Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSH tips & tricks
Search
Nobutoshi Ogata
March 26, 2012
Technology
0
75
SSH tips & tricks
Nobutoshi Ogata
March 26, 2012
Tweet
Share
More Decks by Nobutoshi Ogata
See All by Nobutoshi Ogata
Datadogセミナー 2025/3/13 Datadog On-Callの活用事例のご紹介
nobu666
0
260
サーバサイドの技術スタック・アーキテクチャ総ざらい - SmartNews Tech Night in Fukuoka Vol.1
nobu666
1
17k
SmartNews x PLAID - Cost cut and AWS Enterprise Support
nobu666
0
260
Why Slack?
nobu666
0
290
A Complete Work of SmartNews's SRE
nobu666
2
3k
SRE at SmartNews
nobu666
0
7.9k
SmartNews の最近の取り組みについて
nobu666
4
3.5k
Introducing in-hourse PaaS
nobu666
1
290
Monitoring of SmartNews
nobu666
0
160
Other Decks in Technology
See All in Technology
Delta airlines®️ USA Contact Numbers: Complete 2025 Support Guide
airtravelguide
0
350
伴走から自律へ: 形式知へと導くSREイネーブリングによる プロダクトチームの信頼性オーナーシップ向上 / SRE NEXT 2025
visional_engineering_and_design
2
190
SREの次のキャリアの道しるべ 〜SREがマネジメントレイヤーに挑戦して、 気づいたこととTips〜
coconala_engineer
1
840
ゼロからはじめる採用広報
yutadayo
3
1k
Copilot coding agentにベットしたいCTOが開発組織で取り組んだこと / GitHub Copilot coding agent in Team
tnir
0
130
Delegating the chores of authenticating users to Keycloak
ahus1
0
170
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
220
開発生産性を測る前にやるべきこと - 組織改善の実践 / Before Measuring Dev Productivity
kaonavi
14
8.1k
事例で学ぶ!B2B SaaSにおけるSREの実践例/SRE for B2B SaaS: A Real-World Case Study
bitkey
1
280
CDK Vibe Coding Fes
tomoki10
1
460
全部AI、全員Cursor、ドキュメント駆動開発 〜DevinやGeminiも添えて〜
rinchsan
2
760
大量配信システムにおけるSLOの実践:「見えない」信頼性をSLOで可視化
plaidtech
PRO
0
260
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Six Lessons from altMBA
skipperchong
28
3.9k
Automating Front-end Workflow
addyosmani
1370
200k
Documentation Writing (for coders)
carmenintech
72
4.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
The Language of Interfaces
destraynor
158
25k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.7k
Visualization
eitanlees
146
16k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.4k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
830
Balancing Empowerment & Direction
lara
1
440
Transcript
SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata
• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠
None
͡Ί·ͯ͠ͷਓ ͡Ί·ͯ͠
ͦ͏Ͱͳ͍ਓ ʢଟʣ ͝ແࠫଡͯ͠·͢
લճ
None
zshͱԾ ϚωʔδϟͰ շదλʔϛφϧੜ׆
screen, tmux, zsh ͋ͨΓͷΛ ͖ͤͯ͞·ͨ͠
վΊͯࣗݾհ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.
։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
ຊSSHͷ Λத৺ʹ ͍͖ͯ͠·͢
ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢
ଟΑʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे ೩͑ͨͣͳͷͰɺ ΦϨͷ*_history ՐΛਧ͖·ͤΜ
͋ͱωλࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢
SSH ͨͩͷ better telnetͰͳ͍
SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ
͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshdtcp/22ͰLISTEN
ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2ͳΒ
↑͜ͷ ॻ͖ํͰզຫͰ͖ͦ͏ • ϢʔβʔΛ͍͚͍ͨ • 伴Λ͍͚͍ͨ
.ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host
moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
Τεέʔϓ͕ͩΔ͍ • RemoteͰsedgrep͢Δͱ͖ʹΫΥʔτ ͕ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”
ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add
• ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ
ssh-agent͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞτͯ͠ ssh-agentϓϩηε͕Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill
͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔΛॻ͍ͯɺ ͬͨϓϩηεΛ͍·Θ͢
ssh-agent͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do
export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
ଟஈSSH (1) • ͱ͋ΔήʔτΣΠΛ௨Βͳ͍ͱ σʔληϯλʔͷϚγϯೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ
͍͚ͳ͍ɺͩΔ͍
ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'
USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯؔͳ͍Ͱ͢
ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host
host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ
.ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰͲ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑ sudo -u USER ssh REMOTEͩͬͨ߹ ͪΐͬͱةݥͰ͢
Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLANͷ αʔϏεΛɺsshܦ༝ͰແཧΓτϯω
ϧ͢Δ͜ͱ͕Մೳ
Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •
gatewayܦ༝Ͱhost:80͕127.0.0.1:80సૹ ͞ΕΔ • name base virtual hostͷ߹ /etc/hosts Λదʹॻ͖͑Δ • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥβͰΞΫηε
Port Forwarding (3) • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ͏ $ ssh -Nf -L13306:HOST:3306
GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔సૹՄೳ
Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L
10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync
--partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •
192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff
/path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
Remote Command with screen $ ssh HOST screen -d -m
/heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep
-ri err /var/log” ※ http://freecode.com/projects/pssh
zsh+tmuxͰsshͨ͠Β ৽Οϯυ # ~/.zshrc if [ $TERM = screen ];
then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨αʔόʔଆʹsshd͕ࢁ͕͋Γ·͢ •
↑͜ΕΛΔͱ1ͭͷsshd͕ෳͷsshͷ໘ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t
UTF-8 -p EUC-JP ssh HOST • cygwin൛͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
͔ࣾΒ֎PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ͏ OUTER$ sudo stone localhost:22 443 INNER$
stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •
~/.ssh/id_rsa • ssh -vvv • sshd -d
SSH͕͋Ε ͳΜͰͰ͖Δ!!
·ͩ·ͩհ͖͠Ε ͳ͍΄Ͳػೳ͕๛ Γͳ͍͋ͳͨ Let’s “man ssh_config”
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠