Goals of this post

  1. To give a quick and practical overview of the power of your ~/.ssh/config file.
  2. To get developers thinking more about the value of Linux knowledge and having a more diverse skill set than their job description requires.

Quick Note: Wherever you see the dollar sign character($) throughout this article it is referencing a command line prompt.

How to leverage the power of the ~/.ssh/config file:

  • What is the purpose of this file?
    • This file is the primary configuration file for your OpenSSH client.
  • What can I do with this file?
    • I am going to explain that through the following common(atleast in my work) scenarios.

Scenario 1

You use multiple SSH key pairs(public and private) on the same machine. One for your personal Github and one for your work related accounts.

The Fix:

  • You can map your different identities(private key files) to the domains that you use them for. This way when you SSH into one of your work accounts you don’t have to do something like:
$ ssh -i ~/.ssh/id_rsa_work user@example.com

How:

  • To do this for the above example, add this to your ~/.ssh/config file:
Host example
    HostName example.com
    IdentityFile ~/.ssh/id_rsa_work
  • Note: The path shown above should be to a private key file, not a public key.

Scenario 2

You ssh into a lot of different servers and have to specify different options/values each time, making it inefficient to try to remember them all.

The Fix:

  • You can specify any option in ~/.ssh/config that you can via the command line.

Example: A example ~/.ssh/config file that more closely matches what I use day-to-day:

Host example
    HostName       example.com
    IdentityFile   ~/.ssh/id_rsa_work
    Port           1234
    IdentitiesOnly yes

Host my_site
    HostName       12.34.87.124
    IdentityFile   ~/.ssh/id_rsa
    IdentitiesOnly yes
    ForwardAgent yes

Using this configuration I can simply type:

$ ssh example

Or

$ ssh my_site

Some side notes about the above configuration:

  • The Port number will default to the SSH default port of 22 if not specified.
  • The HostName can be either an IP address or a domain name that can be resolved by DNS
  • The IdentitiesOnly option means that you only want to authenticate with the server using SSH keys, NOT passwords(This is a great idea!)
  • The IdentityFile option allows you to specify the private key file to use.
  • The ForwardAgent option allows you to forward your loaded authentication token to the remote node. An example would be if you needed to clone a Github repo using SSH, directly to the remote machine, but you didn’t want to setup your private/public key pair on the remote node.

This configuration file can help simplify tasks in areas you may not expect until you run into them. To give you an example, recently I have been automating a lot of my configuration management with Ansible. Ansible uses SSH connections to accomplish its work. So as I test out and refactor my playbooks on remote servers in different states of configuration I often need to change the details of the connections that Ansible is making with my remote nodes. My ~/.ssh/config file makes this quick and easy!