Files
smy-skills/linux-ssh-operator-skill/SKILL.md
2026-06-12 17:48:53 +08:00

4.3 KiB
Raw Blame History

name, description
name description
linux-ssh-operator-skill 通过 SSH 连接并操作 Linux 服务器:执行远程命令、查看日志、管理 systemd 服务、传输文件scp/rsync、配置 SSH 别名、安装公钥启用免密登录、排障。用户提到 ssh/scp/rsync、远程服务器 IP:端口、配置 ssh 别名、ssh-copy-id、免密登录、systemctl/journalctl、部署到服务器、在服务器上运行命令、远程拷贝文件 等场景时使用。

Linux SSH Operator

Overview

Use SSH to connect to Linux servers and perform safe, repeatable remote operations (commands, logs, services, file transfer, alias bootstrap, passwordless login).

Workflow

  1. Confirm authorization and the target (host, port, user).
  2. Prefer SSH keys (recommended) for non-interactive runs; avoid storing passwords in files or chat logs.
  3. Start with read-only checks, then apply changes, then verify.
  4. If a password prompt or interactive tool is required, run the SSH command in a real terminal/TTY (or enable TTY in your runner).

Quick Start

Generate a key (ed25519):

ssh-keygen -t ed25519 -C "codex" -f ~/.ssh/id_ed25519

Install the public key on the server (example uses port 22):

ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 22 USER@SERVER_IP

Optional: create an alias in ~/.ssh/config:

Host my-server
  HostName SERVER_IP
  Port 22
  User USER
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes

Then connect:

ssh my-server

Bootstrap alias + passwordless login

When the user provides an alias, host/IP, and password and wants ssh alias to work immediately:

  1. Write or update the alias with the helper script:
~/.claude/skills/linux-ssh-operator-skill/scripts/ssh_alias_setup.sh my-server 192.168.1.10 --user root --install-key
  1. If ssh-copy-id prompts for a password, run in a TTY and enter the password once.
  2. Verify passwordless login:
ssh -o BatchMode=yes my-server 'echo SSH_OK; id -un 2>/dev/null || echo root'
  1. Remind the user that scp and rsync can reuse the same alias:
scp ./file.txt my-server:/root/
rsync -av ./dir/ my-server:/root/dir/

Notes:

  • scripts/ssh_alias_setup.sh auto-generates ~/.ssh/id_ed25519 if it does not exist.
  • It updates ~/.ssh/config idempotently and defaults to root, port 22, and StrictHostKeyChecking=accept-new.
  • For tests, set SSH_CONFIG_FILE=/path/to/temp-config.

Run remote commands

  • Direct:
ssh my-server uname -a
  • With sudo (often needs a TTY):
ssh -tt my-server sudo systemctl status nginx --no-pager
  • Via wrapper script (consistent options; supports env defaults like REMOTE_USER, REMOTE_PORT, REMOTE_KEY):
    • If you installed this Skill globally in ~/.claude/skills/, use the absolute paths below (recommended so both Claude Code + OpenCode can find it).
~/.claude/skills/linux-ssh-operator-skill/scripts/ssh_run.sh my-server -- uname -a
~/.claude/skills/linux-ssh-operator-skill/scripts/ssh_run.sh --tty --sudo my-server -- systemctl restart nginx

Transfer files

Upload:

~/.claude/skills/linux-ssh-operator-skill/scripts/ssh_copy.sh push my-server ./local.txt /tmp/local.txt

Download:

~/.claude/skills/linux-ssh-operator-skill/scripts/ssh_copy.sh pull my-server /var/log/syslog ./syslog

Common Ops (snippets)

  • Disk: df -h, du -sh /path/* | sort -h
  • Memory/CPU: free -h, top, ps aux --sort=-%mem | head
  • Logs: journalctl -u SERVICE -n 200 --no-pager, tail -n 200 -f /path/log
  • Services: systemctl status|restart|stop SERVICE
  • Networking: ss -lntp, ip a, ip r, curl -v http://127.0.0.1:PORT/

Safety

  • Never store or paste passwords in repo files or chat logs.
  • Avoid StrictHostKeyChecking=no; prefer verifying host keys (or use accept-new only when appropriate).
  • For destructive commands (rm, shutdown, firewall changes), ask for explicit user confirmation and show the exact command first.

References

  • SSH security + troubleshooting: references/ssh-playbook.md

Scripts

  • scripts/ssh_alias_setup.sh: create/update SSH aliases and optionally run ssh-copy-id.
  • scripts/ssh_run.sh: run remote commands with consistent options.
  • scripts/ssh_copy.sh: push/pull files via scp with consistent options.