1 / 41

奇巧淫技

奇巧淫技. USTC LUG 每周小聚 - 2013.03.30. SSH 篇. 加速登录第一招 : 使用 key. ssh-keygen ssh -copy-id $user@$host. 加速登录第二招 : ControlMaster. cat <<EOF >>$HOME/. ssh / config Host * ControlMaster auto ControlPath / tmp / ssh_mux_%h_%p_%r ControlPersist 1h EOF. 其他有用的选项. ServerAliveInterval 30

keena
Download Presentation

奇巧淫技

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 奇巧淫技 USTC LUG 每周小聚 - 2013.03.30

  2. SSH 篇

  3. 加速登录第一招:使用key • ssh-keygen • ssh-copy-id $user@$host

  4. 加速登录第二招:ControlMaster • cat <<EOF >>$HOME/.ssh/config • Host * • ControlMasterauto • ControlPath /tmp/ssh_mux_%h_%p_%r • ControlPersist1h • EOF

  5. 其他有用的选项 • ServerAliveInterval 30 • StrictHostKeyChecking no (不推荐) • IdentityFile ~/.ssh/id_rsa.bla • ProxyCommandbla

  6. ssh_config样例 • cat ~/.ssh/config • Host github.com • User git • IdentityFile ~/.ssh/keys/id_rsa.github • ControlMaster no • Host node-* • User myname • HostName %h.lab.ustc.edu.cn • IdentityFile ~/.ssh/keys/id_rsa • ProxyCommandnc -x proxy.lab.ustc.edu.cn:1234 %h %p • Host * • ControlMaster auto • ControlPath /tmp/ssh_mux_%h_%p_%r • ControlPersist 1h • ServerAliveInterval 30

  7. manssh_config

  8. 端口转发:-D [bind_address:]port • ssh-CfND 1080 user@example.com • socks代理: localhost:1080

  9. 端口转发:-L [bind_address:]port:host:hostport • ssh-CfNL 8080:ifconfig.me:80 \ • user@example.com • curl -I http://localhost:8080/ \ • -H “Host: ifconfig.me”

  10. 进阶:使用key限制可以运行的命令 • cat ~/.ssh/authorized_keys • no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/ftpsync &" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWAYdfifALGPhZUInaqDEgUqM2JQRtf0Eb9TbEHU+3ii1kQvO1mrk+qDUsEPv/d9YA8PWRUXtXyzlB60d/sTrLKI0UBi6ZSH5y7uxEdReXLHysIpT65VCmfHqe72XEYrLeufnkCECrQ8zk+VvhqFPezIqFXHLRY2P0u0Xwkx7Fl2e2tEd9KcHqn1FY5gP92CWta8Ym/+E9g5cn7wDDdJSRaWCHFhxMdOfMMkUwgst4ZpHbO/JgENOA3kZ+mI4Otw5zeqEYdz+/ZD6h0Y/5lAzqEg/Nz/QTBi5KuLRc2slRkkMb3HjJ3pnnmMIcwUNnvV7v0VzgcLcJaCN2YPAW3Wr3 mirror@ftp.cn.debian.org

  11. 自由发挥

  12. 练习 假设某authorized_keys中指定了command=“your-script.sh”,然后远程执行命令: $ ssh $host your-script.sh arg1 arg2 … 在your-script.sh中,如何获取arg1, arg2, …这些参数?

  13. manssh

  14. nc篇

  15. 判断某端口是否打开: nc -z host port • nc -zvmirrors.ustc.edu.cn 80

  16. 扫描端口 • nc -zvmirrors.ustc.edu.cn 21-80

  17. ssh代理自动重连脚本 while true; do while read lportrhost; do if ! nc -z localhost $lport; then echo "proxy on $lport lost, reconnecting..." ssh -CfND $lport $rhost fi done < proxy-list.txt sleep 1 done

  18. 传输文件 @server $ nc -l 1234 > file.gz @client $ nc $server 1234 < file.gz more: tar cf - filelist… | nc $server 1234 nc $server 1234 < /dev/zero …

  19. 自由发挥

  20. mannc

  21. pv篇

  22. 测试内存读写速度 • pv /dev/zero > /dev/null • 27GB 0:00:02 [13.5GB/s] [ <=> ]

  23. 测试网络速度 @s $ nc -l 1234 > /dev/null @c $ pv /dev/zero | nc $server 1234 74.5MB 0:00:02 [37.5MB/s] [ <=> ]

  24. 更复杂一些的例子 $ tar -cf - /usr/ | pv -cNtar \ | bzip2 -c | pv -cN bzip2 \ > /dev/null tar: 43MB 0:00:06 [6.19MB/s] [ <=> ] bzip2: 24MB 0:00:06 [5.45MB/s] [ <=> ]

  25. 显示处理日志的速度 • pvaccess.log|awk'/kali/{i+=1}END{print i}’ • 90.8MB 0:00:05 [18.7MB/s] [=====> ]

  26. 自由发挥

  27. manpv

  28. 简单网络问题诊断

  29. ping, traceroute

  30. ping + traceroute mtr $ mtr -nrc 20 202.38.64.59 HOST: pcg-mac Loss% Snt Last Avg Best Wrst StDev 1.|-- 10.0.0.1 0.0% 20 1.2 2.8 1.2 11.4 2.6 2.|-- 202.38.75.254 35.0% 20 4.3 5.3 1.5 33.1 8.5 3.|-- 202.38.96.188 65.0% 20 1.4 2.1 1.4 3.6 0.7 4.|-- 202.38.64.59 50.0% 20 3.2 3.8 1.4 16.6 4.6

  31. tcpping?, tcptraceroute # tcptraceroute 122.11.35.108 80 Selected device eth0, address 10.132.153.217, port 23240 for outgoing packets Tracing the path to 122.11.35.108 on TCP port 80 (www), 30 hops max 1 10.143.126.129 6.661 ms 0.551 ms 0.502 ms 2 100.65.72.145 0.698 ms 0.580 ms 2.486 ms 3 100.65.81.194 0.617 ms 3.271 ms 0.515 ms 4 100.67.80.1 0.213 ms 0.285 ms 0.217 ms 5 100.64.28.3 0.496 ms 1.901 ms 0.474 ms 6 175.41.192.215 0.430 ms 0.305 ms 0.508 ms 7 27.0.0.210 11.036 ms 29.086 ms 10.686 ms 8 27.0.0.196 11.278 ms 11.253 ms 11.355 ms 9 113.157.231.13 11.861 ms 12.947 ms 17.938 ms 10 118.155.199.25 11.365 ms 11.298 ms 11.533 ms 11 203.181.99.61 26.027 ms 25.931 ms 25.972 ms 12 106.187.6.170 25.893 ms 25.969 ms 25.780 ms 13 118.155.194.110 81.174 ms 81.197 ms 81.085 ms 14 219.158.96.209 78.541 ms 78.399 ms 78.323 ms 15 219.158.11.25 76.163 ms GFW设备? 122.11.35.108 [open] -8.127 ms 219.158.11.25 76.075 ms

  32. tcpping? + tcptraceroute tcpmtr?

  33. wget, lftp

  34. wget整站下载 $ alias getsite='wget -r -k -p -np’ $ getsitehttp://tldp.org/LDP/abs/html/

  35. lftp整站下载 $ lftphttp://tldp.org/LDP/abs/html/ lftptldp.org:/LDP/abs/html> mirror . abs

  36. lftp整站下载 $ lftphttp://tldp.org/LDP/abs/html/ lftptldp.org:/LDP/abs/html> mirror . abs 当然,这样获取abs更好: $ sudo apt-get install abs-guide $ browser file:///usr/share/doc/abs-guide/html/

  37. Bash小技巧

  38. 快捷键 • ctrl-a, ctrl-e, alt-b, alt-f • ctrl-u, ctrl-w, ctrl-k • ctrl-r • alt-.

  39. 操作技巧 • 命令敲到一半,想先做一下其他事情 •  ^a,#,^j 注释之

  40. 其他有用的工具

  41. supervise, svscan

More Related