远程终端
remote-terminal
by ckaorceu
Remote Linux terminal control skill. Use when the user wants to (1) connect to a remote Linux server and execute commands, (2) perform SSH operations on remote hosts, (3) manage multiple remote servers, (4) run shell commands on remote machines. Triggers on phrases like "connect to server", "SSH to", "run on remote", "execute on production", "login to my server", "在服务器上执行", "远程连接", "SSH到".
安装
claude skill add --url github.com/openclaw/skills/tree/main/skills/ckaorceu/remote-terminal文档
Remote Terminal
Execute commands on remote Linux servers through SSH, Telnet, or web terminals. Supports password authentication, SSH keys, and SSH config aliases.
Quick Start
Basic SSH Connection
ssh user@hostname "command"
Using SSH Config Aliases
If the user has ~/.ssh/config configured:
ssh <alias> "command"
With Password (using sshpass)
sshpass -p 'password' ssh user@hostname "command"
Connection Methods
1. SSH (Recommended)
Key-based authentication (most secure):
ssh -i ~/.ssh/id_rsa user@hostname "command"
Using SSH config aliases:
# Example ~/.ssh/config
Host production
HostName 192.168.1.100
User admin
Port 22
IdentityFile ~/.ssh/id_rsa
# Usage
ssh production "docker ps"
Password authentication:
sshpass -p 'password' ssh -o StrictHostKeyChecking=no user@hostname "command"
2. Telnet
# Using expect for interactive telnet
expect -c '
spawn telnet hostname
expect "login:"
send "username\r"
expect "Password:"
send "password\r"
expect "$ "
send "command\r"
expect "$ "
send "exit\r"
'
3. Web Terminal (ttyd, wetty)
For web-based terminals, use curl or HTTP requests to the terminal's API:
# Example: ttyd WebSocket connection (requires wscat or similar)
wscat -c ws://hostname:7681/ws
Security Features
Command Confirmation
Before executing dangerous commands, ask the user to confirm:
Dangerous command patterns:
rm -rf,rm -r,del,eraseshutdown,reboot,poweroff,haltmkfs,fdisk,parted,ddchmod 777,chown -R> /dev/,truncatekill -9,pkill,killalliptables,ufw,firewall-cmdDROP DATABASE,DELETE FROM,TRUNCATE
Confirmation format:
⚠️ Dangerous command detected:
rm -rf /var/log/*This will permanently delete files. Proceed? (yes/no)
Command Blacklist
These commands are blocked by default and require explicit user override:
rm -rf /(entire filesystem)mkfson mounted drivesddto primary disk- Any command piping to
/dev/sdaor similar
Operation Logging
All remote commands are logged with timestamp, target host, and command:
[2026-03-21 15:30:45] [production] docker ps
[2026-03-21 15:31:02] [staging] systemctl restart nginx
Log location: ~/.qclaw/logs/remote-terminal.log
Workflow
Step 1: Identify Target Host
Parse the user's request to identify:
- Hostname, IP address, or SSH alias
- Username (if specified, otherwise use default or prompt)
- Connection method (SSH by default)
Example prompts:
- "Connect to production and run docker ps" → alias: production
- "SSH to 192.168.1.50, check disk space" → host: 192.168.1.50
- "On my server, restart nginx" → need to ask which server
Step 2: Build Connection Command
Construct the appropriate SSH command based on:
- Authentication method available
- Host configuration
- Whether it's interactive or one-shot
Step 3: Security Check
If command matches dangerous patterns:
- Warn the user
- Ask for explicit confirmation
- If confirmed, proceed; otherwise, cancel
Step 4: Execute and Return Output
Run the command and return:
- Standard output
- Standard error (if any)
- Exit code
- Execution time
Step 5: Log Operation
Record the operation in the log file for audit trail.
Common Operations
Check System Status
ssh host "uptime && free -h && df -h"
Docker Management
ssh host "docker ps -a"
ssh host "docker logs container_name"
ssh host "docker restart container_name"
Service Management
ssh host "systemctl status nginx"
ssh host "sudo systemctl restart nginx"
ssh host "journalctl -u nginx -f --no-pager -n 50"
File Operations
# View file
ssh host "cat /var/log/nginx/error.log | tail -50"
# Copy file to local
scp user@host:/remote/path /local/path
# Copy file to remote
scp /local/path user@host:/remote/path
Process Management
ssh host "ps aux | grep nginx"
ssh host "top -b -n 1 | head -20"
Interactive Sessions
For commands requiring interaction, use ssh -t for pseudo-terminal:
ssh -t host "sudo nano /etc/nginx/nginx.conf"
ssh -t host "htop"
Note: Interactive sessions require the -t flag to allocate a PTY.
Multiple Hosts
Parallel Execution
Execute the same command on multiple hosts:
for host in web1 web2 web3; do
echo "=== $host ==="
ssh $host "uptime"
done
Using Parallel SSH
For larger fleets:
# Using pssh (parallel-ssh)
pssh -h hosts.txt "uptime"
# hosts.txt format
# web1.example.com
# web2.example.com
# web3.example.com
Host Management
Store Host Information
Hosts can be stored in ~/.qclaw/workspace/memory/hosts.json:
{
"hosts": {
"production": {
"host": "192.168.1.100",
"user": "admin",
"method": "ssh-key",
"key": "~/.ssh/id_rsa",
"tags": ["web", "critical"]
},
"staging": {
"host": "staging.example.com",
"user": "deploy",
"method": "ssh-config",
"alias": "staging",
"tags": ["web", "testing"]
}
}
}
List Known Hosts
# From SSH config
grep "^Host " ~/.ssh/config | awk '{print $2}'
# From stored hosts.json
cat ~/.qclaw/workspace/memory/hosts.json
Troubleshooting
Connection Refused
# Check if host is reachable
ping hostname
# Check if SSH port is open
nc -zv hostname 22
# Try with verbose output
ssh -vvv user@hostname
Permission Denied
# Check key permissions
chmod 600 ~/.ssh/id_rsa
# Try with specific key
ssh -i ~/.ssh/id_rsa user@hostname
# Check if key is added to agent
ssh-add -l
ssh-add ~/.ssh/id_rsa
Host Key Verification Failed
# Remove old host key
ssh-keygen -R hostname
# Or temporarily disable check (not recommended for production)
ssh -o StrictHostKeyChecking=no user@hostname
Output Parsing
Structured Output
For commands returning JSON:
ssh host "docker inspect container --format '{{json .}}'" | jq .
Table Output
For commands like docker ps, ps aux:
# Return as-is for readable tables
ssh host "docker ps --format 'table {{.Names}}\t{{.Status}}'"
# Parse for structured data
ssh host "docker ps --format '{{json .}}'" | jq .
Resources
scripts/
ssh_exec.py- Python wrapper for SSH operations with logginghost_manager.py- Manage host configurationsparallel_exec.py- Execute commands on multiple hosts
references/
ssh_config_guide.md- SSH config file examples and patternssecurity_best_practices.md- Security guidelines for remote access
相关 Skills
可观测性设计
by alirezarezvani
面向生产系统规划可落地的可观测性体系,串起指标、日志、链路追踪与 SLI/SLO、错误预算、告警和仪表盘设计,适合搭建监控平台与优化故障响应。
✎ 把监控、日志、链路追踪串起来,帮助团队从设计阶段构建可观测性,排障更快、系统演进更稳。
资深开发运维
by alirezarezvani
覆盖 CI/CD 流水线生成、Terraform 基建脚手架和自动化部署,适合在 AWS、GCP、Azure 上搭建云原生发布流程,管理 Docker/Kubernetes 基础设施并持续优化交付。
✎ 把CI/CD、基础设施即代码、容器与监控串成一条交付链,尤其适合AWS/GCP/Azure多云团队高效落地。
环境密钥管理
by alirezarezvani
统一梳理dev/staging/prod的.env和密钥流程,自动生成.env.example、校验必填变量、扫描Git历史泄漏,并联动Vault、AWS SSM、1Password、Doppler完成轮换。
✎ 统一管理环境变量、密钥与配置,减少泄露和部署混乱,安全治理与团队协作一起做好,DevOps 场景很省心。
相关 MCP 服务
kubefwd
编辑精选by txn2
kubefwd 是让 AI 帮你批量转发 Kubernetes 服务到本地的开发神器。
✎ 微服务开发者最头疼的本地调试问题,它一键搞定——自动分配 IP 避免端口冲突,还能用自然语言查询状态。但依赖 AI 工作流,纯命令行爱好者可能觉得不够直接。
Cloudflare
编辑精选by Cloudflare
Cloudflare MCP Server 是让你用自然语言管理 Workers、KV 和 R2 等云资源的工具。
✎ 这个工具解决了开发者频繁切换控制台和文档的痛点,特别适合那些在 Cloudflare 上部署无服务器应用、需要快速调试或管理配置的团队。不过,由于它依赖多个子服务器,初次设置可能有点繁琐,建议先从 Workers Bindings 这类核心功能入手。
Terraform
编辑精选by hashicorp
Terraform MCP Server 是让 AI 助手直接操作 Terraform Registry 和 HCP Terraform 的桥梁。
✎ 如果你经常在 Terraform 里翻文档找模块配置,这个服务器能省不少时间——直接问 Claude 就能生成准确的代码片段。最适合管理多云基础设施的团队,但注意它目前只适合本地使用,别在生产环境里暴露 HTTP 端点。