User Tools

Site Tools


it_tips:ssh

This is an old revision of the document!


Better SSH experience

This page contains some suggestions on how to improve your SSH experience.

The ssh config file

You user own configuration file is located in your home folder at the path

~/.ssh/config

In some cases this file does not exist, you can create it for example by issuing

touch ~/.ssh/config

This file is very useful to create ssh shortcuts to servers and add specific options for each server. In what follows I show some examples of how this can be used.

Speedup connection using tunneling

One can speedup logging in by configuring her/his own ssh client. This will also help in scp-ing data to the cluster.

The configuration example below shows how you can access a machine through another machine with a single ssh command. The scenario is as follows:

 User  --->  machine hostA.matfys.lth.se  ---->  machine hostB.matfys.lth.se ----> machine hostC.matfys.lth.se

And you want to use one single command to login to B or C.

# access hostA.matfys.lth.se
Host hostA
HostName hostA.matfys.lth.se
User <username on hostA.matfys.lth.se>
ForwardX11 yes  # this is equivalent to ssh -X hostA.matfys.lth.se
 
# directly access hostB.matfys.lth.se
Host hostB
User <Username on hostA.matfys.lth.se>
ForwardX11 yes
# Use this command if A uses Openssh server version < 5.4.
# It requires the program netcat (nc) to be installed on the
# hostA.matfys.lth.se machine.
ProxyCommand ssh -q hostA.matfys.lth.se nc hostB.matfys.lth.se 22
 
# directly access hostC.matfys.lth.se
Host hostC
User <Username on hostC.matfys.lth.se>
ForwardX11 yes
# Use this command if hostB.matfys.lth.se uses Openssh server version >= 5.4,
# that has native support for tunnelling ssh connections.
ProxyCommand ssh -q hostB.matfys.lth.se -W hostC.matfys.lth.se:22

Example: My user is florido. In the template above, I would change all the <Username …> to florido.

then to login to hostB.matfys.lth.se I will do:

ssh hostB

And I will have to input 2 passwords: one for hostA.matfys.lth.se, one for hostB.matfys.lth.se.

In general you will have to input as many passwords as the number of hops. To overcome this problem, use a private/public ssh keypair technique described below.

Reduce passwords using a private/public ssh key pair

work in progress. If you plan to use this, read the following:

:!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!:

DO NOT USE PASSWORDLESS KEYS. THESE ARE A SECURITY THREAT FOR THE EVERYONE USING SERVERS!!!

:!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!::!:

This tutorial is nice:

https://wiki.archlinux.org/index.php/SSH_Keys

it_tips/ssh.1493803781.txt.gz · Last modified: 2017/05/03 09:29 by florido

Accessibility Statement