Learn how to make your SSH use more efficient and convenient with per-host configurations.
Secure Shell (SSH) has a lot of tricks up its sleeve. With plenty of configuration options, you can make both the SSH daemon and client do just about anything you need. Most users end their configuration of SSH with the sshd_config and ssh_config files. However, there is another configuration file that gives the tool much more flexibility.
That configuration file is ~/.ssh/config. In that file, you can configure SSH on a per-host basis. This means you can configure different hosts to behave differently.
For example, if you want to setup one particular host with a username, SSH key, batch mode enabled (which tells SSH to never ask for a passphrase or password), and the escape sequence disabled (which avoids issues when transferring arbitrary data). Say another configuration would use a specific user for any host on a specific domain or IP address scheme. With the SSH config file this and more can be done.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
What you'll need
The only things you'll need to make this work are:
A Linux machine with SSH installed
Any number of remote machines that allow SSH connections
How to configure hosts
We'll stick with the examples I suggested earlier. So our first host will:
Set a username
Specify an SSH key
Enable batch mode
Disable the escape sequence
The second host will:
Set a username
Enable the username for all hosts on a specific network
To edit the necessary configuration file, issue the command:
If this is your first time configuring SSH hosts, this file will be empty. Our first entry will look like this:
Host Debian HostName 10.34.1.40 User jack IdentityFile ~/.ssh/id_rsa.pub BatchMode yes EscapeChar none
You can name the host anything you like. In my case, this is a Debian server, so the name Debian was apropos. Make sure you set the HostName as the IP address or domain of the remote server and the User to the remote username you want to use.
Save and close the file.
Because we've set this to not ask for a password or passphrase, SSH key authentication will need to be setup. To copy your SSH key to the remote server, issue the command:
Where USERNAME is the remote user and SERVER_IP is the IP address of the remote server.
Once you have SSH key authentication taken care of, you can then SSH into the Debian host with the command:
You won't be asked for an address or a password. The connection is almost instantaneous.
Next, let's configure a username to be used on any machine on a given network. Say the username is jack and the network address scheme is 192.168.1.0. This configuration (again, in the .ssh/config file) would be:
Host 192.168.1.* User jack
Save and close the file.
When you want to SSH to any machine on that network (with the default username jack), you could simply issue the command:
Where SERVER_IP is the IP address of the remote server. As long as that server is on the 192.168.1.x address scheme, it won't ask for a username.
And that's the basics of setting up per-host SSH configurations. You can learn more about this type of setup by issuing the command:
By employing this setup, your usage of SSH will not only be simplified, it'll be more efficient.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- How to copy a file from one server to another from a third with SSH (TechRepublic)
- How to allow SSH connections from LAN and WAN on different ports (TechRepublic)
- How to run a command that requires sudo via SSH (TechRepublic)
- How to use multiplexing to speed up the SSH login process (TechRepublic)
- OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)