Site Map - skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr1856 :: ssh config

Klaatu talks about ssh config.

<< First, < Previous, Latest >>

Hosted by klaatu on 2015-09-14 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (3)

Put a file called 'config' into ~/.ssh and you can define any option you would normally provide as part of the command as an automatically-detected configuration.

For example:

host foo
    hostname foo.org
    identityfile /home/klaatu/.ssh/foo_rsa
    port 2740
    protocol 2

Makes the command 'ssh klaatu@foo' look like this to SSH:

ssh -p2740 -i ~/.ssh/foo_rsa klaatu@foo.org

Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2015-09-14T07:14:15Z by 0xf10e

Nice intro to `~/.ssh/config`, klaatu.

The "protocol 2" option is the default for quite some time - as in "more than 10 yrs". I think the latest version of OpenSSH doesn't even compile with support for version 1 by default. At least the sshd.

Shortening hostnames comes really handy in cases like " web-frontend.fancy-example-corp.co.uk".
And there's also patterns matching like

Host *.fancy-example-corp.co.uk *.fancy-example-corp.com
Username joe-the-admin
identityfile ~/.ssh/work_rsa


Host web-frontend1.fancy-example-corp.co.uk
Port 56278

Host web-frontend1.fancy-example-corp.co.uk
Port 57427

This way you can group hosts with common options easily.

Comment #2 posted on 2015-09-15T15:07:16Z by b-yeezi

Thanks

Thanks for this show. I immediately added a config file for the couple of accounts that I commonly use. The only that I added for security is to change the permissions of the file to 600 or 644. Keep up the great shows!

Comment #3 posted on 2015-09-17T12:31:38Z by Gabriel Evenfire

Identity file

I'm curious if, from your example, you are creating separate identity files for each host. I imagine not, but it's a possibility I'd never considered before. I suppose it doesn't provide that much more security insofar as if someone can read one of your private keys from .ssh/ they can read all of them. But it does make me think.

For my part I have this ruby script to run ssh w/ shorthands to the different identities and accounts in our internal machines. This show is prompting me to do it the right way. (especially insofar as it will work with scp, sftp, and scripts that use them)

Thanks for the show. I'm enjoying that people are starting break open the tools other than the "blade" in this ssh swiss army knife.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to
record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the P in HPR stand for ?
Are you a spammer →
Who hosted this show →
What does HPR mean to you ?