Image of the glider from the Game of Life by John Conway
Skip to content

More SSH Tips

I just love OpenSSH. That is the single greatest tool on unix-like operating systems, as far as I am concerned. I've blogged about SSH plenty. SSH tunneling, SSH forwarding, SSHFS and more. Needless to say, I believe that SSH is the single most flexible and powerful package on unix-like operating systems. And, with this post, it just gets better.

First, I'm not sure if you are aware, but in your ~/.ssh/config file, you can specify all the servers that you connect to, with their associated port (being that they are running SSH on a non-standard port other than 22). This makes it easy on the typing when sitting at the shell. For example, rather than type this:

aaron@hercules:~$ ssh -p 22222 aaron@some.remote.server.com

I can add the following to my ~/.ssh/config file:

Host some.remote.server.com
Port 22222

Now, I just need to type:

aaron@hercules:~$ ssh aaron@some.remote.server.com

Very nice. Of course, there is a lot more you can put in your SSH config file, and you can have multiple hosts with their associated ports in the file as well. If you look at your /etc/ssh/ssh_config file, you can see a much broader range of options that can exist in your ~/.ssh/config.

Next in line is your SSH keys. You can setup your SSH server to allow key-based authentication rather than the traditional user/password. Which means, that rather than enter your password every time you try to connect to a remote SSH server, you can have your SSH key authenticate you automatically. First, you need to generate a key:

aaron@hercules:~$ ssh-keygen -t dsa

Enter a passphrase for your key, and give it the name of the file to save it to (default is fine). Now that you have a DSA SSH key generated, we need to get that key on the remote server, so we don't have to type our password all the time. So, this is where a really cool tool called 'ssh-copy-id' comes in. ssh-copy-id is just a script that makes an SSH connection to the remote server specified, secure copies the newly generated key over and appends it to ~/.ssh/authorized_keys. For example:

aaron@hercules:~$ ssh-copy-id -i .id_dsa.pub aaron@some.remote.server.com

It will ask for the user password just once, as you need to verify you are who you say you are. When entered correctly, the key is copied over and appended. You need the '-i' to take your identity with you. This isn't always needed, but type it anyway in good practice, as it will never hurt anything. Now, when logging into some.remote.server.com, you won't need to worry about entering your password. The server will look at the SSH keypair, and if they match, you're set. You should, however, add your SSH identity before connecting, otherwise, you'll always be prompted to enter your SSH key passphrase. This can easily be done with:-

aaron@hercules:~$ ssh-add

Now, you'll be asked for your passphrase once. Your SSH identity will be added to the keyring, and you can SSH to the remote server as many times as you like, save your identity is saved in the keyring. Gnome provides this keyring by default, so, if you stay logged into Gnome, so will your SSH identity. As soon as you log out and then back in, you'll need to re-add it.

So, there you go. Two simple tips to get your OpenSSH behaving the way you want, and with ease. Key based authentication is the only way to go, definitely if developing on the remote server with SVN+SSH. Your password can be a major problem.

{ 4 } Comments

  1. JGJones using Firefox 2.0.0.3 on Mac OS | March 24, 2007 at 5:35 pm | Permalink

    What finally made me use Linux full time and ditch Windows completely years ago was this most wonderful tool that I could not live without...

    Yep it's OpenSSH.

    The most utterly fantastic software tool ever. Thanks for your tips, some gems in there I wasn't aware of...ah so much to OpenSSH, no doubts I'll discover a few more gems in the years to come!

    Cheers

  2. niall using Firefox 2.0.0.3 on Mac OS | March 24, 2007 at 5:37 pm | Permalink

    My ssh config has started looking like this:

    1
    2
    3
    4
    Host nerp
    Hostname nerp.evil.ie
    Port 22
    User niall

    I also have a single host in front of all my home machines that I use as a bastion, so for those hosts I have something like:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    Host home
    Hostname my.ext.hostname
    LocalForward 2222 toast.int:22
    LocalForward 2223 scolex.int:22
    User niall

    Host toast
    Hostname localhost
    Port 2222
    HostKeyAlias toast.int
    User niall

    Host scolex
    Hostname localhost
    Port 2223
    HostKeyAlias scolex.int
    User niall

    So to access any of my internal machines I just need to

    1
    ssh  -N -f home

    and I can then access any of my LAN machines using

    1
    ssh toast

    .

  3. niall using Firefox 2.0.0.3 on Mac OS | March 24, 2007 at 5:50 pm | Permalink

    Oh, if you open several sessions to a single host, the ControlMaster options are awesomely kickass:

    1
    2
    3
    Host *
    ControlMaster auto
    ControlPath ~/.ssh/control-%r-%h-%p

    The first session to a host will create a socket of the form

    1
    ~/.ssh/control-username-hostname-22

    . Any subsequent connections to that host will use the socket giving you a blindingly fast login :)

  4. Antono Vasiljev using Debian IceWeasel 2.0.0.5 on Debian GNU/Linux | August 3, 2007 at 2:20 am | Permalink

    Thank you for the tips :)

{ 1 } Trackback

  1. [...] Cool SSH tips http://www.pthree.org/2007/03/24/more-ssh-tips/ [...]

Post a Comment

Your email is never published nor shared.

Switch to our mobile site