






















I run lots of Linux servers. I create them, install some stuff, mess around with them, forget them, come back to them…and forget my credentials. My life used to look like this:
$ ssh -i ~/steveko.pem steveb@115.146.83.268 Permission denied (publickey). $ ssh -i ~/steveko.pem sbennett@115.146.83.268 Permission denied (publickey). $ ssh -i ~/stevebennett.pem steveb@115.146.83.268 Permission denied (publickey). $ ssh -i ~/steveko.pem ubuntu@115.146.83.268 Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-26-generic x86_64) ...
This got really tedious. You can’t memorise many IP addresses, so you’re constantly referring to emails, post-its or even SMSes. Then you rebuild your server, the IP address changes, and you’re lost again.
And because some of the servers are administered by other people, I can’t always choose my own user name, so more faffing around.
So, here’s my solution:
Give each server a name. Ignore the actual hostname of the server, or what everyone else calls it. My convention goes like this:
<infrastructure>–<project>[–<purpose>]
Examples:
The key here is minimising what you need to remember. If I’m doing some work on a project, I’ll always know the project name and whether I want to work on the prod or dev server. Indeed, it’s an advantage to have to specifically type “-prod” when working on a production machine.
When I create a server, or someone tells me an IP, I immediately give it a name, and store it in /etc/hosts. The file looks like this:
## # Host Database ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost 115.146.46.269 nectar-tunnelator 136.186.3.299 swin-bpsyc-dev ...
This has the huge advantage that you can also put those names in the browser address bar: http://nectar-tunnelator
If a server moves location, just update the entry in /etc/hosts, and forget about it again.
The SSH configuration file can radically simplify your life. You have one entry per server, like this:
Host latrobe-vesiclepedia-dev User steveb IdentityFile /Users/stevebennett/Dropbox/VeRSI/NeCTAR/nectar.pem Port 9022
Notice how we don’t need to spell out the IP address again. And by storing the access details here, we can connect like this:
$ ssh latrobe-vesiclepedia-dev
So much less to remember. And because it’s so easy to connect, suddenly tools like SCP, and SSH tunnelling become much more attractive.
$ scp myfile.txt latrobe-vesiclepedia-dev $ ssh latrobe-vesiclepedia-dev sudo cp myfile.txt /var/www
In reality, it gets even simpler. Most of my NeCTAR boxes are Ubuntu, with a login name of “ubuntu”. The “nectar-” naming convention proves valuable:
Host nectar-* IdentityFile /Users/stevebennett/Dropbox/VeRSI/NeCTAR/nectar.pem User ubuntu
That means that any NeCTAR box using that key and username doesn’t even need its own entry in .ssh/config:
$ ssh nectar-someserver
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。