Simplify your life with SSH config

If you have not been living in a cave somewhere for past 10 years, you may have heard about SSH already. It's a lovely tool to remotely access your machines. It's a darling of system admins for so many years and years to come...

If you have a couple of system, you can use ssh simply like this:

$ ssh fooey@dev.example.com -p 22000
password: *************

It's good. But if you are like me and have so many boxes up in the cloud or in our local data center it's not that good, because you have to type the password every time you attempt to login.

And here you can utilize the ssh-key in place of passwords. And it would be more secure anyways. Here is a guide on how to set up ssh-keys.

And after you are done setting up your ssh-keys you can simply use the -i flag with ssh command and point to your private key like this :

Hint: Your ssh private keys should be having 600 permissoins on it. Otherwise ssh will throw inscecure private key error. It's a very important security requirement.

$ ssh nos09@freelancing.studio -p 22000
# Assuming your keys are properly setup and your default key is named id_rsa.

Or using private key with custom name :

$ ssh -i new.key nos09@freelancing.studio
# Assuming your private key is named 'new.key'

Now you can also set your alias shortcuts from your .bash_profile to quickly access your boxes based on custom keyword. For example if I want to access my Dev box, I can add a alias in my .bash_profile to create a shortcut called 'dev' to run the ssh command associated with it. Put these lines in your ~/.bash_profile.

$ alias dev='ssh nos09@dev.freelancing.studio -p 22000'
$ dev # To connect

Now you can access your Dev server with just one command 'dev'.

Alright simple enough. But still not good enough. Especially if you are like me and have 30+ servers to manage both local and in cloud.

This is where the ssh's config file comes handy. It's specific to each user, as in all users will have their own config file. Okay... open the file with following command:

$ vim ~/.ssh/config

And add the following lines in it:

# contents of $HOME/.ssh/config
Host dev
    HostName dev.freelancing.studio
    Port 22000
    User nos09

Save. Now you can access your Dev server like this:

$ ssh dev

You can also include other configuration as well. For example, I can now add my git server entry and utilize git's ssh key facility.

Host dev
    HostName dev.freelancing.studio
    Port 22000
    User nos09
	IdentityFile ~/.ssh/nos09.dev.key
Host github.freelancing.studio
    User git
	IdentityFile ~/.ssh/nos09.git.key
	

Now every time you commit and code and push it you won't have to type the password, very powerful.

You now have option to configure ssh to use different key for different boxes.

Host studio
    HostName freelancing.studio
    Port 22000
    User nos09
	IdentityFile ~/.ssh/new.key
Host x
    HostName x.freelancing.studio
    Port 22000
    User nos09
	IdentityFile ~/.ssh/nos09x.key
Host dev
    HostName dev.freelancing.studio
    Port 22000
    User nos09
	IdentityFile ~/.ssh/nos09.dev.key
Host github.freelancing.studio
    User git
	IdentityFile ~/.ssh/nos09.git.key
	

Awesome! But wait there is more ...

SereverAliveInterval

Suppose you want to keep connected with your boxes over ssh. But after some inactive time the ssh session get terminated and you have to connect again. And this happens again and again ... You can tell ssh to keep your session alive by adding ''ServerAliveInterval" in your config file. Here is an example config for my dev box:

Host dev
	HostName dev.freelancing.studio
	Port 22000
	User nos09
	IdentityFile ~/.ssh/nos09.dev.key
	ServerAliveInterval 10

What this means is, ssh will try to keep your session alive by sending interval signal to your box every 10 seconds.

Now comes the port forwarding part... My favorite !!!

Port forwarding is very useful when you want to access your box's some port but it's only available from your box's local environment. By forwarding the local port of your box to your localhost and access it as you can access your local ports ! Pretty powerful stuff. Here how you can access your database running on port 5432 on port 9900 from your local machine.

$ ssh -f -N -L 9900:127.0.0.1:5432 dev.freelancing.studio
# -f puts ssh in background
# -N makes it not execute a remote command

Here is config file to facilitate the port forwarding, so we won't have to run the above command every time we want to create a 'tunnel' :

Host tunnel
    HostName dev.freelancing.studio
    IdentityFile ~/.ssh/nos09.dev.key
    LocalForward 9900 127.0.0.1:5432
    User nos09

Then to create our tunnel we can just run this:

$ ssh -f -N tunnel

That's it for now. But that's not it. SSH is very powerful tool. You can do many more stuff by tweaking your config. And you can also do more than just playing with your config files ... You can write automation scripts with python using modules like Paramiko. I have written few quick and short articles which you can visit if you are getting curious.

You can always find more about it by searching the web and from good old ssh documentation page.

Comments: