Unix: Making ssh connections easier

Need a way to make connecting to lots of servers using different settings and usernames easier? Look no further than the ssh config file.

I rely on ssh for connecting to dozens of servers. The problem is that my username is often different from one system to the next and I often have trouble remembering which username goes with which system. One easy way to keep them straight is to take advantage of a not-so-obvious SSH feature -- the SSH config file. By creating and configuring a ~/.ssh/config file, you can create a profile for each of the servers that you use and make connecting to those systems quite a bit easier. For a basic example of how this works, say that I use a system named boson in the domain elemparticles.org and that I log into this server with the username higgs. I could use the command ssh higgs@boson.elemparticles.org. Alternately, I could create a profile for the server that looks like this and then get by with just using the command ssh boson to log in.

Host boson
  HostName boson.elemparticles.com
  User higgs

If you don't have a .ssh directory or an ssh config file, you can start with commands like these and then edit the config file you have just created.

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config

Once you've tested your first ssh login profile with a simplified ssh command such as ssh boson command, you can add as many additional profiles as suit your needs. In the example below, I've set up profiles for four separate systems, each with a different username.

Host boson
  HostName boson.elemparticles.com
  User higgs

Host fermion
  Hostname fermion.elemparticles.com
  user dirac

Host dweebs
  Hostname linuxdweebs.example.org
  User sandra

Host solaris
  Hostname sug.history.net
  User shs

You might want to add other options to your profiles as well. The ServerAliveInterval and ServerAliveCountMax settings will allow you to establish keep alives for connections to those servers. These settings will refresh a connection every 30 seconds for up to an hour and a half:

ServerAliveInterval 30
ServerAliveCountMax 90

You can add these lines to any of your profiles:

Host boson
  HostName boson.elemparticles.com
  User higgs
  ServerAliveInterval 30
  ServerAliveCountMax 90

If your ssh connections need to go through a non-standard port, you can add that as well by using the Port setting.

Host boson
  HostName boson.elemparticles.com
  User higgs
  Port 2222
  ServerAliveInterval 30
  ServerAliveCountMax 90

If you use a private key to log into the remote server, you can add that to your config profile as well:

Host boson
  HostName boson.elemparticles.com
  User higgs
  Port 2222
  IdentityFile ~/.ssh/boson.key
  ServerAliveInterval 30
  ServerAliveCountMax 90

Note that the key specified on the IdentityFile line should be your private key on the remote system. You can also use ssh config file profiles to effect "multi-hop" connections -- when you have to go through one system to get to another. On the command line, a multi-hop connection might be done with a command like this to simplify connections to the system that you cannot log into directly. Let's say that the system you cannot log into directly is called "remhost2". If you can get to remhost2 when logged into remhost1, but not from your current system, you might use a command like this:

$ ssh -A -t remhost1 ssh -A -t remhost2

To make connections like this using the config file, use a ProxyCommand setting like this that employs both ssh and netcat (nc):

Host remhost1
  HostName remhost1.somesite.com

Host remhost2
  ProxyCommand ssh -q remhost1 nc remhost2 22

In this command, we associated the FQDN for remhost1 with its simple hostname (the string "remhost1") and then set up a ProxyCommand so that connections to remhost2 go through remhost1. An ssh config file can make it easier to connect to systems by simplifying their names, accomodating configuration options (such as different usernames and unusual port numbers), helping with authentication or simplifying multi-hop setups. It provides a nice way to keep track of connections that you make to a large collection of systems and can be a real time saver and anxiety avoider.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies