Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ssh_configのススメ
Hisaharu Ishii
皆さん
ssh使ってますか?
ssh_config使ってますか?
ssh_config(5)
sshコマンドは、以下の優先順位で設定を読む
1. コマンドラインオプション
2. ユーザ設定ファイル (~/.ssh/config)
3. システム設定ファイル (/etc/ssh/ssh_config)
※ Op...
つまり?
つまり
$ ssh -p 2222 very-long-user-name@very-long-server-name.
example.com
これを
$ cat .ssh/config
Host very
Port 2222
User ve...
$ scp -P 2222 very-long-
user-name@very-long-
server-name.example.com:
hoge.txt ./
$ scp very:hoge.txt ./
$ rsync --port 2...
ssh_config初級編
ssh_config初級編
Host hoge
Port 2222
User taro
HostName foobar.example.com
IdentityFile ~/.ssh/id_rsa_2
Host fuga
User jiro
H...
ssh_config初級編
Host hoge
Port 2222
User taro
HostName foobar.example.com
IdentityFile ~/.ssh/id_rsa_2
Host fuga
User jiro
H...
ssh_config中級編
ssh_config中級編
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ControlMaster auto
ControlPath /tmp/%r@%h:%p
ssh_config中級編
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ControlMaster auto
ControlPath /tmp/%r@%h:%p
同じ...
ssh_config中級編
その2
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
hoge.example.com
手元のマシン
TCP:22
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
hoge.example.com
手元のマシン
社内ネットワーク...
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
hoge.example.com
手元のマシン
社内ネットワーク...
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
hoge.example.com
手元のマシン
HTTP Pro...
ssh_config中級編
Host hoge.example.com
ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
hoge.example.com
手元のマシン
connect ...
ssh_config中級編
その3
ssh_config中級編
Host fuga.example.com
ProxyCommand ssh -W %h:%p uraguchi
fuga.example.com
手元のマシン
TCP:22
ssh_config中級編
Host fuga.example.com
ProxyCommand ssh -W %h:%p uraguchi
fuga.example.com
手元のマシン
インターネット
社内ネットワーク
TCP:22
ura...
ssh_config中級編
Host fuga.example.com
ProxyCommand ssh -W %h:%p uraguchi
fuga.example.com
手元のマシン
インターネット
社内ネットワーク
TCP:22
ura...
ssh_config中級編
Host fuga.example.com
ProxyCommand ssh -W %h:%p uraguchi
fuga.example.com
手元のマシン
インターネット
社内ネットワーク
TCP:22
ura...
ssh_config中級編
Host fuga.example.com
ProxyCommand ssh -W %h:%p uraguchi
fuga.example.com
手元のマシン
ssh client
SSHセッション
ssh cli...
ssh_config上級編
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh -W $(ssh host_machine virsh dumpxml
`echo %h | cut -d, -f2` | awk -F"[<...
ssh_config上級編
Host host_machine,*
ProxyCommand ssh 
-W $( 
ssh host_machine 
virsh dumpxml `echo %h | cut -d, -f2` 
| awk ...
ありがとうございました
Upcoming SlideShare
Loading in …5
×

ssh_configのススメ

15,012 views

Published on

第18回シェル芸勉強会のLTで使ったスライド
https://usptomo.doorkeeper.jp/events/28602

Published in: Software
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ♥♥♥ http://bit.ly/2Q98JRS ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ❤❤❤ http://bit.ly/2Q98JRS ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy &amp; Proven Way to Build Good Habits &amp; Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

ssh_configのススメ

  1. 1. ssh_configのススメ Hisaharu Ishii
  2. 2. 皆さん
  3. 3. ssh使ってますか?
  4. 4. ssh_config使ってますか?
  5. 5. ssh_config(5) sshコマンドは、以下の優先順位で設定を読む 1. コマンドラインオプション 2. ユーザ設定ファイル (~/.ssh/config) 3. システム設定ファイル (/etc/ssh/ssh_config) ※ OpenSSH client を前提にしています。 Windowsな人は、TeraTermやPuTTYでなく Cygwin版であれば同じことができます。
  6. 6. つまり?
  7. 7. つまり $ ssh -p 2222 very-long-user-name@very-long-server-name. example.com これを $ cat .ssh/config Host very Port 2222 User very-long-user-name HostName very-long-server-name.example.com $ ssh very こうしておくと こうなる
  8. 8. $ scp -P 2222 very-long- user-name@very-long- server-name.example.com: hoge.txt ./ $ scp very:hoge.txt ./ $ rsync --port 2222 very- long-user-name@very-long- server-name.example.com: hoge.txt ./ $ rsync very:hoge.txt ./ $ git clone ssh: //very/hoge.git $ git clone ssh://very- long-user-name@very-long- server-name.example.com: 2222/hoge.git さらに
  9. 9. ssh_config初級編
  10. 10. ssh_config初級編 Host hoge Port 2222 User taro HostName foobar.example.com IdentityFile ~/.ssh/id_rsa_2 Host fuga User jiro HostName fuga.example.com
  11. 11. ssh_config初級編 Host hoge Port 2222 User taro HostName foobar.example.com IdentityFile ~/.ssh/id_rsa_2 Host fuga User jiro HostName fuga.example.com 設定が適用されるホスト名 SSHサーバのポート番号(標準は22) ログインユーザ名 実際に接続するホスト名orIPアドレス 認証用の秘密鍵ファイル
  12. 12. ssh_config中級編
  13. 13. ssh_config中級編 Host * StrictHostKeyChecking no UserKnownHostsFile /dev/null ControlMaster auto ControlPath /tmp/%r@%h:%p
  14. 14. ssh_config中級編 Host * StrictHostKeyChecking no UserKnownHostsFile /dev/null ControlMaster auto ControlPath /tmp/%r@%h:%p 同じIPアドレスでVMを何回も作成してい ると、ホストキーが変わって警告が 邪魔なので、強制的に無視する 全てのホストに適用 同じサーバに複数のSSHセッションを開 く場合に、TCP接続を共有する 2本目以降のセッションは一瞬で開く
  15. 15. ssh_config中級編 その2
  16. 16. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p
  17. 17. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p hoge.example.com 手元のマシン TCP:22
  18. 18. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p hoge.example.com 手元のマシン 社内ネットワーク インターネット TCP:22
  19. 19. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p hoge.example.com 手元のマシン 社内ネットワーク インターネット 直接通信できない TCP:22
  20. 20. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p hoge.example.com 手元のマシン HTTP Proxy 社内ネットワーク インターネット TCP:22
  21. 21. ssh_config中級編 Host hoge.example.com ProxyCommand connect -H proxy.mydomain.com:8080 %h %p hoge.example.com 手元のマシン connect proxy HTTP Proxy HTTP CONNECT リクエスト TCP接続を リレー TCP:8080 TCP:22 ssh client 社内ネットワーク インターネット
  22. 22. ssh_config中級編 その3
  23. 23. ssh_config中級編 Host fuga.example.com ProxyCommand ssh -W %h:%p uraguchi fuga.example.com 手元のマシン TCP:22
  24. 24. ssh_config中級編 Host fuga.example.com ProxyCommand ssh -W %h:%p uraguchi fuga.example.com 手元のマシン インターネット 社内ネットワーク TCP:22 uraguchi TCP:22
  25. 25. ssh_config中級編 Host fuga.example.com ProxyCommand ssh -W %h:%p uraguchi fuga.example.com 手元のマシン インターネット 社内ネットワーク TCP:22 uraguchi TCP:22 接続できない
  26. 26. ssh_config中級編 Host fuga.example.com ProxyCommand ssh -W %h:%p uraguchi fuga.example.com 手元のマシン インターネット 社内ネットワーク TCP:22 uraguchi TCP:22 接続できない接続できる
  27. 27. ssh_config中級編 Host fuga.example.com ProxyCommand ssh -W %h:%p uraguchi fuga.example.com 手元のマシン ssh client SSHセッション ssh client インターネット 社内ネットワーク TCP:22 uraguchi TCP:22 TCP接続を 標準入出力にリレー
  28. 28. ssh_config上級編
  29. 29. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine
  30. 30. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine 手元のマシン host_machine kvm, libvirt, dnsmasq
  31. 31. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine 手元のマシン host_machine kvm, libvirt, dnsmasq vm1 vm2
  32. 32. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine 手元のマシン host_machine kvm, libvirt, dnsmasq vm1 vm2 192.168.122.123 192.168.122.234
  33. 33. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine 手元のマシン host_machine ssh host_machine,vm1 ssh host_machine,vm2 kvm, libvirt, dnsmasq vm1 vm2 192.168.122.123 192.168.122.234
  34. 34. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $(ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}'):%p host_machine 手元のマシン host_machine ssh host_machine,vm1 ssh host_machine,vm2 kvm, libvirt, dnsmasq vm1 vm2 192.168.122.123 192.168.122.234 サーバ側の設定は一切不要! クライアントの.ssh/configに 2行設定するだけ!
  35. 35. ssh_config上級編 Host host_machine,* ProxyCommand ssh -W $( ssh host_machine virsh dumpxml `echo %h | cut -d, -f2` | awk -F"[<']" '$2=="mac address="{print $3}' | xargs -I@ ssh host_machine grep @ /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}' ):%p host_machine
  36. 36. ありがとうございました

×