1. Главная
  2. Книги
  3. Tyler Chris
  4. Fedora Linux
  5. Страница 70
Выбрать главу

[21771]

$ mc &

[21783]

$

The shell will display the PID of the background process, then immediately present a new prompt, permitting you to enter additional commands before the background command has finished executing.

You can display background processes using the jobs command:

$ jobs

[1]- Running xboard &

[2]+ Stopped . /usr/share/mc/bin/mc-wrapper.sh

Any program that attempts to communicate through the character interface, such as Midnight Commander ( mc ) in this example, will be stopped. Programs that communicate through the graphical user interface, such as xboard , are free to do so while running in the background.

To put a stopped command in the foreground so that you can interact with it, use the fg command:

$ fg 2

The argument is the job number as reported by the jobs command. You can stop the current foreground process by pressing Ctrl-Z.

To run a stopped process in the background, use the bg command:

$ fg 1

xboard

...User presses Ctrl-Z...

[1]+ Stopped xboard

$ jobs

[1]+ Stopped xboard

[2]- Stopped . /usr/share/mc/bin/mc-wrapper.sh

$ bg 1

[1]+ xboard &

$

You can use a percent sign and a job number instead of a PID when killing processes:

$ kill %1

$

[3]- Exit 15 xboard

4.9.4. Where Can I Learn More?

 Descriptions of each signaclass="underline" the manpage for signal(7)

 The manpages for bash (for job control, including jobs , fg , bg , and the version of kill that is built into bash ), top , ps , and kill

4.10. Remote Management Using SSH

It's often useful to be able to log in to a machine remotely to perform some management operation. To enable secure remote access, Fedora provides the Secure Shell (SSH).

4.10.1. How Do I Do That?

SSH consists of two components: ssh (the client) and sshd (the server). The server is configured automatically when Fedora is installed.

To connect to a Fedora system from another Fedora system (or another Linux system), run the ssh client, providing the remote username and hostname (or IP address) as a single argument ( user @ host ). For example, to log in to a host with the IP address 10.0.0.1 using the user ID jon :

$ ssh jon@10.0.0.1

The authenticity of host '10.0.0.1 (10.0.0.1)' can't be established.

RSA key fingerprint is 1d:dd:20:72:b1:0c:28:90:9a:ff:43:69:03:12:71:02.

Are you sure you want to continue connecting (yes/no)?

yes

Warning: Permanently added '10.0.0.1' (RSA) to the list of known hosts.

jon@10.0.0.1's password:

AnotherSecret

Last login: Tue Oct 25 23:13:40 2005 from london-office

$

The question about the authenticity of the remote host will be asked only the first time you connect. The fingerprint value displayed can be used to verify the identify of the remote host and ensure that you're not being conned by a computer located between you and the computer you're trying to connect to; if you're really paranoid, you can check this value, but for most normal applications this isn't necessary. The fingerprint is cached, though, so if it changes in the future you will be warned. It's necessary to type in yes to confirm that you want to continue connecting; y won't suffice.

Once you are connected to the remote machine, you can use the shell as you normally would.

4.10.1.1. Reducing the use of passwords

It's possible to configure ssh to enable you to connect from your account on one machine to your account on another machine using public-key cryptography instead of a password. Unfortunately, this means that if your account on one machine is compromised, your account on the other machine will be compromised, too; to prevent this, you can use a passphrase , a master password that you enter once per session that permits you to connect multiple times to remote systems without entering a password each time.

To set this up, enter these commands on the client machine (i.e., the machine from which you will be connecting to the remote host):

$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/chris/.ssh/id_dsa):

Enter

Enter passphrase (empty for no passphrase):

BigSecret

Enter same passphrase again:

BigSecret

Your identification has been saved in /home/chris/.ssh/id_dsa.

Your public key has been saved in /home/chris/.ssh/id_dsa.pub.

The key fingerprint is:

3a:f7:e8:88:59:fb:56:f7:0f:55:6b:fe:f6:ec:e2:2c chris@super

$ ssh jon@remoteMachine "cat > ~/.ssh/authorized_keys" <~/.ssh/id_dsa.pub

jon@remoteMachine's password:

AnotherSecret  

The entire SSH security model revolves around the fact that the private key is private. If you permit access to your private key, the security is completely compromised.

This generates a public key and installs it on the remote system. If you will be connecting to multiple host systems, distribute your key to all of the systems by repeating the previous ssh command for each host.

Once the public key is installed on the remote host, you can use the ssh-add command to enter your passphrase:

$ ssh-add

Enter passphrase for /home/jon/.ssh/id_dsa:

BigSecret

Identity added: /home/jon/.ssh/id_dsa (/home/jon/.ssh/id_dsa)  

~ 70 ~