Apr 22, 2020
Convenient SSH
If you are like me, then you might have a few machines around the house, or the office, into which you need to SSH frequently. Over time I accumulated a few ways to make this experience more convenient, without sacrificing security and I wanted to share these here. These might be handy for some especially now while they are faces to work from home, and thus log into remote machines on a regular basis:
Specify the login username
You might log into your SSH servers with usernames that are not the same as the one you use on your local system, the client. For example, your username might be john but you want to log into a raspberry pi server using the pi username. Now typically you would need to specify that username in the command line, e.g.: ssh pi@192.168.0.100 However, using ~/.ssh/config you can set which username should be used if no other one is specified. E.g. put the following in your ~/.ssh/config file:
Host 192.168.0.100
User piNow you can simply say: ssh 192.168.0.100. You will be logging in as “pi”, unless you explicitly specify a different username.
This is especially helpful if you have many different servers with different usernames to remember.
Give your stations a name
This might be obvious, but typing IP addresses can be tedious and they are harder to remember. So either, if you can, use a DNS system on your local network or manually set host names in /etc/hosts. Together with setting the SSH log-in user, these tips can reduce ssh pi@192.168.0.100 to simply ssh piserver. No need to remember the username or specific IP.
Persistent multiplexed SSH connections
Multiplexing means that you use a single connection to transmit multiple sessions. This is extremely useful if are often SSH-ing into the same machine multiple times, or are logged in while using scp repeatedly. Or if you log out and then want to quickly log back in.
Typically, you would need to enter your password (or decrypt your private key) every single time. And even if you figured out how to keep your key in memory (see below), the connection still needs to be established, which could take a second or two. Using the following two tricks in ~/.ssh/config, you can multiplex your SSH connections to specific hosts through a single connection, and also make this single connection persistent:
Host 192.168.86.100
ControlMaster auto
ControlPath /tmp/master-%r@%h:%p
ControlPersist yesNext ssh into that machines once the way you usually do. This will establish the initial connection. Now try to log-in again, or scp a file to or from the machine. You will see, that these operations are super fast and you do not need to enter any credentials anymore.
Use Key-Based Logins
Instead of using a password, use public/private key pairs to log into your machines. This is pretty standard these days, and you might think why I put this in the category of being more convenient. Here is why: When you use this way of authenticating with your SSH server, you typically keep the private key encrypted with a password on your client. When you log-in through SSH, you then have to enter a password to decrypt the private key in order to use it. At this point this is just as inconvenient as regular password-based logins. However, you can add the certificate to a keychain once and then reuse it until you restart the client. Here is how: First make sure your ssh-agent is running. You can start it through:
$ eval `ssh-agent -s`Now load your key, e.g.:
ssh-add ~/.ssh/github/id_rsaEnter the password once, and your key is now loaded. When you make SSH connections to a target that needs this key, you will not be asked for a password again. This is especially convenient if you use the same key to log into multiple different servers. Once the key is added, it will be re-used for all the other connections.
I hope these tips help you, and let me know if they are. And let me know if there are are other tips you know that make working with SSH (on Linux, Mac OS or Windows) more convenient or powerful.
