SSH (Client side configurations)

This is a reference for anyone using Linux or a Mac to SSH into a server. Half of the work is already complete, since they both come equipped with the SSH client.

Nowadays, with security measures being a must. It is important to change default ports and / or utilize private keys for authentication. This can be cumbersome to keep track of and it may pose a problem. For example, when trying to configure GIT, there isn’t an explicit way to flag a separate port without this method that I’ll show you. also, when working with a high volume of servers at different end-points, this is a good way to keep the data organized and easily maintained.

Additional SSH Client side configurations

  • Create the following directory and file
    • mkdir ~/.ssh; touch ~/.ssh/config
  • With your editor of choice, edit the file in the following manner. I’ll give an explanation following the example.
    • vim ~/.ssh/config

Host dbServer
HostName 192.168.1.2
User dbAdmin
IdentityFile ~/.ssh/id_rsa

Host appServer
HostName example.com
User git
Port 2040
IdentityFile ~/.ssh/secureKey.pem

 

The snippet above shows two examples of connection configurations.

  • The first Host configuration is a connection made on the local area network. It assumes the port is 22, since it isn’t specified. It also contains the User’s name and the private key file location. To connect via SSH using the config file and without using the config file:
    • ssh dbServer
    • ssh -i ~/.ssh/id_rsa dbAdmin@192.168.1.2
  • The second Host configuration is a connection made to an external host that has been per-configured to use port 2040. To connect via SSH using the config file and without using the config:
    • ssh appServer
    • ssh -i ~/.ssh/secureKey.pem -p 2040 git@example.com
  • Additionally, you can create a one name alias for the command in the .bash_alias or .bashrc file.
  • You can see that thee configuration file has its advantages by allowing for a shorthand approach to connecting to local and external servers. Using the second configuration above; Here is how you would use the ssh config setup to clone a repository in GIT. Since GIT relies on SSH for repository authentication and it does not allow for flags, such as “-p 2040 -i ~/.ssh/secureKey.pem“, the config file allows for this shorthand approach.

    • git clone ssh://appServer//var/git/project.git
  • There are other workarounds, but you will find that this is the most efficient approach.

Good references:

Man Page: http://linux.die.net/man/5/ssh_config