I guess every GNU/Linux user must have sshed from one comp to another sometime or the other. We have different servers for various purposes in our college and ssh is a common thing. Most of the time, we end up typing some thing like
ssh -XCYP hari@spider.nitt.edu
Though not many knows what these options stands for, life will become very simple if you try to understand the command and create a configuration file for ssh and use it when you ssh from one box to another.
The ssh client takes the parameters from three places in the following order.
- Command line options
- User-specific configuration file
- System-wide configuration file
The command line options are the one you specify when connect to other system using the ssh command. For example ssh -X specifies that X11 forwarding should be enabled.
The User specific configuration file is ~/.ssh/config.
The System wide configuration file is /etc/ssh/ssh_config. Note that the configuration file for ssh server (sshd_server) is also found in this folder. The file ssh_config is the configuration file for the ssh client while sshd_config is the configuration file for the server.
Any configuration value is only changed the first time it is set. So if you run the ssh command with X option, X11 will be forwarded no matter what values ~/.ssh/config and /etc/ssh/ssh_config file has. The values are parsed in the order mentioned above.
The User config file gives users the choices to configure ssh client when you ssh often. A config file is explained with an example below.
Host codelabs
hostname codelabs.nitt.edu
user hari
ForwardX11 yes
port 22
In the above example, very few options were added to make the config file simple. I guess that will be enough for everyone.
The config file has Host blocks. The properties which come under a host are set when you connect to the given to any host. In this example i have used the host machine called codelabs.nitt.edu. You can also specify * to apply to any host or 10.1.39.* to apply to all machines which comes under 10.1.39. series. Remember that the configuration values are set only once. So if * appears in the beginning of your config file, then the configurations which come below that may not be used by the ssh client. For example consider the following configuration file.
Host *.edu
ForwardX11 yes
Now in the above case when you connect to any server which ends with .edu (spider.nitt.edu, codelabs.nitt.edu …) then the X is forwarded. But if you want to diasable X11 forwarding for spider.nitt.edu, then the following won’ t work
Host *.edu
ForwardX11 yes
Host spider
hostname spider.nitt.edu
ForwardX11 no
This is because in the first block, ForwardX11 is set to yes for all hosts ending with .edu and then it can’t be changed. The correct way to block X11 forwarding for spider is to have a config file as shown below.
Host spider
hostname spider.nitt.edu
ForwardX11 no
Host *.edu
ForwardX11 yes
You can tweak almost everything you need from the public key file, port, number of passwords prompts, compression, ciphers, compression level, user, tunnel, tunnel device and lots more. 🙂 Happy sshing 🙂
When doing ssh -XCPY over LAN, there is no need to specify the ‘C’ or compression option. The speeds at which LAN operate do not require compression to be done. Having said that, ‘Y’ is not an option in ssh anymore! It is the depreciated equivalent of ‘X’ See the man page if you don’t believe me 🙂 So, ssh -XP is enough.
Wow :). How come you know about so much about ssh sir? Last time you came to college, i think you were struggling with the -X option and gave -x instead 😛