LinuxCommand

  • Troubleshooting ssh
listening on 0.0.0.0 port 10222.
  • EXPECT spawn ssh ProxyCmd
exp_cmd="set timeout 10 
spawn ssh $login@$target_ip -p 22 -o \"ProxyCommand=ssh -p 22  root@$jump_ip -W %h:%p\";
expect \"password\"
"
expect -c "$exp_cmd" > $conf_log
  • ssh ProxyCommand
    ProxyCommand ssh ssh_jump_host "nc %h %p"
─ One layer of encryption
═ Two layers of encryption
┏━━━━━━━━━━━━━━┓          ┏━━━━━━━━━━━━━┓          ┏━━━━━━━━━━━━━━━━━┓         
┃  SSH client  ┃══════════┃  Jump host  ┃──────────┃  Target server  ┃
┗━━━━━━━━━━━━━━┛          ┗━━━━━━━━━━━━━┛          ┗━━━━━━━━━━━━━━━━━┛



ssh [email protected] -p 22 -o ProxyCommand='ssh -p 22 [email protected] -W %h:%p'
  • SCP ProxyCmd
    ssh_rsa file,no password input

scp -o ProxyCommand="ssh $jump_host nc $host 22" $local_path host:$destination_path


scp  -o ProxyCommand="ssh -i /root/.ssh/ssh_rsa [email protected] -W %h:%p" /tmp/file [email protected]:root/file
  • decrypt pwd
echo "74gwRasdClz9kjvw" | openssl enc -d -base64 -aes-256-ctr -nopad  \ 
      -nosalt -k "$(sha256sum "/root/.pki/cert.seed" |  \
      cut -d' ' -f1 | tr -d "\r\n")"

 openssl enc -e    "encrypt pwd"
  • retrieve of CA certificate SHA1 fingerprint
keytool -printcert -file ca_cert.cer |  \
    egrep SHA1 | cut -d ':' -f 2-
  • retrieve CA certificate Issuer
keytool -printcert -file ca_cert.cer | egrep Issuer \
    | cut -d ',' -f 2
  • console print pfx certificate info
openssl pkcs12 -in $radius_ecc_pfx.pfx -clcerts -out  ecc_radius_cert.pem  -nokey
  • calculate ipv6
res=“$(ipcalc -c -6 $ipv6_addr 2>/dev/null)"
  • check status of radius database:
mysql -uradius —password=“xx” -e “USE radius;”
  • initial radius database
mysql -uroot —password=‘xxx’ radius < radius_scripts_path/schema.sql 2>/dev/null
  • remote command
ssh -o TCPKeepAlive=yes -o ConnectTimeout=30 -o StrictHostKeyChecking=no \
     -i /root/.ssh/konw id_rsa 192.168.234.2 "vim-cmd vmsvc/power.on vmid”

你可能感兴趣的:(LinuxCommand)