上 ssh 配置文件的详细解释：
+
+1. HostName - 定义真正要登录的主机名，此外，你也可以使用数字 IP 地址，不管是在命令行或是 HostName 定义中都运行使用其中任一种。
+2. User – 指定以哪一个用户来登录。
+3. Port – 设置连接远程主机的端口，默认是 22 端口。但必须是远程主机的 sshd 配置文件中定义的端口号。
+4. Protocol – 这个选项定义了优先使用 ssh 支持的协议版本。常用的值为 ‘1’ 和 ‘2’，同时使用两个协议版本则必须使用都厚隔开。
+5. IdentityFile – 指定读取用户 DSA、Ed25519、ECDSA 等授权验证信息的文件。
+6. ForwardX11 – 定义 X11 链接是否自动重定向到安全通道和 DISPLAY 设置。这两个可以设置的值，即 “yes” 或 “no”。
+7. Compression – 默认值为 “no”，如果设置为 “yes”，则在连接远程主机过程中使用压缩进程传输。
+8. ServerAliveInterval – 设置当不在收到服务器响应 (或者数据) 时的过期时间，单位为秒，ssh 会通过加密信道向发送信息，请求服务器响应。默认值为 0，这意味着 ssh 不会向服务器发送响应请求，如果 Batch 选项有定义，则默认是 300s。
+9. ServerAliveCountMax – 设置服务器活动信息的数值，以便在 ssh 在没有收到服务器响应的情况下发送信息。
+10. LogLevel – 定义 ssh 登录信息的的日志冗余级别。允许的值为：QUIET、 FATAL、ERROR、INFO、VERBOSE、DEBUG、DEBUG1、DEBUG2 和 DEBUG3，默认为 INFO。
+
+以上，连接任意远程主机的标准方法， 我连接的是 CentOS 7，即定义的第二部分，我们可以简单的输入如下命令：
+
+```
+$ ssh -i ~/.ssh/id_rsa -p 22 tecmint@192.168.56.10
+```
+
+然而，使用了 ssh 客户端配置文件之后，我们还可以这样：
+
+```
+$ ssh centos7
+```
+
+你也可以在 man 帮助页面寻找更多的设置选项和使用实例：
+
+```
+$man ssh_config
+```
+
+至此，文毕。我们在文中想你介绍了在 Linux 中如何如何使用用户指定 (自定义) 的 ssh 客户端配置文件。通过下方的反馈表单来写一些与本文的相关的想法吧。
+
+------------------------------------------------
+
+作者简介：
+
+Aaron Kili 是一名 Linux 和 F.O.S.S 忠实拥护者、高级 Linux 系统管理员、Web 开发者，目前在 TecMint 是一名活跃的博主，热衷于计算机并有着强烈的只是分享意愿。
+
+-------------------------------------------------
+
+译者简介：
+
+[GHLandy](http://GHLandy.com) —— 生活中所有欢乐与苦闷都应藏在心中，有些事儿注定无人知晓，自己也无从说起。
+
+-------------------------------------------------
+
+via: http://www.tecmint.com/configure-custom-ssh-connection-in-linux/
+
+作者：[Aaron Kili][a]
+译者：[GHLandy](https://github.com/GHLandy)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.tecmint.com/author/aaronkili/
+
+[1]:http://www.tecmint.com/install-openssh-server-in-linux/
+[2]:http://www.tecmint.com/execute-commands-on-multiple-linux-servers-using-pssh/
+[3]:http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/