I guess every GNU/Linux user must have sshed from one comp to another sometime or the other. We have different servers for various purposes in our college and ssh is a common thing. Most of the time, we end up typing some thing like
ssh -XCYP email@example.com
Though not many knows what these options stands for, life will become very simple if you try to understand the command and create a configuration file for ssh and use it when you ssh from one box to another.
The ssh client takes the parameters from three places in the following order.
- Command line options
- User-specific configuration file
- System-wide configuration file
The command line options are the one you specify when connect to other system using the ssh command. For example ssh -X specifies that X11 forwarding should be enabled.
The User specific configuration file is ~/.ssh/config.
The System wide configuration file is /etc/ssh/ssh_config. Note that the configuration file for ssh server (sshd_server) is also found in this folder. The file ssh_config is the configuration file for the ssh client while sshd_config is the configuration file for the server.
Any configuration value is only changed the first time it is set. So if you run the ssh command with X option, X11 will be forwarded no matter what values ~/.ssh/config and /etc/ssh/ssh_config file has. The values are parsed in the order mentioned above.
The User config file gives users the choices to configure ssh client when you ssh often. A config file is explained with an example below.
In the above example, very few options were added to make the config file simple. I guess that will be enough for everyone.
The config file has Host blocks. The properties which come under a host are set when you connect to the given to any host. In this example i have used the host machine called codelabs.nitt.edu. You can also specify * to apply to any host or 10.1.39.* to apply to all machines which comes under 10.1.39. series. Remember that the configuration values are set only once. So if * appears in the beginning of your config file, then the configurations which come below that may not be used by the ssh client. For example consider the following configuration file.
Now in the above case when you connect to any server which ends with .edu (spider.nitt.edu, codelabs.nitt.edu …) then the X is forwarded. But if you want to diasable X11 forwarding for spider.nitt.edu, then the following won’ t work
This is because in the first block, ForwardX11 is set to yes for all hosts ending with .edu and then it can’t be changed. The correct way to block X11 forwarding for spider is to have a config file as shown below.
You can tweak almost everything you need from the public key file, port, number of passwords prompts, compression, ciphers, compression level, user, tunnel, tunnel device and lots more. 🙂 Happy sshing 🙂