Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSH tips & tricks
Search
Nobutoshi Ogata
March 26, 2012
Technology
0
79
SSH tips & tricks
Nobutoshi Ogata
March 26, 2012
Tweet
Share
More Decks by Nobutoshi Ogata
See All by Nobutoshi Ogata
Datadogセミナー 2025/3/13 Datadog On-Callの活用事例のご紹介
nobu666
0
320
サーバサイドの技術スタック・アーキテクチャ総ざらい - SmartNews Tech Night in Fukuoka Vol.1
nobu666
1
17k
SmartNews x PLAID - Cost cut and AWS Enterprise Support
nobu666
0
260
Why Slack?
nobu666
0
300
A Complete Work of SmartNews's SRE
nobu666
2
3.1k
SRE at SmartNews
nobu666
0
8k
SmartNews の最近の取り組みについて
nobu666
4
3.5k
Introducing in-hourse PaaS
nobu666
1
300
Monitoring of SmartNews
nobu666
0
170
Other Decks in Technology
See All in Technology
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
sh_fk2
3
280
プラットフォーム転換期におけるGitHub Copilot活用〜Coding agentがそれを加速するか〜 / Leveraging GitHub Copilot During Platform Transition Periods
aeonpeople
1
240
dbt開発 with Claude Codeのためのガードレール設計
10xinc
2
1.3k
Wantedlyの開発組織における生成AIの浸透プロジェクトについて
kotominaga
2
110
測りにくい成果を測る — BtoB SaaSにおける効果検証への挑戦 / Shirokane Kougyou vol 20
sansan_randd
1
110
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
3
200
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
500
機械学習を扱うプラットフォーム開発と運用事例
lycorptech_jp
PRO
0
670
AWSで始める実践Dagster入門
kitagawaz
1
750
エンジニアリングマネージャーの成長の道筋とキャリア / Developers Summit 2025 KANSAI
daiksy
3
1.2k
これでもう迷わない!Jetpack Composeの書き方実践ガイド
zozotech
PRO
0
1.1k
20250905_MeetUp_Ito-san_s_presentation.pdf
magicpod
1
100
Featured
See All Featured
Optimizing for Happiness
mojombo
379
70k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.1k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
Embracing the Ebb and Flow
colly
87
4.8k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
YesSQL, Process and Tooling at Scale
rocio
173
14k
KATA
mclloyd
32
14k
Transcript
SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata
• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠
None
͡Ί·ͯ͠ͷਓ ͡Ί·ͯ͠
ͦ͏Ͱͳ͍ਓ ʢଟʣ ͝ແࠫଡͯ͠·͢
લճ
None
zshͱԾ ϚωʔδϟͰ շదλʔϛφϧੜ׆
screen, tmux, zsh ͋ͨΓͷΛ ͖ͤͯ͞·ͨ͠
վΊͯࣗݾհ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.
։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
ຊSSHͷ Λத৺ʹ ͍͖ͯ͠·͢
ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢
ଟΑʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे ೩͑ͨͣͳͷͰɺ ΦϨͷ*_history ՐΛਧ͖·ͤΜ
͋ͱωλࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢
SSH ͨͩͷ better telnetͰͳ͍
SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ
͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshdtcp/22ͰLISTEN
ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2ͳΒ
↑͜ͷ ॻ͖ํͰզຫͰ͖ͦ͏ • ϢʔβʔΛ͍͚͍ͨ • 伴Λ͍͚͍ͨ
.ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host
moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
Τεέʔϓ͕ͩΔ͍ • RemoteͰsedgrep͢Δͱ͖ʹΫΥʔτ ͕ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”
ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add
• ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ
ssh-agent͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞτͯ͠ ssh-agentϓϩηε͕Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill
͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔΛॻ͍ͯɺ ͬͨϓϩηεΛ͍·Θ͢
ssh-agent͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do
export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
ଟஈSSH (1) • ͱ͋ΔήʔτΣΠΛ௨Βͳ͍ͱ σʔληϯλʔͷϚγϯೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ
͍͚ͳ͍ɺͩΔ͍
ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'
USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯؔͳ͍Ͱ͢
ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host
host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ
.ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰͲ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑ sudo -u USER ssh REMOTEͩͬͨ߹ ͪΐͬͱةݥͰ͢
Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLANͷ αʔϏεΛɺsshܦ༝ͰແཧΓτϯω
ϧ͢Δ͜ͱ͕Մೳ
Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •
gatewayܦ༝Ͱhost:80͕127.0.0.1:80సૹ ͞ΕΔ • name base virtual hostͷ߹ /etc/hosts Λదʹॻ͖͑Δ • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥβͰΞΫηε
Port Forwarding (3) • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ͏ $ ssh -Nf -L13306:HOST:3306
GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔సૹՄೳ
Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L
10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync
--partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •
192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff
/path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
Remote Command with screen $ ssh HOST screen -d -m
/heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep
-ri err /var/log” ※ http://freecode.com/projects/pssh
zsh+tmuxͰsshͨ͠Β ৽Οϯυ # ~/.zshrc if [ $TERM = screen ];
then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨αʔόʔଆʹsshd͕ࢁ͕͋Γ·͢ •
↑͜ΕΛΔͱ1ͭͷsshd͕ෳͷsshͷ໘ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t
UTF-8 -p EUC-JP ssh HOST • cygwin൛͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
͔ࣾΒ֎PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ͏ OUTER$ sudo stone localhost:22 443 INNER$
stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •
~/.ssh/id_rsa • ssh -vvv • sshd -d
SSH͕͋Ε ͳΜͰͰ͖Δ!!
·ͩ·ͩհ͖͠Ε ͳ͍΄Ͳػೳ͕๛ Γͳ͍͋ͳͨ Let’s “man ssh_config”
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠