Convenient SSH

If you are like me, then you might have a few machines around the house, or the office, into which you need to SSH frequently. Over time I accumulated a few ways to make this experience more convenient, without sacrificing security and I wanted to share these here:

Specify the login user

You might log into your SSH servers with usernames that are not the same as the one you use on your local system, the client. For example, your username might be john but you want to log into a raspberry pi server using the pi username. Now typically you would need to specify that username in the command line, e.g.: ssh pi@192.168.0.100 However, using ~/.ssh/config you can set which username should be used if no other one is specified, e.g.: Host 192.168.0.100 User pi Now you can simply say: ssh 192.168.0.100 You will be logging in as “pi”, unless you explicitly specify a different username.

Give your stations a name

This might be obvious, but typing IP addresses can be tedious and they are harder to remember. So either use a DNS system or manually set host names in /etc/hosts. Together with setting the SSH log-in user, these tips can reduce ssh pi@192.168.0.100 to ssh piserver

Persistent multiplexed SSH connections

Multiplexing means that you use a single connection to transmit multiple sessions. This is extremely useful if are often SSH-ing into the same machine multiple times, or are logged in while using scp repeatedly. Typically, you would need to enter your password (or decrypt your private key) every single time. And even if you figured out how to keep your key in memory (see below), the connection still needs to be established, which could take a second or two. Using the following trick in ~/.ssh/config, you can multiplex your SSH connections to specific hosts through a single connection, and also make this single connection persitent: Host 192.168.86.100 ControlMaster auto ControlPath /tmp/master-%r@%h:%p ControlPersist yes Next ssh into that machines ones the way you usually do. This will establish the initial connection. Now try to log-in again, or scp a file to or from the machine. You will see, that these operations are super fast and you do not need to enter any credentials anymore.

Use Key-Based Logins

Instead of using a password, use public/private key pairs to log into your machines. This is pretty standard these days, and you might think why I put this in the category of being more convenient. Here is why: When you use this way of authenticating with your SSH server, you typically keep the private key encrypted with a password on your client. When you log-in through SSH, you then have to enter a password to decrypt the key and use it. At this point this is just as inconvenient as regular password-based logins. However, you can add the certificate to a keychain once and then reuse it until you restart the client. Here is how: First make sure your ssh-agent is running. You can start it through: eval `ssh-agent -s` Now load your key, e.g.: ssh-add ~/.ssh/github/id_rsa Enter the password once, and your key is now loaded. When you make SSH connections to a target that needs this key, you will not be asked for a password again. How convenient!

Comments

Post a Comment

Popular posts from this blog

Installing DD-WRT on the Linksys EA2700

Image
So I had this router for quite a while. I bought the EA2700 when I moved to the US, without doing much research. That was a mistake. I had a bunch of the famous WRT54GL routers before and was super happy with them, mainly due to the flexibility of installing an alternative OS on it, which unleashes a lot more power and functionality. However, the WRT54GL was just too dated in 2012, so I decided to get a newer model and got the Linksys Cisco EA2700. I don't want to go into too many details, but this was a pretty bad decision. The software is just really bad. Almost no functionality and on top they tried to put some 'cloud-connection' stuff that is not only unnecessary, but counter productive. They tried to market it as a "Smart Router".  A bit later I bought myself a TP-Link  TL-WR1043ND  and have been using it ever since. However,  today I found the (now old) EA2700 in a moving box. This inspired me to check the interwebs for the current status of DD
Read more

Setting up Arduino IDE 1.0 and 1.6 for ATtiny and Manchester library

Background I am currently working on a project where I want to deploy small battery powered ATtiny based modules to track a few things and to communicate back to an Arduino or Raspberry PI. While I was first trying to use the Virtual Wire library , I found out it couldn't handle the ATtiny85 that I was operating at 1 MHz. The reason for this is that it has a different timing from chips that run at regular speeds, like the Arduino itself. Luckily there is an alternative in form of the Manchester Encoding library for Arduino . It works not just with the typical Arduino chips but also with various ATtiny variants. The only problem was that my Arduino IDE setup I had in place did not work with this library. In the following I will outline what the issue was and how I got around fixing it. My original ATtiny85 setup When I started out coding for the ATtiny85 I used sparkfun's excellent tutorial on how to set-up the Arduino environment to compile and upload ATtiny progra
Read more

Backing up a NAS to CrashPlan using a Raspberry Pi

Image
[Update on July 28th 2006] I have updated the post to reflect that CrashPlan 4.7.0 still works the same way as well as adding instructions for running the UI on MacOS/OSX Motivation I currently have a Synology DS212 (discontinued, but similar to more current  DS213 ), which works fine, but I wanted to have another backup of the data on it off-site, meaning not in my house. A few years ago I got myself a CrashPlan subscription and have since used to to back up my personal and my families data from multiple machines. Ideally I would like to run the CrashPlan software on my NAS, but the DS212 is not powerful enough to handle the Java-based CrashPlan client. Since I anyway already have a Raspberry Pi 2 Model B set up as a home server (I am running a custom home automation server and some other servers on it), I thought it would be great to add the CrashPlan client to it. Getting the CrashPlan headless client running on a Raspberry Pi is luckily possible, but there are a few issu
Read more