Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSH tips & tricks
Search
Nobutoshi Ogata
March 26, 2012
Technology
0
77
SSH tips & tricks
Nobutoshi Ogata
March 26, 2012
Tweet
Share
More Decks by Nobutoshi Ogata
See All by Nobutoshi Ogata
Datadogセミナー 2025/3/13 Datadog On-Callの活用事例のご紹介
nobu666
0
300
サーバサイドの技術スタック・アーキテクチャ総ざらい - SmartNews Tech Night in Fukuoka Vol.1
nobu666
1
17k
SmartNews x PLAID - Cost cut and AWS Enterprise Support
nobu666
0
260
Why Slack?
nobu666
0
290
A Complete Work of SmartNews's SRE
nobu666
2
3.1k
SRE at SmartNews
nobu666
0
7.9k
SmartNews の最近の取り組みについて
nobu666
4
3.5k
Introducing in-hourse PaaS
nobu666
1
300
Monitoring of SmartNews
nobu666
0
170
Other Decks in Technology
See All in Technology
生成AIによるデータサイエンスの変革
taka_aki
0
3.1k
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
2
550
[kickflow]20250319_少人数チームでのAutify活用
otouhujej
0
170
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
9
2.6k
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
rrreeeyyy
0
120
生成AIによるソフトウェア開発の収束地点 - Hack Fes 2025
vaaaaanquish
34
16k
Jamf Connect ZTNAとMDMで実現! 金融ベンチャーにおける「デバイストラスト」実例と軌跡 / Kyash Device Trust
rela1470
1
210
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
29
14k
薬屋のひとりごとにみるトラブルシューティング
tomokusaba
0
390
datadog-distribution-of-opentelemetry-collector-intro
tetsuya28
0
120
事業特性から逆算したインフラ設計
upsider_tech
0
240
Amazon Q と『音楽』-ゲーム音楽もAmazonQで作成してみた感想-
senseofunity129
0
170
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
The Cult of Friendly URLs
andyhume
79
6.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
RailsConf 2023
tenderlove
30
1.2k
How to train your dragon (web standard)
notwaldorf
96
6.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Building Applications with DynamoDB
mza
96
6.6k
How to Ace a Technical Interview
jacobian
279
23k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
890
Transcript
SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata
• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠
None
͡Ί·ͯ͠ͷਓ ͡Ί·ͯ͠
ͦ͏Ͱͳ͍ਓ ʢଟʣ ͝ແࠫଡͯ͠·͢
લճ
None
zshͱԾ ϚωʔδϟͰ շదλʔϛφϧੜ׆
screen, tmux, zsh ͋ͨΓͷΛ ͖ͤͯ͞·ͨ͠
վΊͯࣗݾհ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.
։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
ຊSSHͷ Λத৺ʹ ͍͖ͯ͠·͢
ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢
ଟΑʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे ೩͑ͨͣͳͷͰɺ ΦϨͷ*_history ՐΛਧ͖·ͤΜ
͋ͱωλࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢
SSH ͨͩͷ better telnetͰͳ͍
SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ
͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshdtcp/22ͰLISTEN
ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2ͳΒ
↑͜ͷ ॻ͖ํͰզຫͰ͖ͦ͏ • ϢʔβʔΛ͍͚͍ͨ • 伴Λ͍͚͍ͨ
.ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host
moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
Τεέʔϓ͕ͩΔ͍ • RemoteͰsedgrep͢Δͱ͖ʹΫΥʔτ ͕ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”
ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add
• ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ
ssh-agent͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞτͯ͠ ssh-agentϓϩηε͕Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill
͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔΛॻ͍ͯɺ ͬͨϓϩηεΛ͍·Θ͢
ssh-agent͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do
export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
ଟஈSSH (1) • ͱ͋ΔήʔτΣΠΛ௨Βͳ͍ͱ σʔληϯλʔͷϚγϯೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ
͍͚ͳ͍ɺͩΔ͍
ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'
USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯؔͳ͍Ͱ͢
ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host
host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ
.ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰͲ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑ sudo -u USER ssh REMOTEͩͬͨ߹ ͪΐͬͱةݥͰ͢
Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLANͷ αʔϏεΛɺsshܦ༝ͰແཧΓτϯω
ϧ͢Δ͜ͱ͕Մೳ
Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •
gatewayܦ༝Ͱhost:80͕127.0.0.1:80సૹ ͞ΕΔ • name base virtual hostͷ߹ /etc/hosts Λదʹॻ͖͑Δ • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥβͰΞΫηε
Port Forwarding (3) • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ͏ $ ssh -Nf -L13306:HOST:3306
GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔సૹՄೳ
Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L
10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync
--partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •
192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff
/path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
Remote Command with screen $ ssh HOST screen -d -m
/heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep
-ri err /var/log” ※ http://freecode.com/projects/pssh
zsh+tmuxͰsshͨ͠Β ৽Οϯυ # ~/.zshrc if [ $TERM = screen ];
then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨αʔόʔଆʹsshd͕ࢁ͕͋Γ·͢ •
↑͜ΕΛΔͱ1ͭͷsshd͕ෳͷsshͷ໘ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t
UTF-8 -p EUC-JP ssh HOST • cygwin൛͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
͔ࣾΒ֎PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ͏ OUTER$ sudo stone localhost:22 443 INNER$
stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •
~/.ssh/id_rsa • ssh -vvv • sshd -d
SSH͕͋Ε ͳΜͰͰ͖Δ!!
·ͩ·ͩհ͖͠Ε ͳ͍΄Ͳػೳ͕๛ Γͳ͍͋ͳͨ Let’s “man ssh_config”
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠