SSH tips & tricks

Transcript

1. 1.

   SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata

2. 2.

   • Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β਎௕͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠

3. 3.

   None
4. 4.

   ͸͡Ί·ͯ͠ͷਓ͸ ͸͡Ί·ͯ͠

5. 5.

   ͦ͏Ͱͳ͍ਓ͸ ʢଟ෼ʣ ͝ແࠫଡͯ͠·͢

6. 6.

   લճ

7. 7.

   None
8. 8.

   zshͱԾ૝୺຤ ϚωʔδϟͰ շదλʔϛφϧੜ׆

9. 9.

   screen, tmux, zsh ͋ͨΓͷ࿩Λ ͤͯ͞௖͖·ͨ͠

10. 10.

    վΊͯࣗݾ঺հ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.

    ։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
11. 11.

    ຊ೔͸SSHͷ ࿩Λத৺ʹ ͍͖ͯ͠·͢

12. 12.

    ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢

13. 13.

    ଟ෼Αʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे෼ ೩͑ͨ͸ͣͳͷͰɺ ΦϨͷ*_history͸ ՐΛਧ͖·ͤΜ

14. 14.

    ͋ͱωλ͸ࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢

15. 15.

    SSH͸ ͨͩͷ better telnetͰ͸ͳ͍

16. 16.

    SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ

17. 17.

    ͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshd͸tcp/22ͰLISTEN

18. 18.

    ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2୆ͳΒ

    ↑͜ͷ ॻ͖ํͰ΋զຫͰ͖ͦ͏ • ϢʔβʔΛ࢖͍෼͚͍ͨ • 伴Λ࢖͍෼͚͍ͨ
19. 19.

    .ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host

    moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
20. 20.

    Τεέʔϓ͕ͩΔ͍ • RemoteͰsed΍grep͢Δͱ͖ʹΫΥʔτ ͕୔ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”

21. 21.

    ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add

    • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ
22. 22.

    ssh-agent࢖͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞ΢τͯ͠΋ ssh-agentϓϩηε͕࢒Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill

    ͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔ਺Λॻ͍ͯɺ ࢒ͬͨϓϩηεΛ࢖͍·Θ͢
23. 23.

    ssh-agent࢖͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do

    export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
24. 24.

    ଟஈSSH (1) • ͱ͋Δήʔτ΢ΣΠΛ௨Βͳ͍ͱ σʔληϯλʔ಺ͷϚγϯ΁ೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΢ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ

    ͍͚ͳ͍ɺͩΔ͍
25. 25.

    ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'

    USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯ͸ؔ܎ͳ͍Ͱ͢
26. 26.

    ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host

    host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔΍ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
27. 27.

    ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ

    .ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰ΋Ͳ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑͹ sudo -u USER ssh REMOTEͩͬͨ৔߹ ͪΐͬͱةݥͰ͢
28. 28.

    Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ௚઀͸ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLAN಺ͷ αʔϏεΛɺsshܦ༝Ͱແཧ΍Γτϯω

    ϧ͢Δ͜ͱ͕Մೳ
29. 29.

    Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •

    gatewayܦ༝Ͱhost:80͕127.0.0.1:80΁సૹ ͞ΕΔ • name base virtual hostͷ৔߹͸ /etc/hosts Λద౰ʹॻ͖׵͑Δ • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥ΢βͰΞΫηε
30. 30.

    Port Forwarding (3) • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ࢖͏ $ ssh -Nf -L13306:HOST:3306

    GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔΋సૹՄೳ
31. 31.

    Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L

    10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
32. 32.

    Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync

    --partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ͸ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
33. 33.

    ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •

    192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ૝୺຤͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
34. 34.

    Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff

    /path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
35. 35.

    Remote Command with screen $ ssh HOST screen -d -m

    /heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
36. 36.

    ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep

    -ri err /var/log” ※ http://freecode.com/projects/pssh
37. 37.

    zsh+tmuxͰsshͨ͠Β ৽΢Οϯυ΢ # ~/.zshrc if [ $TERM = screen ];

    then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
38. 38.

    sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨͸αʔόʔଆʹsshd͕୔ࢁ͕͋Γ·͢ •

    ↑͜ΕΛ΍Δͱ1ͭͷsshd͕ෳ਺ͷsshͷ໘౗ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
39. 39.

    αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t

    UTF-8 -p EUC-JP ssh HOST • cygwin൛΋͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱ઀ଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
40. 40.

    ࣾ಺͔Β֎΁͸PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ࢖͏ OUTER$ sudo stone localhost:22 443 INNER$

    stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
41. 41.

    ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •

    ~/.ssh/id_rsa • ssh -vvv • sshd -d
42. 42.

    SSH͕͋Ε͹ ͳΜͰ΋Ͱ͖Δ!!

43. 43.

    ·ͩ·ͩ঺հ͖͠Ε ͳ͍΄Ͳػೳ͕๛෋ ෺଍Γͳ͍͋ͳͨ͸ Let’s “man ssh_config”

44. 44.

    ͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠