A Linux Playground

My doodles and what I get up to.

Setup SSH Config

The more often you find yourself using ssh you quickly tire of having to write long commands specifying identity key files and per host configurations. Using bash aliases is one solution but a nicer solution is to use a personal configuration file.

Global SSH client configuration file

/etc/ssh/ssh_config - This file must be world readable but not writeable. It contains the default settings for all ssh users.

User-specific SSH client configuration files

~/.ssh config - This file is the user’s own configuration file. It overrides any defaults or the settings in the global client configuration file. If you have not already used ssh or setup a local ssh directory do so by issuing

1
2

mkdir -p ~/.ssh
chmod 0700 ~/.ssh

Options for your configuration file

Like all other Linux configuration files lines starting with a hash or that are empty are ignored.

  • Host - This is the name of the host s you specify after ‘ssh’ on the command line. It specifies to which hosts the following configuration options applies to. The section ends with a new Host section or at the end of the file. A wild card * can be used to provide global defaults for all hosts.
  • HostName - This is where the server name or ip address is specified.
  • User - This is the user name to log in with for the SSH connection.
  • IdentityFile - This option specifies an encryption key file from which the users encryption key is read and used to verify the user to the server. The default is ~ .ssh id_dsa, ~ .ssh id_ecdsa and ~ .ssh id_rsa.
  • UserKnownHostsFile - This option allows you to specify a hosts file to verify the servers key again already known servers.
  • ProxyCommand - Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. This directive is useful in conjunction with and its proxy support. For example, the following directive would connect via an HTTP proxy at 192.1.0.253
  • ProxyCommand usr bin nc -X connect -x 192.1.0.253:3128 %h %p
  • LocalForward - Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address]:port and the second argument must be host:port.
  • Port - Specifies the port number to connect on if the server is not using the default of 22.
  • ServerAliveInterval - Sets a timeout interval in seconds after which if no data has been received from the server, a message is sent through the encrypted channel to request a response from the server.
  • ServerAliveCountMax - Sets the number of server alive messages which may be sent without receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session.