Use ssh_config To Simplify Your Life
When using multiple systems the indispensable tool is, as we all know, ssh. Using ssh you can login to other (remote) systems and work with them as if you were sitting in front of them. Even if some of your systems exist behind firewalls you can still get to them with ssh, but getting there can end up requiring a number of command line options and the more systems you have the more difficult it gets to remember them. However, you don't have to remember them, at least not more than once: you can just enter them into ssh's config file and be done with it.
For example, let's say that you have two "servers" that you connect to regularly, one at your house that's behind your firewall. Further, let's say that you use dyndns to make your home IP address known, and that you've got ssh listening on port 12022 rather than the default port 22 (and you've got your firewall forwarding that port to the server). So to connect you need to run:
$ ssh -p 12022 example.dyndns.org
The second system, let's say is local and you just connect with:
$ ssh 192.168.1.15
The second one is not too bad to type, but a name would be easier. You could put the name in your /etc/hosts file, or you could set up a local DNS server, but you can also solve this problem using ssh's config file.
To create an ssh config file execute the commands:
$ touch ~/.ssh/config $ chmod 600 ~/.ssh/config
Now use your favorite text editor to edit the file and enter the following into it:
Host server1 HostName example.dyndns.org Port 12022 Host server2 HostName 192.168.1.15
The Host option starts a new "section": all the options that follow apply to that host till a new "Host" option is seen. The "HostName" option specifies the "real" host name that ssh tries to connect to (otherwise the "Host" value is used). The "Port" is obviously the port that ssh tries to connect to, if you don't specify a port, the default port is used.
Now you can connect much more simply:
$ ssh server1 $ ssh server2
These are just a few of the options that you can set in ssh's config file. You can also, for example, specify that X11 forwarding be enabled. You can set up local and remote port forwarding (i.e. ssh's -L and -R command line options, respectively). Take a look at the man page (man ssh_config) for more information on the available options.
One of the added benefits of using ssh's config file is that programs like scp, rsync, and rdiff-backup automatically pick up these options also and work just as you'd expect (hope).
Mitch Frazier is an Associate Editor for Linux Journal.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide