Klaatu talks about ssh config.
Hosted by klaatu on 2015-09-14 is flagged as Clean and is released under a CC-BY-SA license.
Tags: ssh,configuration,tutorial,hints and tips.
Listen in ogg,
mp3 format. | Comments (3)
Put a file called 'config' into ~/.ssh and you can define any option you would normally provide as part of the command as an automatically-detected configuration.
Makes the command 'ssh klaatu@foo' look like this to SSH:
ssh -p2740 -i ~/.ssh/foo_rsa firstname.lastname@example.org
Comment #1 posted on 2015-09-14T07:14:15Z by 0xf10e
Nice intro to `~/.ssh/config`, klaatu.
The "protocol 2" option is the default for quite some time - as in "more than 10 yrs". I think the latest version of OpenSSH doesn't even compile with support for version 1 by default. At least the sshd.
Shortening hostnames comes really handy in cases like " web-frontend.fancy-example-corp.co.uk".
And there's also patterns matching like
Host *.fancy-example-corp.co.uk *.fancy-example-corp.com
This way you can group hosts with common options easily.
Comment #2 posted on 2015-09-15T15:07:16Z by b-yeezi
Thanks for this show. I immediately added a config file for the couple of accounts that I commonly use. The only that I added for security is to change the permissions of the file to 600 or 644. Keep up the great shows!
Comment #3 posted on 2015-09-17T12:31:38Z by Gabriel Evenfire
I'm curious if, from your example, you are creating separate identity files for each host. I imagine not, but it's a possibility I'd never considered before. I suppose it doesn't provide that much more security insofar as if someone can read one of your private keys from .ssh/ they can read all of them. But it does make me think.
For my part I have this ruby script to run ssh w/ shorthands to the different identities and accounts in our internal machines. This show is prompting me to do it the right way. (especially insofar as it will work with scp, sftp, and scripts that use them)
Thanks for the show. I'm enjoying that people are starting break open the tools other than the "blade" in this ssh swiss army knife.
<< First, < Previous, Next >, Latest >>
Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.
Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).