Get the latest tutorials on SysAdmin and open source topics. SSH, or secure shell, is the most common way of connecting to Linux hosts for remote administration. Although the basics of connecting to a single host are often rather straight forward, this can become unwieldy and a much more complicated task when you begin working with a large number of remote systems. Fortunately, OpenSSH allows you to provide customized client-side connection options. These can be saved to a configuration file that can be used to define per-host values. This can help keep the different connection options you use for each host separated and organized, and can keep you from having to provide extensive options on the command line whenever you need to connect. In this guide, we'll cover the basics of the SSH client configuration file, and go over some common options. To complete this guide, you will need a working knowledge of SSH and some of the options that you can provide when connecting. You may also wish to configure SSH key-based authentication for some of your users or hosts, at the very least for testing purposes. Each user on your local system can maintain a client-side SSH configuration file. These can contain any options that you would use on the command line to specify connection parameters, allowing you to store your common connection items and process them automatically on connection. It is always possible to override the values defined in the configuration file at the time of the connection through normal flags to the ssh command. The client-side configuration file is called config and it is located in your user's home directory within the. Often, this file is not created by default, so you may need to create it yourself:. The config file is organized by hosts. Each host definition can define connection options for the specific matching host. Wildcards are also available to allow for options that should have a broader scope. Each of the sections starts with a header defining the hosts that should match the configuration options that will follow. The specific configuration items for that matching host are then defined below. Only items that differ from the default values need to be specified, as the host will inherit the defaults for any undefined items. A section is defined from the Host header to the following Host header. Typically, for organizational purposes and readability, the options being set for each host are indented. This is not a hard requirement, but a useful convention that allows for easier interpretation at a glance. Here, we have four sections that guide be applied on each connection attempt depending on whether the host in question matches. Ssh is very important to understand the way that SSH will interpret the file to apply the configuration values defined within. SSH will match the hostname given on the command line with each of the Host headers options define configuration sections. It will do this from the top of the file downwards, so order is incredibly important. This is a good time to point out that the patterns in the Host definition do not have to match the actual host that you will be connecting with. You can essentially use these definitions to set up aliases for hosts that can be used in lieu of the actual host name. This host allows us to connect as tom devel. With this in mind, we can now discuss the way in which SSH applies each configuration option as it moves down the file. It starts at the top and checks each Host definition to see if command matches the value given on the command line. When the first ssh Host definition is found, each of the associated SSH options are applied to the upcoming connection. The interpretation does not end here though. SSH then moves down the file, checking to see if other Host definitions also match. If another definition is found command matches the current hostname given on the command line, it will consider the SSH options associated with the new section. It will then apply any Ssh options defined for the new section that have not already been defined by previous sections. This last point is extremely important to internalize. SSH will interpret each of the Host sections that match the hostname given on the command line, in order. During this process, it will always use the first value given for each option. There is no way to override a value that has already been given by a previously matched section. This means that your config file should follow the simple rule of having the most specific configurations at the top. More general definitions should come later on in order to apply options that were not defined by the previous matching sections. Here, we can see that the first two sections are defined by literal hostnames or aliasesmeaning that they do not use any wildcards. If we connect using ssh firsthostthe very first section will be the first to be applied. Options will check the second section and find that it does not match and move on. It will then find the third section and find that it options. Finding that it doesn't, it will apply the value from this section. The connection is then made with the options collected from this process. Again, it will start at the first section and check whether it matches. Since this matches only a connection to firsthostit will skip this section. It will ssh on to the second section. SSH then looks at the third definition and find that the wildcard matches the current connection. Since this option was defined in the second section, which was already matched, the value from the third section is dropped and has no effect. SSH then checks the fourth section and applies the options within that have not been defined by previously matched sections. It then attempts the connection using the values it has gathered. Putty that you have an idea about the general format you should use when designing your configuration file, let's discuss some common options and the format to use to specify them on options command line. The first ones we will cover are the basic information necessary to connect to a remote host. Namely, the hostname, username, and port that the SSH daemon is running on. To connect as a user named apollo to a host called example. The most common would probably be:. Here, we have set all of the options we wish to use with the -o flag. We have even specified the host as guide as an alias just as we could in the config file as we described above. The actual hostname is taken from the HostName option that we are setting. The capitalized option names that we are using in the second form are the same that we must use in our config file. You can find a full list of available options by typing:. To set these in our config file, we first must decide which hosts we want these options to be used for. Since we command discussing options that are specific to the host in question, we should probably use a literal host match. We also have an opportunity at this point to assign an alias for this connection. Let's take advantage of that so that we do not have guide type the entire hostname each time. We will use the alias "home" to refer to this connection and the associated options:. Now, we can define the connection details for this host. We can use the second format we used above to inform us as to what we ssh put in this section. We define options using a key-value system. Each pair should be on a separate line. Keys can be separated from guide associated values either by white space, or by an equal sign with optional white space. Thus, these are all identical as interpreted by our SSH client:. The only difference is that depending on the option and value, using putty equal sign with no spaces can allow you to specify an option on the command line without quoting. Since we are focusing on our config file, this is entirely up to your preferences. So far, the configuration we have designed is incredibly simple. In its entirety, it looks like this:. What if we use the same username on both our work and home computers? We could add redundant options with our section defining the work machine like this:. This works, but we are repeating values. This is only a single option, so it is not a huge deal, but sometimes we want to share a large number of options. The best way of doing that is to putty the shared options out into separate sections. Remember that the more generic sections should go further towards the bottom:. This clears up the issue of repetition in our configuration and will work if "apollo" is your default username for the majority of new systems you connect to. What if there are some systems that do not use this username? There are a few different ways that you can approach this, depending on how widely the username is shared. This will apply to any hosts that have guide received a username from sections above. For our anomalous machines that use a different username, we can override the default by providing an alternative. This will take precedence as long as it is defined before the generic section:. For the oddity host, SSH will connect using the username "zeus". What happens if the "apollo" username is shared by a few connections, but isn't common enough to use as a default value? If we are willing to rename the aliases that we are using to have a more common format, we can use a wildcard to apply additional options to just these two hosts. We can change the home alias to something like hapollo and the work connection to something like wapollo. This way, both hosts share the apollo portion of their alias, allowing us to target it with a different section using wildcards:. Here, we have moved the shared User definition to a host section that matches SSH connections trying to connect to hosts that end in apollo. Any connection not ending in apollo and without its own Host section defining a User will receive the username diffdefault. Note that we have retained the ordering from most specific to least specific in our file. It is best to think of less specific Host sections as fallbacks as opposed to defaults due to the order in which the file is interpreted. So far, we have discussed some of the basic options necessary to establish a connection. We have covered these options:. There are many other useful options worth exploring. We will discuss some of the more common options, separated according to function. With the above configuration items in mind, we could make a number of useful configuration tweaks. For instance, if we are creating and destroying hosts very quickly at a cloud provider, something like this may be useful:. Command will turn on your visual host key guide your home connection, allowing you to become familiar with it so you can recognize if it putty or when connecting from a different machine. For other hosts, we have sane fallback values. One common use of SSH is forwarding connections, either allowing a local connection to tunnel through the remote host, or allowing the remote machine access to tunnel through the local machine. SSH can also do dynamic forwarding using protocols like SOCKS5 which include the forwarding information for the remote host. We can forward any SSH keys stored in an agent on our local machine, allowing us to connect from the remote system as using credentials stored on our local system. We can also start applications on a remote system and forward the graphical display to our local system using X11 forwarding. If you have SSH keys configured for your hosts, these options can help you manage which keys to use for each host. These options are especially useful if you have to keep track of a large number of keys for different hosts and use one or more SSH agents to assist. SSH has the ability to use a single TCP connection for multiple SSH connections to the same host machine. This can be useful if it takes awhile to establish a TCP handshake to the remote end as it removes this overhead from additional SSH connections. If you wish to not use multiplexing for a specific connection, you can select no multiplexing on the command line like this:. By putty, it should be clear that you can heavily customize the options you use to connect to guide hosts. As long as you keep in mind the way that SSH will interpret the putty, you can establish rich sets of specific values with reasonable fall backs. Options Up Log In. We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Introduction SSH, or secure shell, is the most common way of connecting to Linux hosts for remote administration. Prerequisites To complete this guide, you will need a working knowledge of SSH and some of the options that you can provide when connecting. The SSH Config File Structure and Interpretation Algorithm Each user on your local system can maintain a client-side SSH configuration file. The Location of the SSH Client Config File The client-side configuration file is called config and it is located in your user's home directory within the. Often, this file is not created putty default, so you may need to create it yourself: The general format will look something like this: Interpretation Algorithm It is very important to understand the way that SSH will interpret the file to apply the configuration values defined within. For example, consider this definition: Host devel HostName devel. Let's look again at the mock-up config file we used in the last section: Let's try this again, pretending to call ssh secondhost from the command line. Basic Connection Options Now that you have an idea about the general format you should use when designing your configuration guide, let's discuss some common options and the format to use to specify them on the command line. The most common would probably be: You can find a full list of available options by typing: We will use the alias "home" to refer to this connection and the associated options: Host home Now, we can define the connection details for this host. Host home HostName example. Thus, these are all identical as interpreted by our SSH client: Configuring Shared Options So far, the configuration we have designed is incredibly simple. In its entirety, it looks like this: We could add redundant options with our section defining the work machine like this: Remember that the more generic sections should go further towards the bottom: This will take precedence as long as it is defined before the generic section: This way, both hosts share the apollo portion of their alias, allowing us to target it with a different section using wildcards: Host hapollo HostName example. Common SSH Configuration Options So far, we have discussed some of the basic ssh necessary to establish a connection. We have covered these options: The actual hostname that should be used to establish the connection. This replaces any alias defined in the Host header. This option is not necessary if the Host definition specifies the actual valid hostname to connect to. The username to be used for the connection. The port that the remote SSH daemon is running on. This option is only necessary if the remote SSH instance is not running on the default port This option can be configured to let SSH know when to send a packet to test for a response from the sever. This can be useful if your connection is unreliable and you want to know if it is still available. This configures the level of detail in which SSH will log on the client-side. This can be used for turning off logging in certain situations or increasing the verbosity when trying to debug. From least to most verbose, the levels are QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG1, DEBUG2, and DEBUG3. If you are constantly connecting to a large number of ephemeral hosts, you may want to turn this to "no". SSH will then automatically add any hosts to ssh file. This can have security implications, so think carefully before enabling it. This option specifies the location where SSH will store the information about hosts it has connected to. This option can tell SSH to display an ASCII representation of the remote host's key upon connection. Turning this on can be an easy way to get familiar with your host's key, allowing you to easily recognize it if you have to connect from a different computer sometime in the future. Turning compression on can be helpful for very slow connections. Most users will not need this. For instance, if we are creating and destroying hosts very quickly at a cloud provider, something like this may be useful: Connection Forwarding One common use of SSH is forwarding connections, either allowing a local connection to tunnel through the remote host, or allowing the remote machine access to tunnel through the local machine. The options that control this behavior are: This option is used to specify a connection that will forward a local port's traffic to the remote machine, tunneling it out into the remote network. The first argument should be the local port you wish to direct traffic to and the second argument should be the address and port that you wish to direct that traffic to on the remote end. This option is used to define a remote port where traffic can be directed to in order to tunnel out of the local machine. The first argument should be the remote port where traffic will be directed on the remote system. The second argument should be the address and port to point the traffic to when it arrives on the local system. This is used to configure a local port that can be used with a dynamic forwarding command like SOCKS5. Traffic using the dynamic forwarding protocol can then be directed at this port on the local machine and on the remote end, command will be routed according to the included values. These options can be used to forward ports in both directions, as you can see here: This will allow us to use port on the local machine in order to access example. These are the directives that are associated with these capabilities: This option allows authentication keys stored on our local machine to be forwarded onto the system you are connecting to. This can allow you to hop from host-to-host using your home keys. If you want to command able to forward a putty screen of an application running on the remote system, you can turn this option on. These both are "yes" or "no" options. Specifying Keys If you have SSH keys configured for your hosts, these options can help you manage which keys to use for each host. This option can be used ssh specify the location of the key to use for each host. If command keys are in the default locations, each will options tried and you will not need to adjust this. If you have a number of keys, each options to different purposes, this can be used to specify the exact path where the correct key can be found. This option can be used to force SSH to only rely on the identities provided in the config file. This may be necessary if an SSH agent options alternative keys in memory that are not valid for the host in question. Multiplexing SSH Over a Single TCP Connection SSH has the ability to use a single TCP connection for multiple SSH connections to the same host machine. The following options can be used to configure multiplexing with SSH: This option tells SSH whether to allow multiplexing when possible. This option is used to specify the socket file that is used to control the connections. It should be to a location on the filesystem. Generally, this is given using SSH variables to easily label the socket by host. This option establishes the amount of time in seconds that the TCP connection should remain open after the final SSH connection has been closed. Setting this to a high number will allow you to open new connections after closing the first, but you can usually set this to something low like "1" to avoid keeping an unused TCP connection open. Generally, you can set this up using a section that looks something like this: Spin up an SSD cloud server in under a minute. Related Tutorials How to Add and Delete Users on Ubuntu This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4. Sign into your account, or create a new one, to start interacting. Log In Sign Up. Use this form to report bugs related to the Community.
Balas E, Qi L (1993) Linear-time separation algorithms for three-index assignment polytope.
Eight-year-old Mark is sent to live with his cousin Henry and his family for a few weeks.