Getting Started With Linux – Creating A Local SSH Config

12th July, 2016 by

When managing Linux servers, the Secure SHell (SSH) is the most commonly used tool for connecting to remote servers to do this.

Jumping Between Servers: SSH to the Rescue

Security practices recommend that the SSH server should be run using a non-standard port, and that SSH keys be used when connecting to the server. This is to help prevent script kiddies from both finding and brute-force attacking the SSH server on your dedicated server or VPS.  It’s also recommended that you don’t use the same SSH key over multiple servers, in much the same way that you shouldn’t re-use passwords between websites and servers. This does mean that the command you use to connect to a server can become overly long, such as:

ssh -i ~/.ssh/myprivkey -p 8625 myuser@myserver.mydomain.com

When you are regularly jumping between servers it can feel somewhat long winded to type this in time and again. Fortunately, SSH’s config file provides a solution to this problem. Each user can store their own config file within the .ssh directory in their home directory, easily accessed using ~/.ssh/config as the file path. Let’s have a look at an example where we can configure the file to make this command easier. Below is some text that we would place within the ~/.ssh/config file.

#My hosting server.

Host myhost

    HostName myserver.mydomain.com

    User myuser

    Port 8625

    IdentityFile ~/.ssh/myprivkey

I’ll break this down line by line:

SSH’s Config File

The first line begins with the hash (#) symbol which means that it is a comment. As such, SSH will ignore the line, but you can use these lines to keep track of additional information which will help with maintaining the file later.

The second line begins with the word “Host” – this tells SSH that you are defining a new host. Following this will be the name that you will use to reference this specific host. An asterisk (*) can be used to provide default configuration that would be applied to all hosts, unless a specific host entry has configuration to override it.  

The line beginning with “HostName” is used to define the hostname for the host entry. This can be in the form of a fully-qualified domain name (FQDN) or simply as an IP address.

The next line begins with “User”, and this line is used to define the username that SSH should use by default when connecting to this host.

This is followed by a line beginning with “Port”, which specifies the Port that SSH will be listening to on that server.

The final line begins with “IdentityFile”. This provides the path to any private SSH key which is used for identification to the server.

Aside from the HostName, all entries are optional. So you could have a host entry that simply specifies the HostName for a server.

Once this entry has been placed in the config file, subsequent uses of SSH can simply use the name provided to the Host line to connect to the server. For example:

ssh myhost

This will now connect in the same way as using the long command near the top of the article. You can have multiple host entries within your SSH config file, which can save a lot of time if you have a lot of different SSH keys in use by informing SSH which server needs which key.

Pretty much all of the options you can set at the command line when connecting via SSH can be applied in the ssh_config file. There is a man page for these options explaining all the various commands that can be read using the following:

man ssh_config

Using the ssh_config file to configure all your hosts with simple memorable names you can make your life much easier when working with multiple hosts, as well as no longer needing to remember any special case connection options for specific systems.

(Visited 28 times, 1 visits today)