.ssh/config every dayAugust 18, 2014 at 01:52 PM | Shell, OpenSSL | View Comments
I'd like to take a moment to share a few ways I use ~/.ssh/config file to make my life happier every day.
With these options I never need to remember host names, usernames, or port numbers, and the vast majority of my SSH commands look like:
$ ssh myapp $ ssh myclient-prod-db $ rsync -a app-backup:backups/jan01 .
Every time I get ssh access to a server I add an entry to my config file giving the host a name that's meaningful to me (for example, "someclient-server" or "myproj-backup") and setting the default username and port:
Host someclient-dev Hostname 220.127.116.11 User dev Host someclient-prod-app Hostname redbunny.myclient.com Port 4242 User prod Host someclient-prod-db Hostname bluefish.myclient.com Port 4242 User db
These host alias can be used just about everywhere a hostname is passed to SSH, including:
SSH from the command line:
$ ssh someclient-dev ... email@example.com $
git, mercurial, or other version control systems:
$ git remote add dev someclient-dev:repo/
$ rsync -a media/ someclient-dev:media/
Not only does this mean I never need to remember weird hostnames or arbitrary usernames, but I can also open the file to see a list of all the machines I've ever had access to (which can be very useful when an old machines needs work done).
The bash-completion package is even .ssh/config aware, so tab completion will work as expected:
$ ssh someclient-<tab> someclient-dev someclient-prod-app someclient-prod-db
Amazon EC2 key management is also a huge continence. Each time I get access to an Amazon EC2 instance I add the IdentityFile to the Host definition:
Host *.amazonaws.com User ec2-user Host myapp Hostname ec2-1-2-3-4.compute-1.amazonaws.com IdentityFile ~/.ssh/aws-myapp.pem
As above, this will create the host alias myapp, and the identify file ~/.ssh/aws-myapp.pem will be used to connect (no more -I flag on the command line).
Finally, there are a few options that are useful to set for all hosts:
Host * # Instead of just printing the host key fingerprint as an opaque hex # string, print a pretty art. Ostensibly this is for security, but # mostly it's pretty: # +--[ RSA 2048]----+ # | oE .. | # | .. ... | # | . ooo | # | oooooo | # | . =+.+S+ | # | o.+o.o.. | # | o.. | # +-----------------+ VisualHostKey yes # Send explicit keepalive packets. This isn't often a problem, but I've # run into a few combinations of network and machine that will drop # inactive connections. KeepAlive yes ServerAliveInterval 60 # SSH Agent Forwarding is described here: # http://www.unixwiz.net/techtips/ssh-agent-forwarding.html ForwardAgent yes # SSH Control Channels allow multiple SSH sessions to share one # connection. For example, the first time I run "ssh myapp", ssh will # create a new connection to the server (creating a TCP connection, # authenticating, etc). As long as that connection # is active, though, running "ssh myapp" from another terminal will # re-use the same TCP connection, authentication, etc, making the # command virtually instant. # Note that the ControlPersist option is important, otherwise all the # sessions will be disconnected when the master session closes. ControlPath ~/.ssh/control/master-%l-%r@%h:%p ControlMaster auto ControlPersist 60