Part 1: Pimp my SSH
~/.ssh/config is a blank canvas full of possibility. Over the next couple posts I’m going to talk about fun things you can do with SSH and the config file.
Most of the time the use case for SSH is pretty simple: ssh foo@bar and done. Every once in a while we need to get slightly more complicated: change a port, user, or specify a key. We’re going to go just a tad deeper today and talk about making your SSH really work for you by using a config file.
You may have a few servers you connect to regularly for fun and profit. What if they have special parameters. Do you want to have to remember every time that your machine at foo.io uses a different hostname than your system user on your laptop? Nah, that’s too much work. Enter the SSH config file.
The config file
In this post, we’re keeping it simple: specifying a couple of easy connection params so you don’t keep forgetting the dang things. Here’s an example of setting these values:
Host chat
Port 12345
Hostname foo.bar.io
User baz
IdentityFile ~/.ssh/other_key
ForwardAgent yes
The Breakdown
Let’s break this down line by line.
Host chat specifies a host that the ssh client will search for in the config file. This can either be a short DNS name, an FQDN, or a nickname. If the Hostname parameter is provided, the ssh client will match on the Host field and then resolve the DNS name using the Hostname field. This is a handy way to specify machines using nicknames without adding them to /etc/hosts
Port 12345 is pretty self-explanatory. It specifies the port that the SSH client should connect to. Defaults to 22
User baz is similarly easy to guess. It connects to the target as the user baz
IdentityFile ~/.ssh/other_key specifies some SSH key to use when connecting. Useful when connecting to a machine that uses a keypair other than what’s in ~/.ssh/id_rsa
ForwardAgent yes is a fun one. What if you have a bastion/pivot/jumpbox that you want to connect to other machines from, but don’t want to store your keys on it? Maybe it’s a shared machine or you just don’t trust it? Easy*! Use ForwardAgent!
*Terms and conditions apply
This is just a short intro to what I’ll be explaining later: How to make your SSH config file work for you. In upcoming posts I’ll be explaining how to do SSH tunnels using your config file, why they’re useful, and a deeper look at ForwardAgent.
For now, get playing around with the config file and learn to appreciate how much time it saves you, even if you’re just using it as a substitute for /etc/hosts to nickname your boxen.