Use ssh_config To Simplify Your Life

When using multiple systems the indispensable tool is, as we all know, ssh. Using ssh you can login to other (remote) systems and work with them as if you were sitting in front of them. Even if some of your systems exist behind firewalls you can still get to them with ssh, but getting there can end up requiring a number of command line options and the more systems you have the more difficult it gets to remember them. However, you don't have to remember them, at least not more than once: you can just enter them into ssh's config file and be done with it.

For example, let's say that you have two "servers" that you connect to regularly, one at your house that's behind your firewall. Further, let's say that you use dyndns to make your home IP address known, and that you've got ssh listening on port 12022 rather than the default port 22 (and you've got your firewall forwarding that port to the server). So to connect you need to run:

$ ssh -p 12022 example.dyndns.org

The second system, let's say is local and you just connect with:

$ ssh 192.168.1.15

The second one is not too bad to type, but a name would be easier. You could put the name in your /etc/hosts file, or you could set up a local DNS server, but you can also solve this problem using ssh's config file.

To create an ssh config file execute the commands:

$ touch ~/.ssh/config
$ chmod 600 ~/.ssh/config

Now use your favorite text editor to edit the file and enter the following into it:

Host server1
HostName example.dyndns.org
Port 12022

Host server2
HostName 192.168.1.15

The Host option starts a new "section": all the options that follow apply to that host till a new "Host" option is seen. The "HostName" option specifies the "real" host name that ssh tries to connect to (otherwise the "Host" value is used). The "Port" is obviously the port that ssh tries to connect to, if you don't specify a port, the default port is used.

Now you can connect much more simply:

$ ssh server1
$ ssh server2

These are just a few of the options that you can set in ssh's config file. You can also, for example, specify that X11 forwarding be enabled. You can set up local and remote port forwarding (i.e. ssh's -L and -R command line options, respectively). Take a look at the man page (man ssh_config) for more information on the available options.

One of the added benefits of using ssh's config file is that programs like scp, rsync, and rdiff-backup automatically pick up these options also and work just as you'd expect (hope).

______________________

Mitch Frazier is an Associate Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Help. I made your changes to

Anonymous's picture

Help. I made your changes to /etc/sshd_config, and now ssh doesn't work at all.

Hello...I started to

Ancho's picture

Hello...I started to implement a frontend to manage hosts via ssh_config.

https://sourceforge.net/projects/sshconf/

You can also use a GUI to configure ~/ssh/.config

dod's picture

A GUI with integrated help is also available to edit ~/ssh/.config. This GUI is provided by config-edit-ssh command.

On Debian, config-edit-ssh is provided by libconfig-model-openssh-perl package..

On other systems, you can download Config::Model::OpenSsh from CPAN to get config-edit-ssh.

For more details, see config-model-openssh on Freshmeat

Hope this helps

Can I use this with

Anonymous's picture

Can I use this with public/private key pass-phrase? It asks me for a password instead of a pass-phrase when I use this. The config file looked like this:

Host *
IdentityFile ~/.ssh/[user]

and now I added the shortcuts and it asks for a password. Even when I add the line "IdentityFile ~/.ssh/[user]" to each host entry it still asks for password.

Any one know a way around this? Otherwise, great shortcut, thanks!

Use ssh config to use proxy server

Anonymous's picture

If you are allow you to ssh into remote site directly , you can use ssh config file to configure proxy server and port.

command_not_found_handle is even more handy

giggls's picture

In bash4 it is possible to set up an autossh feature which is quit
handy. I'm using this for about a year now:

function command_not_found_handle() {
    host=$(echo $1 |sed -e 's/^.*@//g')
    # if hostname is found in in .ssh/config then ssh to this host
    if grep -q "Host $host" $HOME/.ssh/config; then
      ssh $*
    else    
    # otherwise check for a valid hostname and try the same if found
      if ! getent hosts $host >/dev/null; then
        echo "bash: $*: command not found"
      else
        ssh $*
      fi      
    fi  
}

scripts

augmentedfourth's picture

I have a script ~/bin/ssh_base with the following contents:
#!/bin/bash
ssh -X -C `basename $0` $*

Then I just create symlinks in ~/bin/ with the hostnames of machines to which I connect. Now all I have to do is type hostnames, and there's tab completion! I'll have to look into ssh_config more, though... I like how it simplifies connecting to a server on a non-22 port.

ssh tab...

Ash's picture

In bash, ssh can have autocompletion too (host names from known_hosts etc.]

SSH!

termac's picture

Any chance to get a high res version of the poster for printing?
The site on the poster seems to be no longer around.

this is prob to the

Anonymous's picture

thanks

termac's picture

Thanks! Unfortunately it is already gone now.
Guess I have to just look for the picture and make my own poster.

just url is slightly

Anonymous's picture

just url is slightly different:
http://halbot.haluze.sk/?id=1817

SSH!

emeitner's picture

Shorter shortcut

Anonymous's picture

Hey Mitch,

Thanks for another good tip! I came up with a slightly different solution for the same problem - to add an alias to my bashrc file:


alias server1="ssh -p 12022 mitch@example.dyndns.org"

Now I only have to type the name of the server I want to connect to...

Keep up the good work!

Nice, I like this too. Good

Anonymous's picture

Nice, I like this too. Good job.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix