Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSH tips & tricks
Search
Nobutoshi Ogata
March 26, 2012
Technology
0
75
SSH tips & tricks
Nobutoshi Ogata
March 26, 2012
Tweet
Share
More Decks by Nobutoshi Ogata
See All by Nobutoshi Ogata
Datadogセミナー 2025/3/13 Datadog On-Callの活用事例のご紹介
nobu666
0
260
サーバサイドの技術スタック・アーキテクチャ総ざらい - SmartNews Tech Night in Fukuoka Vol.1
nobu666
1
17k
SmartNews x PLAID - Cost cut and AWS Enterprise Support
nobu666
0
260
Why Slack?
nobu666
0
290
A Complete Work of SmartNews's SRE
nobu666
2
3k
SRE at SmartNews
nobu666
0
7.9k
SmartNews の最近の取り組みについて
nobu666
4
3.5k
Introducing in-hourse PaaS
nobu666
1
300
Monitoring of SmartNews
nobu666
0
160
Other Decks in Technology
See All in Technology
[ JAWS-UG千葉支部 x 彩の国埼玉支部 ]ムダ遣い卒業!FinOpsで始めるAWSコスト最適化の第一歩
sh_fk2
2
150
20250708オープンエンドな探索と知識発見
sakana_ai
PRO
4
860
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
220
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
390
Copilot coding agentにベットしたいCTOが開発組織で取り組んだこと / GitHub Copilot coding agent in Team
tnir
0
150
SREの次のキャリアの道しるべ 〜SREがマネジメントレイヤーに挑戦して、 気づいたこととTips〜
coconala_engineer
1
1k
Rethinking Incident Response: Context-Aware AI in Practice
rrreeeyyy
1
390
公開初日に Gemini CLI を試した話や FFmpeg と組み合わせてみた話など / Gemini CLI 初学者勉強会(#AI道場)
you
PRO
0
1k
【あのMCPって、どんな処理してるの?】 AWS CDKでの開発で便利なAWS MCP Servers特集
yoshimi0227
6
730
Delegating the chores of authenticating users to Keycloak
ahus1
0
180
CDK Toolkit Libraryにおけるテストの考え方
smt7174
1
450
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
970
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
7
330
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Building Applications with DynamoDB
mza
95
6.5k
Making Projects Easy
brettharned
116
6.3k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
Transcript
SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata
• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠
None
͡Ί·ͯ͠ͷਓ ͡Ί·ͯ͠
ͦ͏Ͱͳ͍ਓ ʢଟʣ ͝ແࠫଡͯ͠·͢
લճ
None
zshͱԾ ϚωʔδϟͰ շదλʔϛφϧੜ׆
screen, tmux, zsh ͋ͨΓͷΛ ͖ͤͯ͞·ͨ͠
վΊͯࣗݾհ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.
։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ
ຊSSHͷ Λத৺ʹ ͍͖ͯ͠·͢
ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢
ଟΑʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे ೩͑ͨͣͳͷͰɺ ΦϨͷ*_history ՐΛਧ͖·ͤΜ
͋ͱωλࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢
SSH ͨͩͷ better telnetͰͳ͍
SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ
͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshdtcp/22ͰLISTEN
ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2ͳΒ
↑͜ͷ ॻ͖ํͰզຫͰ͖ͦ͏ • ϢʔβʔΛ͍͚͍ͨ • 伴Λ͍͚͍ͨ
.ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host
moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no
Τεέʔϓ͕ͩΔ͍ • RemoteͰsedgrep͢Δͱ͖ʹΫΥʔτ ͕ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”
ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add
• ssh-agentͱssh-add • keychain͕͑ΔͳΒͦͬͪͰ
ssh-agent͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞτͯ͠ ssh-agentϓϩηε͕Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill
͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔΛॻ͍ͯɺ ͬͨϓϩηεΛ͍·Θ͢
ssh-agent͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do
export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }
ଟஈSSH (1) • ͱ͋ΔήʔτΣΠΛ௨Βͳ͍ͱ σʔληϯλʔͷϚγϯೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ
͍͚ͳ͍ɺͩΔ͍
ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'
USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯؔͳ͍Ͱ͢
ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host
host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢
ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ
.ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰͲ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑ sudo -u USER ssh REMOTEͩͬͨ߹ ͪΐͬͱةݥͰ͢
Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLANͷ αʔϏεΛɺsshܦ༝ͰແཧΓτϯω
ϧ͢Δ͜ͱ͕Մೳ
Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •
gatewayܦ༝Ͱhost:80͕127.0.0.1:80సૹ ͞ΕΔ • name base virtual hostͷ߹ /etc/hosts Λదʹॻ͖͑Δ • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥβͰΞΫηε
Port Forwarding (3) • ౿Έܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ͏ $ ssh -Nf -L13306:HOST:3306
GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔సૹՄೳ
Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L
10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/
Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync
--partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏
ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •
192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ
Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff
/path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point
Remote Command with screen $ ssh HOST screen -d -m
/heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR
ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep
-ri err /var/log” ※ http://freecode.com/projects/pssh
zsh+tmuxͰsshͨ͠Β ৽Οϯυ # ~/.zshrc if [ $TERM = screen ];
then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi
sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨αʔόʔଆʹsshd͕ࢁ͕͋Γ·͢ •
↑͜ΕΛΔͱ1ͭͷsshd͕ෳͷsshͷ໘ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ
αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t
UTF-8 -p EUC-JP ssh HOST • cygwin൛͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot
͔ࣾΒ֎PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ͏ OUTER$ sudo stone localhost:22 443 INNER$
stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html
ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •
~/.ssh/id_rsa • ssh -vvv • sshd -d
SSH͕͋Ε ͳΜͰͰ͖Δ!!
·ͩ·ͩհ͖͠Ε ͳ͍΄Ͳػೳ͕๛ Γͳ͍͋ͳͨ Let’s “man ssh_config”
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠