SSH tips & tricks

Transcript

1. SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata

2. • Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β਎௕͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠

3. None

4. ͸͡Ί·ͯ͠ͷਓ͸ ͸͡Ί·ͯ͠

5. ͦ͏Ͱͳ͍ਓ͸ ʢଟ෼ʣ ͝ແࠫଡͯ͠·͢

6. લճ

7. None

8. zshͱԾ૝୺຤ ϚωʔδϟͰ շదλʔϛφϧੜ׆

9. screen, tmux, zsh ͋ͨΓͷ࿩Λ ͤͯ͞௖͖·ͨ͠

10. վΊͯࣗݾ঺հ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc.

    ։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ

11. ຊ೔͸SSHͷ ࿩Λத৺ʹ ͍͖ͯ͠·͢

12. ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢

13. ଟ෼Αʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे෼ ೩͑ͨ͸ͣͳͷͰɺ ΦϨͷ*_history͸ ՐΛਧ͖·ͤΜ

14. ͋ͱωλ͸ࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢

15. SSH͸ ͨͩͷ better telnetͰ͸ͳ͍

16. SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ

17. ͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshd͸tcp/22ͰLISTEN

18. ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2୆ͳΒ

    ↑͜ͷ ॻ͖ํͰ΋զຫͰ͖ͦ͏ • ϢʔβʔΛ࢖͍෼͚͍ͨ • 伴Λ࢖͍෼͚͍ͨ

19. .ssh/config Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host

    moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no

20. Τεέʔϓ͕ͩΔ͍ • RemoteͰsed΍grep͢Δͱ͖ʹΫΥʔτ ͕୔ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”

21. ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add

    • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ

22. ssh-agent࢖͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞ΢τͯ͠΋ ssh-agentϓϩηε͕࢒Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill

    ͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔ਺Λॻ͍ͯɺ ࢒ͬͨϓϩηεΛ࢖͍·Θ͢

23. ssh-agent࢖͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do

    export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return fi done echo “Cannot find ssh agent - maybe you should reconnect and forward it?” }

24. ଟஈSSH (1) • ͱ͋Δήʔτ΢ΣΠΛ௨Βͳ͍ͱ σʔληϯλʔ಺ͷϚγϯ΁ೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΢ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ

    ͍͚ͳ͍ɺͩΔ͍

25. ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p'

    USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯ͸ؔ܎ͳ͍Ͱ͢

26. ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host

    host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔΍ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢

27. ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ

    .ssh/config ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰ΋Ͳ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑͹ sudo -u USER ssh REMOTEͩͬͨ৔߹ ͪΐͬͱةݥͰ͢

28. Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ௚઀͸ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLAN಺ͷ αʔϏεΛɺsshܦ༝Ͱແཧ΍Γτϯω

    ϧ͢Δ͜ͱ͕Մೳ

29. Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY •

    gatewayܦ༝Ͱhost:80͕127.0.0.1:80΁సૹ ͞ΕΔ • name base virtual hostͷ৔߹͸ /etc/hosts Λద౰ʹॻ͖׵͑Δ • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥ΢βͰΞΫηε

30. Port Forwarding (3) • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ࢖͏ $ ssh -Nf -L13306:HOST:3306

    GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔΋సૹՄೳ

31. Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L

    10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/file localhost:~/

32. Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync

    --partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ͸ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏

33. ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys •

    192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ૝୺຤͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ

34. Remote Diff $ ssh USER@HOST cat /path/to/ remotefile | diff

    /path/to/localfile - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point

35. Remote Command with screen $ ssh HOST screen -d -m

    /heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR

36. ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep

    -ri err /var/log” ※ http://freecode.com/projects/pssh

37. zsh+tmuxͰsshͨ͠Β ৽΢Οϯυ΢ # ~/.zshrc if [ $TERM = screen ];

    then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux fi

38. sshίωΫγϣϯଟॏԽ # ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨͸αʔόʔଆʹsshd͕୔ࢁ͕͋Γ·͢ •

    ↑͜ΕΛ΍Δͱ1ͭͷsshd͕ෳ਺ͷsshͷ໘౗ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ

39. αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t

    UTF-8 -p EUC-JP ssh HOST • cygwin൛΋͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱ઀ଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot

40. ࣾ಺͔Β֎΁͸PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ࢖͏ OUTER$ sudo stone localhost:22 443 INNER$

    stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html

41. ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys •

    ~/.ssh/id_rsa • ssh -vvv • sshd -d

42. SSH͕͋Ε͹ ͳΜͰ΋Ͱ͖Δ!!

43. ·ͩ·ͩ঺հ͖͠Ε ͳ͍΄Ͳػೳ͕๛෋ ෺଍Γͳ͍͋ͳͨ͸ Let’s “man ssh_config”

44. ͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠