Manage SSH Connections with ~/.ssh/config


I used to manage SSH connection with such GUI apps as MobaXterm, when I wrote code on Windows at work. As I changed my workflow to use a tiling window manager in a VirtualBox guest OS, I continued to improve my way of managing SSH connections, which I want to share here if you don't know yet.

At first, I baked a helper Python script, which I named as qssh for "quick ssh", to help me assemble ssh arguments for me(such as username, Ip, port, etc.), so that I can easily access a host by giving it only one argument, e.g. qssh foo.

Then as I understood it more, I surprisingly found that ssh itself can be configured to do that by just configuring ~/.ssh/config. I wish I knew it from day one. Together with identity files, it's very easy to login remote host, copy files between hosts using scp.

How To Configure Connections

For every SSH connection, there are some specific arguments like IP, port, user name, etc. Let's assume there is a host with IP 10.1.2.3, and I can ssh into it with whatacold as name and foo123 as the password at port 2234. I had to type ssh -p 2234 whatacold@10.1.2.3 literally, which is too many keys to type.

Actually, all these connection details can be put in ~/.ssh/config like below, it's organized in sections per hosts:

Host new-test
     Hostname 10.1.2.3
     Port 2234
     User whatacold
     IdentityFile ~/.ssh/id_dev

Now I can do things straightly in a higher level:

  1. ssh new-test, log in that host

  2. ssh new-test date, log in it and run a command there

  3. scp /tmp/a.log new-test:/tmp, copy a file to it

  4. rsync -e ssh /tmp/foo /tmp/, even let rsync sync files over SSH

There is one that hasn't be mentioned is IdentityFile, which means I can log in that host using public key authentication, so that I don't have to type a password when logging in the host anymore, which really smooths the workflow.

How To Use Identity Files

First, generate a pair of keys if you haven't done yet, for example, ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_dev, hit Enter when it prompts you to enter a password(using no password).

Then copy the public key to the remote host by executing ssh-copy-id -i ~/.ssh/id_dev new-test, it will append the key to ~/.ssh/authorized_keys file there.

Now you can log in that host without entering passwords, try it with, for example, ssh new-test ifconfig to see if it prints the remote host's IP.

(I still remember that I used to write a helper expect script to save me from typing passwords every time, it worked but it's not as simple and convenient as ~/.ssh/config.)

Common Configurations

If there are some common configurations for every host, they can be put under a default "section" named Host *. For example, I want to keep alive the connections, so I have these directives for all hosts:

    # Default settings for all hosts
    Host *
        ServerAliveInterval 10
        ServerAliveCountMax 100

Note that this default setting should be put at the end of the file, as it seems that the first matched directive of two Host wins if .


See also

comments powered by Disqus