too many words by laura lemay

ssh goodies

And now from an ode to ripe peaches and discussion on human evolution we proceed directly to Unix documentation.

Use ssh and scp to connect securely from one unix host to another. I use ssh a lot: between machines on my own network, to my web host, to various BBS systems, from machines at work (when I’m working) to machines back home again. Depending on the context and the system, I have to keep track of machine names, login names, proxy servers and the crypto cipher used for the connection. That can mean some ridiculously long ssh command lines.

For a while I was using shell aliases for my most common ssh commands. But just recently I discovered the wonder of the ssh config file, and it has made my life much easier. If you use ssh or scp at all, you’ll probably find it useful, too.

The ssh config file is contained in ~/.ssh/config. There isn’t one there by default but you can create one with the text editor of your choice (just for the record I use emacs for long coding sessions but vi when I want to make a really quick change to a file. I really don’t get excited either way). There’s a default ssh config file in /etc/ssh/ssh_config for site-wide ssh settings.

The ssh config file contains configuration sections, one for each host you ssh (or scp) into. Each configuration section starts with a Host line and then contains multiple lines for different configuration options you want to use for that host. Here’s an example:

Host ll www
User laura

The name you give on the Host line can be the actual domain name for the host, or it can be one or more aliases for that host you can use on the command line (here I used ll and www). You can use wildcards and ssh will match the name with what you type. A configuration section that starts with Host * will apply to all hosts.

Configuration lines after the Host line apply to that host (up to the next Host line). If you use aliases in Host you’ll probably want a HostName line for the actual domain name you want to connect to. The User is the login name you want to use, if it is different from your current login name. I end up using ProxyCommand, Cipher, and Port occasionally, if I’m inside a firewall. ForwardX11 may be a useful option for you, if you remotely display X11 windows over ssh.

And of course if at any time you want to override anything in the ssh config file, no problem: just use a command line option. ssh gives priority to the command line options. Can’t do that with shell aliases.

You can find the complete list of possible configuration options in the ssh_config man page.