SSH 技能大全：远程连接、文件传输、端口转发与安全配置完整指南

ssh by dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations

305 周安装量

61 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations --skill ssh

开发运维命令行工具安全

🇨🇳中文介绍

SSH 技能

使用 SSH 进行安全的远程访问、文件传输和隧道连接。

基本连接

连接到服务器：

ssh user@hostname

在特定端口上连接：

ssh -p 2222 user@hostname

使用特定身份文件连接：

ssh -i ~/.ssh/my_key user@hostname

SSH 配置

配置文件位置：

~/.ssh/config

配置条目示例：

Host myserver
    HostName 192.168.1.100
    User deploy
    Port 22
    IdentityFile ~/.ssh/myserver_key
    ForwardAgent yes

然后只需使用以下命令连接：

ssh myserver

运行远程命令

执行单条命令：

ssh user@host "ls -la /var/log"

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

使用 SCP 传输文件

复制文件到远程主机：

scp local.txt user@host:/remote/path/

从远程主机复制文件：

scp user@host:/remote/file.txt ./local/

递归复制目录：

scp -r ./local_dir user@host:/remote/path/

使用 rsync 传输文件（推荐）

同步目录到远程主机：

rsync -avz ./local/ user@host:/remote/path/

从远程主机同步：

rsync -avz user@host:/remote/path/ ./local/

显示进度并启用压缩：

rsync -avzP ./local/ user@host:/remote/path/

先进行试运行：

rsync -avzn ./local/ user@host:/remote/path/

端口转发（隧道）

本地转发（在本地访问远程服务）：

ssh -L 8080:localhost:80 user@host
# 现在 localhost:8080 连接到主机的 80 端口

本地转发到另一台主机：

ssh -L 5432:db-server:5432 user@jumphost
# 通过 localhost:5432 访问 db-server:5432

远程转发（将本地服务暴露给远程主机）：

ssh -R 9000:localhost:3000 user@host
# 远程主机的 9000 端口连接到您本地的 3000 端口

动态 SOCKS 代理：

ssh -D 1080 user@host
# 使用 localhost:1080 作为 SOCKS5 代理

跳板机 / 堡垒机

通过跳板机连接：

ssh -J jumphost user@internal-server

ssh -J jump1,jump2 user@internal-server

在配置文件中：

Host internal
    HostName 10.0.0.50
    User deploy
    ProxyJump bastion

生成新密钥（Ed25519，推荐）：

ssh-keygen -t ed25519 -C "your_email@example.com"

生成 RSA 密钥（旧版兼容性）：

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

复制公钥到服务器：

ssh-copy-id user@host

复制特定密钥：

ssh-copy-id -i ~/.ssh/mykey.pub user@host

eval "$(ssh-agent -s)"

添加密钥到代理：

ssh-add ~/.ssh/id_ed25519

使用 macOS 钥匙串添加：

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

列出已加载的密钥：

多路复用（连接共享）

在 ~/.ssh/config 中：

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

创建套接字目录：

mkdir -p ~/.ssh/sockets

移除旧的主机密钥：

ssh-keygen -R hostname

扫描并添加主机密钥：

ssh-keyscan hostname >> ~/.ssh/known_hosts

最大详细程度：

ssh -vvv user@host

使用 Ed25519 密钥（比 RSA 更快、更安全）
在服务器上设置 PasswordAuthentication no
在服务器上使用 fail2ban 来阻止暴力破解
使用密码短语加密密钥
使用 ssh-agent 避免重复输入密码短语
在 authorized_keys 中使用 command= 限制密钥用途

🇺🇸English

SSH Skill

Use SSH for secure remote access, file transfers, and tunneling.

Basic Connection

Connect to server:

ssh user@hostname

Connect on specific port:

ssh -p 2222 user@hostname

Connect with specific identity:

ssh -i ~/.ssh/my_key user@hostname

SSH Config

Config file location:

~/.ssh/config

Example config entry:

Host myserver
    HostName 192.168.1.100
    User deploy
    Port 22
    IdentityFile ~/.ssh/myserver_key
    ForwardAgent yes

Then connect with just:

ssh myserver

Running Remote Commands

Execute single command:

ssh user@host "ls -la /var/log"

Execute multiple commands:

ssh user@host "cd /app && git pull && pm2 restart all"

Run with pseudo-terminal (for interactive):

ssh -t user@host "htop"

File Transfer with SCP

Copy file to remote:

scp local.txt user@host:/remote/path/

Copy file from remote:

scp user@host:/remote/file.txt ./local/

Copy directory recursively:

scp -r ./local_dir user@host:/remote/path/

File Transfer with rsync (preferred)

Sync directory to remote:

rsync -avz ./local/ user@host:/remote/path/

Sync from remote:

rsync -avz user@host:/remote/path/ ./local/

With progress and compression:

rsync -avzP ./local/ user@host:/remote/path/

Dry run first:

rsync -avzn ./local/ user@host:/remote/path/

Port Forwarding (Tunnels)

Local forward (access remote service locally):

ssh -L 8080:localhost:80 user@host
# Now localhost:8080 connects to host's port 80

Local forward to another host:

ssh -L 5432:db-server:5432 user@jumphost
# Access db-server:5432 via localhost:5432

Remote forward (expose local service to remote):

ssh -R 9000:localhost:3000 user@host
# Remote's port 9000 connects to your local 3000

Dynamic SOCKS proxy:

ssh -D 1080 user@host
# Use localhost:1080 as SOCKS5 proxy

Jump Hosts / Bastion

Connect through jump host:

ssh -J jumphost user@internal-server

Multiple jumps:

ssh -J jump1,jump2 user@internal-server

In config file:

Host internal
    HostName 10.0.0.50
    User deploy
    ProxyJump bastion

Key Management

Generate new key (Ed25519, recommended):

ssh-keygen -t ed25519 -C "your_email@example.com"

Generate RSA key (legacy compatibility):

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Copy public key to server:

ssh-copy-id user@host

Copy specific key:

ssh-copy-id -i ~/.ssh/mykey.pub user@host

SSH Agent

Start agent:

eval "$(ssh-agent -s)"

Add key to agent:

ssh-add ~/.ssh/id_ed25519

Add with macOS keychain:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

List loaded keys:

ssh-add -l

Multiplexing (Connection Sharing)

In ~/.ssh/config:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

Create socket directory:

mkdir -p ~/.ssh/sockets

Known Hosts

Remove old host key:

ssh-keygen -R hostname

Scan and add host key:

ssh-keyscan hostname >> ~/.ssh/known_hosts

Debugging

Verbose output:

ssh -v user@host

Very verbose:

ssh -vv user@host

Maximum verbosity:

ssh -vvv user@host

Security Tips

Use Ed25519 keys (faster, more secure than RSA)
Set PasswordAuthentication no on servers
Use fail2ban on servers to block brute force
Keep keys encrypted with passphrases
Use ssh-agent to avoid typing passphrase repeatedly
Restrict key usage with command= in authorized_keys

Weekly Installs

305

Repository

dicklesworthsto…grations

GitHub Stars

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode268

gemini-cli256

codex252

github-copilot239

cursor229

amp226