Skip to main content

Some useful SSH configurations

Lately I was tired of having to repeatedly type my user name for my ssh connections. In my current setup I often ssh to two servers inside the IIIT (my college) network. merely typing ssh web.iiit.ac.in would try to use the username as my local computer’s login user name. So I was trying to get a workaround for this. A simple approach would be to rename my local computer’s user name to the IIIT server user name , but now that would be very lame. So I figured there must be some simple configuration available and looked up man ssh_config which gave an extremely detailed list of all the possible configuration options. Finally my configuration file looked like this :

Host *.iiit.ac.in mirage web
User iiit_login_user
Host *
ControlMaster auto
ControlPath /home/phinfinity/.ssh/%r@%h:%p
GSSAPIAuthentication no

The first line specifies the categories for which the configuration below are to be used. Here I have specified the configuration to be applied for 3 possible categories “*.iiit.ac.in”,mirage,web . mirage and web being two of the servers. There seems to be some misinterpretation in the man page which expects the actual format to be :

Host "*.iiit.ac.in,mirage,web"

However space-separation works unlike comma-separations as specified in the manual. The User iiit_login_user specifies the default user to use if none are specified.
The remaining lines are my default lines applicable for all Hosts. In particular one very useful configuration I discovered from http://fermiparadox.wordpress.com/2008/06/19/ssh-connection-sharing/. It is an Excellent setup to make secondary connection’s password less using a primary connection established initially. In addition I also added Public/Private key setup so that I can login password-less to the servers I use often. Now I merely have to type “ssh web.iiit.ac.in” to login.

Edit:
There’s also a useful ControlPersist option which allows the connection to persist beyond the original connection. This allows the connection to remain for a set period of time of inactivity.


Host bitbucket.org
ControlPersist 600

I don’t prefer to enable this for all Hosts, so you might want to specifically use this only for some hosts. The above code allows connections to persist for 600seconds of inactivity without an active ssh session.

Comments

Popular posts from this blog

Setting up a transparent pass-through proxy with iptables

Update: Part 2 for https posted in separate post! So for a very long now I’ve had a nagging issue with proxies. My primary source of internet is through my college HTTP Proxy and this adds a couple of issues whenever I am dealing with applications that don’t have proxy support coded in them. I have this issue often both on my laptop as well as on my android tablet (Youtube streaming!). Its a very distressing situation and I’ve always wanted to set-up a transparent proxy solution which could re-direct the traffic out of such applications to a sort of secondary proxy server which can interpret the requests and forward them to my college proxy server. Recently I managed to get this working! The main tool used for this was iptables. For those of you who haven’t heard of iptables at a glance it is a flexible firewall which is now part of the Linux kernel by default. But iptables is actually much more powerful and flexible than just a simple firewall to block ports. iptables is capabl

Transparent Pass-through proxy with iptables – Part 2 (for HTTPS)

This is part 2 of my earlier post on how to set configure to use a http proxy transparently. This post deals with extending the same for transparent HTTPS proxying. Click Here for my earlier post which deals with HTTP proxying. For a quick-fix solution and list of files mentioned in this post skip to the bottom of the post. After setting up a transparent http proxy on my dd-wrt router to transparently proxy my HTTP requests I haven’t had any issues for more than a year and was happily able to use it. But up until recently my local network used to allow direct HTTPS connections to external IP addresses. Now my network has disabled that, which means I need to forcefully use the HTTP proxy in order to be able to make HTTPS connections. Surprisingly this caused many more problems than I had anticipated. Lots of applications on android which seemed to work fine after setting proxy settings started failing badly! Notably gmail, hangouts, facebook messenger all only worked very sporadical

Converting Your DD-WRT Router to a clock!

So the other night I suddenly woke up in the middle of the night. I was fumbling through my extremely messy desk, which was next to my pillow, to find my phone so that I could see the time. Alas my desk was far too messy to find my phone in the dark. I was far too lazy to take the effort of turning on the lights just to see the time. That was when my eyes glanced upon the ominous green blinking LEDs blinking fervently on my router docked on my wall. I wished I had an LED clock instead and boom it hit me! I have a linux-based DD-WRT router, that means I have full control over it :P. So that was how I began my quest on converting a piece of network equipment to a digital clock! TP-Link WR740N Router The next day, I set upon my quest to find out how I could control the blinking LEDs on my router. I noticed that my router had a total of 9 LEDs , and I figured that was more than sufficient to display the time in binary to a sufficient degree. My plan was originally to use 4 LEDs t

Welcome to my Site!

Hello! I am Anish Shankar. I love exploring new stuff & Technology interests me a lot. I am a Software Engineer at Google in the Bay Area, and have worked on a variety of Infrastructure projects. In the past I've participated in a lot of programming competitions and used to go by the handle "phinfinty". I've since retired from competitive programming, but the handle has stuck with me! I am a Linux enthusiast and love open source. I use Arch Linux currently for most of my personal work. This website is rarely updated and currently archival.