Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSH tips & tricks
Search
Nobutoshi Ogata
March 26, 2012
Technology
0
62
SSH tips & tricks
Nobutoshi Ogata
March 26, 2012
Tweet
Share
More Decks by Nobutoshi Ogata
See All by Nobutoshi Ogata
サーバサイドの技術スタック・アーキテクチャ総ざらい - SmartNews Tech Night in Fukuoka Vol.1
nobu666
1
17k
SmartNews x PLAID - Cost cut and AWS Enterprise Support
nobu666
0
230
Why Slack?
nobu666
0
260
A Complete Work of SmartNews's SRE
nobu666
2
2.8k
SRE at SmartNews
nobu666
0
7.6k
SmartNews の最近の取り組みについて
nobu666
4
3.4k
Introducing in-hourse PaaS
nobu666
1
250
Monitoring of SmartNews
nobu666
0
130
The story becase happy with itamae
nobu666
0
99
Other Decks in Technology
See All in Technology
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
200
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
290k
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.7k
AWS re:Invent 2024 Kansai Standby
hiroramos4
PRO
0
110
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
170
一休.comレストランにおけるRustの活用
kymmt90
3
620
Gradle: The Build System That Loves To Hate You
aurimas
2
160
家具家電付アパートの冷蔵庫をIoT化してみた!
scbc1167
0
130
LINEヤフー株式会社における音声言語情報処理AI研究開発@SP/SLP研究会 2024.10.22
lycorptech_jp
PRO
2
190
話題のGraphRAG、その可能性と課題を理解する
hide212131
4
1.6k
「 SharePoint 難しい」ってよく聞くけど、そんなに言うなら8歳の息子に試してもらった
taichinakamura
2
730
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
200
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
31
1.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Why Our Code Smells
bkeepers
PRO
334
57k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
Done Done
chrislema
181
16k
We Have a Design System, Now What?
morganepeng
50
7.2k
Unsuck your backbone
ammeep
668
57k
Adopting Sorbet at Scale
ufuk
73
9k
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k
Being A Developer After 40
akosma
86
590k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Transcript
SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata
• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠
None
͡Ί·ͯ͠ͷਓ ͡Ί·ͯ͠
ͦ͏Ͱͳ͍ਓ ʢଟʣ ͝ແࠫଡͯ͠·͢
લճ
None
zshͱԾ ϚωʔδϟͰ շదλʔϛφϧੜ׆
screen, tmux, zsh ͋ͨΓͷΛ ͖ͤͯ͞·ͨ͠
վΊͯࣗݾհ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.
։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
ຊSSHͷ Λத৺ʹ ͍͖ͯ͠·͢
ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢
ଟΑʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे ೩͑ͨͣͳͷͰɺ ΦϨͷ*_history ՐΛਧ͖·ͤΜ
͋ͱωλࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢
SSH ͨͩͷ better telnetͰͳ͍
SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ
͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshdtcp/22ͰLISTEN
ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2ͳΒ
↑͜ͷ ॻ͖ํͰզຫͰ͖ͦ͏ • ϢʔβʔΛ͍͚͍ͨ • 伴Λ͍͚͍ͨ
.ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host
moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
Τεέʔϓ͕ͩΔ͍ • RemoteͰsedgrep͢Δͱ͖ʹΫΥʔτ ͕ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”
ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add
• ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ
ssh-agent͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞτͯ͠ ssh-agentϓϩηε͕Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill
͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔΛॻ͍ͯɺ ͬͨϓϩηεΛ͍·Θ͢
ssh-agent͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do
export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
ଟஈSSH (1) • ͱ͋ΔήʔτΣΠΛ௨Βͳ͍ͱ σʔληϯλʔͷϚγϯೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ
͍͚ͳ͍ɺͩΔ͍
ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'
USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯؔͳ͍Ͱ͢
ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host
host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ
.ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰͲ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑ sudo -u USER ssh REMOTEͩͬͨ߹ ͪΐͬͱةݥͰ͢
Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLANͷ αʔϏεΛɺsshܦ༝ͰແཧΓτϯω
ϧ͢Δ͜ͱ͕Մೳ
Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •
gatewayܦ༝Ͱhost:80͕127.0.0.1:80సૹ ͞ΕΔ • name base virtual hostͷ߹ /etc/hosts Λదʹॻ͖͑Δ • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥβͰΞΫηε
Port Forwarding (3) • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ͏ $ ssh -Nf -L13306:HOST:3306
GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔సૹՄೳ
Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L
10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync
--partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •
192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff
/path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
Remote Command with screen $ ssh HOST screen -d -m
/heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep
-ri err /var/log” ※ http://freecode.com/projects/pssh
zsh+tmuxͰsshͨ͠Β ৽Οϯυ # ~/.zshrc if [ $TERM = screen ];
then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨αʔόʔଆʹsshd͕ࢁ͕͋Γ·͢ •
↑͜ΕΛΔͱ1ͭͷsshd͕ෳͷsshͷ໘ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t
UTF-8 -p EUC-JP ssh HOST • cygwin൛͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
͔ࣾΒ֎PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ͏ OUTER$ sudo stone localhost:22 443 INNER$
stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •
~/.ssh/id_rsa • ssh -vvv • sshd -d
SSH͕͋Ε ͳΜͰͰ͖Δ!!
·ͩ·ͩհ͖͠Ε ͳ͍΄Ͳػೳ͕๛ Γͳ͍͋ͳͨ Let’s “man ssh_config”
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠