linux远程执行命令
如何在远程 Linux 机器上执行命令/脚本? 比如说,我想从框 a 在框 b 上执行 service tomcat start
。
How do I execute command/script on a remote Linux box?
Say, I want to do service tomcat start
on box b from box a.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
或者你可以
or you can just
如果您不想处理安全问题并希望在短期内使其尽可能暴露(又名“方便”),并且|或者所有主机上都没有 ssh/telnet 或密钥生成,您可以与 netcat 一起编写一个单行代码。通过网络向目标计算机的端口写入命令,它将运行它。然后,您可以阻止一些“受信任”用户对该端口的访问,或者将其包装在仅允许某些命令运行的脚本中。并使用低权限用户。
在服务器上
mkfifo /tmp/netfifo; nc -lk 4201 0/tmp/netfifo
这一行代码读取您发送到该端口的任何字符串,并将其通过管道传送到 bash 中执行。标准错误stdout 被转储回 netfifo 并通过 nc 发送回连接主机。
在客户端上
远程运行命令:
回显“ls”|数控主机4201
If you don't want to deal with security and want to make it as exposed (aka "convenient") as possible for short term, and|or don't have ssh/telnet or key generation on all your hosts, you can can hack a one-liner together with netcat. Write a command to your target computer's port over the network and it will run it. Then you can block access to that port to a few "trusted" users or wrap it in a script that only allows certain commands to run. And use a low privilege user.
on the server
mkfifo /tmp/netfifo; nc -lk 4201 0</tmp/netfifo | bash -e &>/tmp/netfifo
This one liner reads whatever string you send into that port and pipes it into bash to be executed. stderr & stdout are dumped back into netfifo and sent back to the connecting host via nc.
on the client
To run a command remotely:
echo "ls" | nc HOST 4201
我猜 ssh 是最好的安全方式,例如:
必须根据您的特定需求部署选项(例如,仅绑定到 ipv4),并且您的远程命令可以启动您的Tomcat 守护进程。
注意:
如果您不想在每次 ssh 运行时出现提示,请同时查看 ssh-agent,如果您的系统允许,还可以选择查看
keychain
。关键是...了解 ssh 密钥交换过程。请仔细查看ssh_config(即ssh客户端配置文件)和sshd_config(即ssh服务器配置文件)。配置文件名取决于您的系统,无论如何您都会在/etc/sshd_config
等位置找到它们。理想情况下,请不要以 root 身份运行 ssh,而是以服务器和客户端上的特定用户身份运行。源项目主页上的一些额外文档:
ssh 和 ssh-agent
man ssh
http://www.snailbook.com/index.html
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
钥匙扣
http://www.gentoo.org/doc/en/keychain-guide.xml
法语的旧教程(我自己:-),但也可能有用:
http://hornetbzz.developpez.com/tutoriels/debian/ssh/keychain/
I guess
ssh
is the best secured way for this, for example :where the OPTIONS have to be deployed according to your specific needs (for example, binding to ipv4 only) and your remote command could be starting your tomcat daemon.
Note:
If you do not want to be prompt at every ssh run, please also have a look to ssh-agent, and optionally to
keychain
if your system allows it. Key is... to understand the ssh keys exchange process. Please take a careful look to ssh_config (i.e. the ssh client config file) and sshd_config (i.e. the ssh server config file). Configuration filenames depend on your system, anyway you'll find them somewhere like/etc/sshd_config
. Ideally, pls do not run ssh as root obviously but as a specific user on both sides, servers and client.Some extra docs over the source project main pages :
ssh and ssh-agent
man ssh
http://www.snailbook.com/index.html
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
keychain
http://www.gentoo.org/doc/en/keychain-guide.xml
an older tuto in French (by myself :-) but might be useful too :
http://hornetbzz.developpez.com/tutoriels/debian/ssh/keychain/