SSH Config File Tips & Tricks
Many of us use ssh to connect to local and remote machines and in my other articles I have shown many nice tricks like tunneling to enhance network access. Not well known is the little tricks you can do with your ~/.ssh/config file
Below I show some tips on how to edit your ~/.ssh/config file for specific user, long host names and port configurations
Shortening A Host NameIf you have a ssh server that has a long name such as my.machine.my.company.com you can use your ssh config to help shorten your keystrokes a bit
Edit your ~/.ssh/config file and enter the following
Now any time you want to connect to my.machine.my.company.com just use atwork as the hostname instead
Using An Alternate Port NumberSome ISPs block port 22 and you are forced to use the server at a non standard port other than port 22. If your server is running on port 99, rather than specifying -p 99 every time you ssh you can enter the following into your ssh config file
The next time you ssh to example.company.com your session will automatically use port 99
Using An Default UsernameI use my own username on my laptop, but I use my real name to ssh into my work. Instead of typing in your username every time you can set your username per host in your config file. Just enter the following into your config file and change the name from johndoe to whatever your username is.
The next time you ssh to example.company.com your it will automatically log you in as john doe
SSH Into A Non Public System Through A Publically Accessible SystemMost small companies and home system users only allow one system accessible through the firewall. However they also have other systems internally that you can ssh into. For example you have a system that is accessible only on the internal network (internal.company.com) but on the same network there is a system that is externally accessible (ssh.company.com).
Insert the following into your ssh config file
ProxyCommand ssh -q -W %h:%p ssh.company.com
Now if you ssh into internal, it will automatically go through ssh.company.com. Saving you from having to ssh into ssh.company.com then once logged in having to then again login to internal.company.com
Time Out / Keep AliveMost SSH servers will kick you off after so much time. Using the following option in your config file will send a message to the SSH server every X seconds so your connection stays up.
ServerAliveCountMax 4 #Note default is 3
ServerAliveInterval 15 #Note default is 0
ServerAliveInterval will send a keep alive message every 15 seconds, and ServerAliveCountMax Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. Combined they provide a good constant connection without getting booted off
Forwarding Many Internal HostsIf you want access to a host(s) inside the internal protected network that is available once you ssh into ssh.company.com then you can set up multiple forwards so that you can access those resources locally. I have on another article shown how to port forward an internal machine to a local port but then you have to remember the local port number you forwarded it to. The following will show how to use aliases and forwarding to access hosts/servers with the same names as you would as if you were at your office. The following are some examples and a little explanation below.
LocalForward localhost:2525 mail.company.com:25
LocalForward locahost:2049 nfs.company.com:2049
LocalForward locahost:5900 vncserver.company.com:5900
LocalForward locahost:2220 workstationssh.company.com:22
Now once you ssh into 'mywork' you can access the resources listed above with the same hostnames as you would use if you were in your office. Combine those entries with the keep alive ones above in the previous example and you have a nice make shift vpn.