Menu
- About
- Ham Radio
- NL SwapShop
- NL SOTA Association
- 3D Models
- Linux
- Raspberry Pi
- Windows
- Software
- Photo Gallery
- Contact
- Search
SSH Config File Tips & Tricks
Many of us use ssh to connect to local and remote machines and in my other articles I have shown many nice tricks like tunneling to enhance network access. Not well known is the little tricks you can do with your ~/.ssh/config file
Below I show some tips on how to edit your ~/.ssh/config file for specific user, long host names and port configurations
Shortening A Host Name
If you have a ssh server that has a long name such as my.machine.my.company.com you can use your ssh config to help shorten your keystrokes a bitEdit your ~/.ssh/config file and enter the following
Host atwork
HostName my.machine.my.company.com
Now any time you want to connect to my.machine.my.company.com just use atwork as the hostname instead
Using An Alternate Port Number
Some ISPs block port 22 and you are forced to use the server at a non standard port other than port 22. If your server is running on port 99, rather than specifying -p 99 every time you ssh you can enter the following into your ssh config file
Host example.company.com
Port 99
The next time you ssh to example.company.com your session will automatically use port 99
Using An Default Username
I use my own username on my laptop, but I use my real name to ssh into my work. Instead of typing in your username every time you can set your username per host in your config file. Just enter the following into your config file and change the name from johndoe to whatever your username is.
Host example.company.com
User johndoe
The next time you ssh to example.company.com your it will automatically log you in as john doe
SSH Into A Non Public System Through A Publically Accessible System
Most small companies and home system users only allow one system accessible through the firewall. However they also have other systems internally that you can ssh into. For example you have a system that is accessible only on the internal network (internal.company.com) but on the same network there is a system that is externally accessible (ssh.company.com).Insert the following into your ssh config file
Host internal.company.com
ProxyCommand ssh -q -W %h:%p ssh.company.com
Now if you ssh into internal, it will automatically go through ssh.company.com. Saving you from having to ssh into ssh.company.com then once logged in having to then again login to internal.company.com
Time Out / Keep Alive
Most SSH servers will kick you off after so much time. Using the following option in your config file will send a message to the SSH server every X seconds so your connection stays up.
Host internal
ServerAliveCountMax 4 #Note default is 3
ServerAliveInterval 15 #Note default is 0
ServerAliveInterval will send a keep alive message every 15 seconds, and ServerAliveCountMax Sets the number of
server alive messages which may be sent without ssh(1) receiving any messages back from the server. Combined they
provide a good constant connection without getting booted off
Forwarding Many Internal Hosts
If you want access to a host(s) inside the internal protected network that is available once you ssh into ssh.company.com then you can set up multiple forwards so that you can access those resources locally. I have on another article shown how to port forward an internal machine to a local port but then you have to remember the local port number you forwarded it to. The following will show how to use aliases and forwarding to access hosts/servers with the same names as you would as if you were at your office. The following are some examples and a little explanation below.
Host mywork
HostName ssh.company.com
LocalForward localhost:2525 mail.company.com:25
LocalForward locahost:2049 nfs.company.com:2049
LocalForward locahost:5900 vncserver.company.com:5900
LocalForward locahost:2220 workstationssh.company.com:22
Host mail.company.com
HostName localhost
Port 2525
Host nfs.company.com
HostName localhost
Port 2049
Host vncserver.company.com
HostName localhost
Port 5900
Host workstationssh.company.com
HostName localhost
Port 2220
Now once you ssh into 'mywork' you can access the resources listed above with the same hostnames as you
would use if you were in your office. Combine those entries with the keep alive ones above in the previous
example and you have a nice make shift vpn.