Configuration

Click here to expand...

https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

There are 2 types of client configuration files:

• system-wide configuration

• user-specific configuration - which overrides the system-wide configuration

config format https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/ https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

How Configs Simplify Commands

Given:

• Local desktop client – Apple OS X or Ubuntu Linux.
• Remote Unix server – OpenBSD server running latest OpenSSH server.
• Remote OpenSSH server ip/host: 75.126.153.206 (server1.cyberciti.biz)
• Remote OpenSSH server user: nixcraft
• Remote OpenSSH port: 4242
• Local ssh private key file path : /nfs/shared/users/nixcraft/keys/server1/id_rsa

Command Without Config

• ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 -l nixcraft server1.cyberciti.biz

To avoid typing all this, edit the configuration file and append this:
Host server1
HostName server1.cyberciti.biz
User nixcraft
Port 4242
IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Command With Config

• ssh server1

Understanding Config Entries

• Host
  • Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file. A single * as a pattern can be used to provide global defaults for all hosts.
• HostName
  • Specifies the real host name to log into. Numeric IP addresses are also permitted.
• User
  • Defines the username for the SSH connection.
• IdentityFile
  • Specifies a file from which the user’s DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.
• ProxyCommand
  • Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. This directive is useful in conjunction with nc(1) and its proxy support.
  • For example, the following directive would connect via an HTTP proxy at 192.1.0.253:
    ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p
• LocalForward
  • Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport.
• Port
  • Specifies the port number to connect on the remote host.
• Protocol
  • Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2.
• ServerAliveInterval
  • Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. See blogpost “Open SSH Server connection drops out after few or N minutes of inactivity” for more information.
• ServerAliveCountMax
  • Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session.

system wide config https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/ https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

1. System-wide SSH client configuration files
/etc/ssh/ssh_config

user specific config https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/ https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

1. User-specific SSH client configuration files
~/.ssh/config
$HOME/.ssh/config

overrides the settings in the global client configuration file, /etc/ssh/ssh_config

2. if this is new Linux/Unix box, create ~/.ssh directory
mkdir -p ~/.ssh
chmod 0700 ~/.ssh

Commands

Click here to expand...

SSH Essentials Working With SSH Servers Client & Keys
22 SSH Examples

1. login
ssh <remote_host>
ssh <username@remote_host>

2. login with private key
ssh -i <path to private-key-file> <host-url>

3. login with different port (by default the ssh daemon on a server runs on port 22)
ssh -p <port number> <host-url>

1. The fingerprint is the MD5 of the Base64-encoded public key.
echo ‘public-key-here’ | base64 -D | md5

1. running a single command on remote host
ssh username@remote_host <command to run>

Other Commands

• SSH Tunneling
• ssh-key-management