Convenient SSH

If you are like me, then you might have a few machines around the house, or the office, into which you need to SSH frequently. Over time I accumulated a few ways to make this experience more convenient, without sacrificing security and I wanted to share these here:

Specify the login user

You might log into your SSH servers with usernames that are not the same as the one you use on your local system, the client. For example, your username might be john but you want to log into a raspberry pi server using the pi username. Now typically you would need to specify that username in the command line, e.g.: ssh pi@192.168.0.100 However, using ~/.ssh/config you can set which username should be used if no other one is specified, e.g.: Host 192.168.0.100 User pi Now you can simply say: ssh 192.168.0.100 You will be logging in as “pi”, unless you explicitly specify a different username.

Give your stations a name

This might be obvious, but typing IP addresses can be tedious and they are harder to remember. So either use a DNS system or manually set host names in /etc/hosts. Together with setting the SSH log-in user, these tips can reduce ssh pi@192.168.0.100 to ssh piserver

Persistent multiplexed SSH connections

Multiplexing means that you use a single connection to transmit multiple sessions. This is extremely useful if are often SSH-ing into the same machine multiple times, or are logged in while using scp repeatedly. Typically, you would need to enter your password (or decrypt your private key) every single time. And even if you figured out how to keep your key in memory (see below), the connection still needs to be established, which could take a second or two. Using the following trick in ~/.ssh/config, you can multiplex your SSH connections to specific hosts through a single connection, and also make this single connection persitent: Host 192.168.86.100 ControlMaster auto ControlPath /tmp/master-%r@%h:%p ControlPersist yes Next ssh into that machines ones the way you usually do. This will establish the initial connection. Now try to log-in again, or scp a file to or from the machine. You will see, that these operations are super fast and you do not need to enter any credentials anymore.

Use Key-Based Logins

Instead of using a password, use public/private key pairs to log into your machines. This is pretty standard these days, and you might think why I put this in the category of being more convenient. Here is why: When you use this way of authenticating with your SSH server, you typically keep the private key encrypted with a password on your client. When you log-in through SSH, you then have to enter a password to decrypt the key and use it. At this point this is just as inconvenient as regular password-based logins. However, you can add the certificate to a keychain once and then reuse it until you restart the client. Here is how: First make sure your ssh-agent is running. You can start it through: eval `ssh-agent -s` Now load your key, e.g.: ssh-add ~/.ssh/github/id_rsa Enter the password once, and your key is now loaded. When you make SSH connections to a target that needs this key, you will not be asked for a password again. How convenient!

Comments

Popular posts from this blog

Installing DD-WRT on the Linksys EA2700

Setting up Arduino IDE 1.0 and 1.6 for ATtiny and Manchester library

Backing up a NAS to CrashPlan using a Raspberry Pi