Stupid Nix Tricks with Fraq: Part 1


(Full Snack Developer) #1

Part 1: Pimp my SSH

~/.ssh/config is a blank canvas full of possibility. Over the next couple posts I’m going to talk about fun things you can do with SSH and the config file.

Most of the time the use case for SSH is pretty simple: ssh [email protected] and done. Every once in a while we need to get slightly more complicated: change a port, user, or specify a key. We’re going to go just a tad deeper today and talk about making your SSH really work for you by using a config file.

You may have a few servers you connect to regularly for fun and profit. What if they have special parameters. Do you want to have to remember every time that your machine at uses a different hostname than your system user on your laptop? Nah, that’s too much work. Enter the SSH config file.

The config file

In this post, we’re keeping it simple: specifying a couple of easy connection params so you don’t keep forgetting the dang things. Here’s an example of setting these values:

Host chat
    Port 12345
    User baz
    IdentityFile ~/.ssh/other_key
    ForwardAgent yes

The Breakdown

Let’s break this down line by line.

Host chat specifies a host that the ssh client will search for in the config file. This can either be a short DNS name, an FQDN, or a nickname. If the Hostname parameter is provided, the ssh client will match on the Host field and then resolve the DNS name using the Hostname field. This is a handy way to specify machines using nicknames without adding them to /etc/hosts

Port 12345 is pretty self-explanatory. It specifies the port that the SSH client should connect to. Defaults to 22

User baz is similarly easy to guess. It connects to the target as the user baz

IdentityFile ~/.ssh/other_key specifies some SSH key to use when connecting. Useful when connecting to a machine that uses a keypair other than what’s in ~/.ssh/id_rsa

ForwardAgent yes is a fun one. What if you have a bastion/pivot/jumpbox that you want to connect to other machines from, but don’t want to store your keys on it? Maybe it’s a shared machine or you just don’t trust it? Easy*! Use ForwardAgent!

*Terms and conditions apply

This is just a short intro to what I’ll be explaining later: How to make your SSH config file work for you. In upcoming posts I’ll be explaining how to do SSH tunnels using your config file, why they’re useful, and a deeper look at ForwardAgent.

For now, get playing around with the config file and learn to appreciate how much time it saves you, even if you’re just using it as a substitute for /etc/hosts to nickname your boxen.

(Security Architect & Founder) #2

Really liked this article! I am a big fan of ForwardAgent! Cannot literally wait until that next article comes out!

Guys. SSH is really really cool.

- pry0cc

(Full Snack Developer) #3

This topic was automatically closed after 30 days. New replies are no longer allowed.