SSH tips & tricks - Speaker Deck

Slide 1

Slide 1 text

SSH tips & tricks 2012/03/26 ୈೋճλʔϛφϧษڧձ GREE Inc. Nobutoshi Ogata

Slide 2

Slide 2 text

• Oracle͞Μʹ͓अຐͨ͠Βίʔώʔ͕ແ ݶʹҿΊ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β਎௕͕10cm ৳ͼ·ͨ͠ • Oracle͞Μʹ͓अຐͨ͠Β൴ঁ͕ग़དྷ ·ͨ͠

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

͸͡Ί·ͯ͠ͷਓ͸ ͸͡Ί·ͯ͠

Slide 5

Slide 5 text

ͦ͏Ͱͳ͍ਓ͸ ʢଟ෼ʣ ͝ແࠫଡͯ͠·͢

Slide 6

Slide 6 text

લճ

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

zshͱԾ૝୺຤ ϚωʔδϟͰ շదλʔϛφϧੜ׆

Slide 9

Slide 9 text

screen, tmux, zsh ͋ͨΓͷ࿩Λ ͤͯ͞௖͖·ͨ͠

Slide 10

Slide 10 text

վΊͯࣗݾ঺հ • ඌܗெढ़(͓͕ͨͷͿͱ͠) • http://twitter.com/nobu666 • http://www.facebook.com/nobutoshi.ogata • GREE Inc. ։ൃຊ෦Πϯϑϥ౷ׅ෦ ΞϓϦέʔγϣϯج൫νʔϜ

Slide 11

Slide 11 text

ຊ೔͸SSHͷ ࿩Λத৺ʹ ͍͖ͯ͠·͢

Slide 12

Slide 12 text

ʮΦϨͷ*_history͕ ՐΛਧͥ͘ʯ ͱ͍͏͜ͱͰ͕͢

Slide 13

Slide 13 text

ଟ෼Αʔͧʔ͞Μͱ ͖ͣ͢͞ΜͰे෼ ೩͑ͨ͸ͣͳͷͰɺ ΦϨͷ*_history͸ ՐΛਧ͖·ͤΜ

Slide 14

Slide 14 text

͋ͱωλ͸ࠓճ ಛʹͳ͍ͷͰ ୶ʑͱ͍͖·͢

Slide 15

Slide 15 text

SSH͸ ͨͩͷ better telnetͰ͸ͳ͍

Slide 16

Slide 16 text

SSHͰͰ͖Δ͜ͱ • ηΩϡΞͳϦϞʔτϩάΠϯ • ௨৴ͷ҉߸Խ • ϙʔτసૹ • ηΩϡΞͳϑΝΠϧసૹ

Slide 17

Slide 17 text

͔͜͜Βͷલఏ • Linux • OpenSSH • SSH2ϓϩτίϧ • sshd͸tcp/22ͰLISTEN

Slide 18

Slide 18 text

ϦϞʔτϩάΠϯ • ssh -i USER -l ~/.ssh/id_rsa REMOTE • ·͊1-2୆ͳΒ ↑͜ͷ ॻ͖ํͰ΋զຫͰ͖ͦ͏ • ϢʔβʔΛ࢖͍෼͚͍ͨ • 伴Λ࢖͍෼͚͍ͨ

Slide 19

Slide 19 text

.ssh/conﬁg Host hoge HostName hoge.example.com IdentityFile ~/.ssh/id_rsa.hoge User hoge_user Host moge HostName moge.example.jp IdennityFile ~/.ssh/id_rsa.moge User moge_user Host * ForwardAgent yes ServerAliveInterval 200 ForwardX11 no

Slide 20

Slide 20 text

Τεέʔϓ͕ͩΔ͍ • RemoteͰsed΍grep͢Δͱ͖ʹΫΥʔτ ͕୔ࢁ͋ΔͱΤεέʔϓ͕ͩΔ͍ $ ssh host “`cmd.txt`”

Slide 21

Slide 21 text

ύεϑϨʔζ͕ͩΔ͍ • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ $ eval `ssh-agent` $ ssh-add • ssh-agentͱssh-add • keychain͕࢖͑ΔͳΒͦͬͪͰ

Slide 22

Slide 22 text

ssh-agent࢖͍ճ͠ (1) • eval `ssh-agent`͢ΔͱϩάΞ΢τͯ͠΋ ssh-agentϓϩηε͕࢒Γ·͢ • ηΩϡΞʹ͍ͨ͠ͳΒlogoutεΫϦϓ τͰ kill ͠·͠ΐ͏ • γΣϧεΫϦϓτͷؔ਺Λॻ͍ͯɺ ࢒ͬͨϓϩηεΛ࢖͍·Θ͢

Slide 23

Slide 23 text

ssh-agent࢖͍ճ͠ (2) ssh-reagent () { for agent in /tmp/ssh-*/agent.*; do export SSH_AUTH_SOCK=$agent if ssh-add -l 2>&1 > /dev/null; then echo “Found working SSH Agent:” ssh-add -l return ﬁ done echo “Cannot ﬁnd ssh agent - maybe you should reconnect and forward it?” }

Slide 24

Slide 24 text

ଟஈSSH (1) • ͱ͋Δήʔτ΢ΣΠΛ௨Βͳ͍ͱ σʔληϯλʔ಺ͷϚγϯ΁ೖΕͳ͍ • ΊΜͲ͍ • Ͱ͔͍ϑΝΠϧίϐʔͱ͔ɺήʔτ ΢ΣΠͷσΟεΫ༰ྔΛؾʹ͠ͳ͍ͱ ͍͚ͳ͍ɺͩΔ͍

Slide 25

Slide 25 text

ଟஈSSH (2) $ ssh -o 'ProxyCommand ssh USER@GATEWAY -W %h:%p' USER@INNER_HOST Host *-proxy User user ProxyCommand ssh gateway -W %h:%P ※ sshΫϥΠΞϯτͷOpenSSHόʔδϣϯ5.4 Ҏ্ ※ αʔόʔଆͷόʔδϣϯ͸ؔ܎ͳ͍Ͱ͢

Slide 26

Slide 26 text

ଟஈSSH (3) Host host3 ProxyCommand ssh host2 -W %h:%P Host host2 ProxyCommand ssh host1 -W %h:%P Host host1 User ore • ↑ͱ͔΍ͬͱ͘ͱɺssh host3 ͱ͍͏͚ͩ Ͱhost1→host2→host3ͱܦ༝ͯͭ͠ͳ͕ Γ·͢

Slide 27

Slide 27 text

ଟஈSSH (4) $ ssh -t GATEWAY ssh REMOTE • ͍͍ͪͪ .ssh/conﬁg ॻ͘ͷΊΜͲ͍ͱ͖ ʹͰ΋Ͳ͏ͧ • -t ͠ͳ͍ͱGATEWAY͔Βͷssh͕ྫ͑͹ sudo -u USER ssh REMOTEͩͬͨ৔߹ ͪΐͬͱةݥͰ͢

Slide 28

Slide 28 text

Port Forwarding (1) • localhostͷportΛRemoteͷportʹసૹ • RemoteͷportΛlocalhostͷportʹసૹ • ௚઀͸ݟ͑ͳ͍ͱ͜Ζʹ͍ΔLAN಺ͷ αʔϏεΛɺsshܦ༝Ͱແཧ΍Γτϯω ϧ͢Δ͜ͱ͕Մೳ

Slide 29

Slide 29 text

Port Forwarding (2) $ sudo ssh -Nf -L80:HOST:80 GATEWAY • gatewayܦ༝Ͱhost:80͕127.0.0.1:80΁సૹ ͞ΕΔ • name base virtual hostͷ৔߹͸ /etc/hosts Λద౰ʹॻ͖׵͑Δ • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ WebαʔόΛlocalͷϒϥ΢βͰΞΫηε

Slide 30

Slide 30 text

Port Forwarding (3) • ౿Έ୆ܦ༝Ͱ͔͠ΞΫηεͰ͖ͳ͍ mysqlαʔόΛlocalͰ࢖͏ $ ssh -Nf -L13306:HOST:3306 GATEWAY $ mysql -uroot -p -P13306 -h127.0.0.1 • ಉ͡ཁྖͰPOP3ͱ͔΋సૹՄೳ

Slide 31

Slide 31 text

Port Forwarding (4) • GATEWAYܦ༝Ͱ͔͠ೖΕͳ͍hostʹɺଞ ͷhost͔ΒͰ͔͍ϑΝΠϧΛૹΓ͚ͭΔ $ ssh -fCN -L 10022:TARGET:22 USER@GATEWAY $ rsync --bwlimit=25600 --progress -az -e “ssh -p 10022” /path/to/large/ﬁle localhost:~/

Slide 32

Slide 32 text

Resumeػೳ͖ͭసૹ $ rsync --partial --progress --rsh=ssh SOURCE_FILE USER@HOST:DEST_FILE $ rsync --partial --progress --rsh=ssh USER@HOST:SOURCE_FILE DEST_FILE • Resume͕ඞཁͳϑΝΠϧసૹͬͯ͜ͱ ͸ɺϒπ͕Ͱ͔͍ͱࢥΘΕΔͷͰඞཁ ʹԠͯ͡ --bwlimit ͠·͠ΐ͏

Slide 33

Slide 33 text

ೝূͱίϚϯυ੍ݶ from=”!foo.example.com,*.example.com”, no- pty, command=”ls” ssh-rsa AAAAB3NzaC1yc2EAAAADAQ....... • .ssh/authorized_keys • 192.168.0.?ͱ͔192.168.0.*ͱ͔192.168.0.0/24 ͱ͔ • fooҎ֎ͷ*.example.comͷ伴Ͱ͔͠ೝূͰ͖ ͣɺԾ૝୺຤͕औΕͳ͍ɺ͔ͭls͕࣮ߦ͞Ε Δ͚ͩ

Slide 34

Slide 34 text

Remote Diff $ ssh USER@HOST cat /path/to/ remoteﬁle | diff /path/to/localﬁle - Remote Disk Mount $ sshfs USER@HOST:/path/to/ folder /path/to/mount/point

Slide 35

Slide 35 text

Remote Command with screen $ ssh HOST screen -d -m /heavy/command Login with screen $ ssh -t HOST [ $STY ] || screen -rx || screen -D -RR

Slide 36

Slide 36 text

ެ։伴Λ҆શʹίϐʔ $ ssh-copy-id େྔͷαʔόʹssh $ pssh -h hostlist.txt -i “grep -ri err /var/log” ※ http://freecode.com/projects/pssh

Slide 37

Slide 37 text

zsh+tmuxͰsshͨ͠Β ৽΢Οϯυ΢ # ~/.zshrc if [ $TERM = screen ]; then function ssh_tmux() { eval server=\${$#} tmux new-window -n $@ "exec ssh $@" } alias ssh=ssh_tmux ﬁ

Slide 38

Slide 38 text

sshίωΫγϣϯଟॏԽ # ~/.ssh/conﬁg ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p • ී௨͸αʔόʔଆʹsshd͕୔ࢁ͕͋Γ·͢ • ↑͜ΕΛ΍Δͱ1ͭͷsshd͕ෳ਺ͷsshͷ໘౗ ΛΈΔΑ͏ʹͳΓ·͢ • ίωΫγϣϯཱ֬ࡁΈͳΒೝূෆཁ

Slide 39

Slide 39 text

αʔόʔຖʹ ΤϯίʔσΟϯά͕ҧ͏ $ sudo (brew|port) install cocot $ cocot -t UTF-8 -p EUC-JP ssh HOST • cygwin൛΋͋ΔͬΆ͍ • -t Ͱλʔϛφϧͷจࣈίʔυ • -p Ͱ઀ଓઌͷจࣈίʔυ ※ https://github.com/vmi/cocot

Slide 40

Slide 40 text

ࣾ಺͔Β֎΁͸PROXY ܦ༝͔͠։͍ͯͳ͍! • stoneΛ࢖͏ OUTER$ sudo stone localhost:22 443 INNER$ stone proxy.example.com:8080/http 10022 ‘CONNECT OUTER:443 HTTP/1.0’ OUTER$ ssh -p 10022 localhost ※ http://www.gcd.org/sengoku/stone/Welcome.ja.html

Slide 41

Slide 41 text

ͳΜ͔ೝূͰ͖ͳ͍ͱ͖ • ύʔϛογϣϯΛٙ͏ • ~/ • ~/.ssh • ~/.ssh/authorized_keys • ~/.ssh/id_rsa • ssh -vvv • sshd -d

Slide 42

Slide 42 text

SSH͕͋Ε͹ ͳΜͰ΋Ͱ͖Δ!!

Slide 43

Slide 43 text

·ͩ·ͩ঺հ͖͠Ε ͳ͍΄Ͳػೳ͕๛෋ ෺଍Γͳ͍͋ͳͨ͸ Let’s “man ssh_conﬁg”

Slide 44

Slide 44 text

͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠