ssh config: Difference between revisions
mNo edit summary |
|||
(17 intermediate revisions by 3 users not shown) | |||
Line 4: | Line 4: | ||
Create the file ~/.ssh/config, and add the following: | Create the file ~/.ssh/config, and add the following: | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash"> | ||
# MATH hosts | |||
Host boogaloo hood thelon winisk kazan | |||
HostName %h.math.uwaterloo.ca | |||
# SHARCNET hosts | |||
Host kraken orca requin saw angel dtn gulf hound lundun mako megamouth monk tope bramble brown goblin gulper guppy iqaluk prism redfin school wobbie | |||
HostName %h.sharcnet.ca | |||
# COMPUTE CANADA hosts | |||
Host graham | |||
HostName %h.computecanada.ca | |||
</syntaxhighlight> | </syntaxhighlight> | ||
then change permissions on that config file to be only readable by your user: | then change permissions on that config file to be only readable by your user: | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
chmod 600 ~/.ssh/config | chmod 600 ~/.ssh/config | ||
</syntaxhighlight> | </syntaxhighlight> | ||
and sure that ~/.ssh has full access only to your user: | |||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
chmod 700 ~/.ssh | chmod 700 ~/.ssh | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Now you'll be able to ssh directly to all of those hosts by just using the main name. | Now you'll be able to ssh directly to all of those hosts by just using the main name. | ||
=== Preventing time-out === | |||
You may run into issue where your ssh session is times-out and is killed from inactivity. You can prevent this by adding the following line within each 'host' group. | |||
<syntaxhighlight lang="bash"> | |||
ServerAliveInterval 540 | |||
</syntaxhighlight> | |||
For example: | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
# MATH hosts | |||
Host boogaloo | |||
HostName %h.math.uwaterloo.ca | |||
ServerAliveInterval 540 | |||
</syntaxhighlight> | |||
=== X Forwarding === | |||
If you want to automatically enable X forwarding, you can add | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
ForwardX11 yes | |||
ForwardX11Trusted yes | |||
</syntaxhighlight> | |||
to the hosts that you want to enable the X forwarding for. It's generally a [https://padraic2112.wordpress.com/2007/07/09/bad-security-201-remote-x-sessions-over-ssh/ Bad Idea] to enable it for all hosts, so only enable it for the hosts that you trust and will be forwarding X from. If this is the MATH machines, then the snippet from the top becomes | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
# MATH hosts | |||
Host boogaloo | |||
HostName %h.math.uwaterloo.ca | |||
ForwardX11 yes | |||
ForwardX11Trusted yes | |||
</syntaxhighlight> | |||
== SciNet == | == SciNet == | ||
SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc). | SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines in your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc). | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
# SciNet | # SciNet | ||
Host scinet sci | Host scinet sci | ||
Line 38: | Line 76: | ||
Host dm1 datamover1 | Host dm1 datamover1 | ||
Hostname datamover1 | Hostname datamover1 | ||
ProxyCommand ssh scinet -W %h:%p | ProxyCommand ssh -q scinet -W %h:%p | ||
Host dm2 datamover2 | Host dm2 datamover2 | ||
Hostname datamover2 | Hostname datamover2 | ||
ProxyCommand ssh scinet -W %h:%p | ProxyCommand ssh -q scinet -W %h:%p | ||
Host gpc* | Host gpc* | ||
ProxyCommand ssh scinet -W %h:%p | ProxyCommand ssh -q -Y scinet -W %h:%p | ||
ForwardX11 yes | |||
ForwardX11Trusted yes | |||
</syntaxhighlight> | </syntaxhighlight> | ||
For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases: | Here X is only forwarded from the gpc development nodes, and not from the datamover nodes. For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases here: | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
# SciNet | # SciNet | ||
Host scinet sci | Host scinet sci | ||
Line 62: | Line 102: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Older SSH clients == | ||
If you | If you're running an older SSH client, it won't understand the %h shortcut used above. In that case, you'll need to use the fully spelled out aliases for those systems: | ||
<syntaxhighlight lang="text" enclose="div"> | <syntaxhighlight lang="text" enclose="div"> | ||
# MATH hosts | |||
Host belize | |||
HostName belize.math.uwaterloo.ca | |||
Host thelon | |||
HostName thelon.math.uwaterloo.ca | |||
Host winisk | |||
HostName winisk.math.uwaterloo.ca | |||
Host kazan | |||
HostName kazan.math.uwaterloo.ca | |||
Host zambezi | |||
HostName zambezi.math.uwaterloo.ca | |||
Host plata | |||
HostName plata.math.uwaterloo.ca | |||
Host linux | |||
HostName linux.math.uwaterloo.ca | |||
Host biglinux | |||
HostName biglinux.math.uwaterloo.ca | |||
Host fastlinux | |||
HostName fastlinux.math.uwaterloo.ca | |||
# SHARCNET hosts | |||
Host kraken | |||
HostName kraken.sharcnet.ca | |||
Host orca | |||
HostName orca.sharcnet.ca | |||
Host requin | |||
HostName requin.sharcnet.ca | |||
Host saw | |||
HostName saw.sharcnet.ca | |||
Host angel | |||
HostName angel.sharcnet.ca | |||
Host dtn | |||
HostName dtn.sharcnet.ca | |||
Host gulf | |||
HostName gulf.sharcnet.ca | |||
Host hound | |||
HostName hound.sharcnet.ca | |||
Host lundun | |||
HostName lundun.sharcnet.ca | |||
Host mako | |||
HostName mako.sharcnet.ca | |||
Host megamouth | |||
HostName megamouth.sharcnet.ca | |||
Host monk | |||
HostName monk.sharcnet.ca | |||
Host tope | |||
HostName tope.sharcnet.ca | |||
Host bramble | |||
HostName bramble.sharcnet.ca | |||
Host brown | |||
HostName brown.sharcnet.ca | |||
Host goblin | |||
HostName goblin.sharcnet.ca | |||
Host gulper | |||
HostName gulper.sharcnet.ca | |||
Host guppy | |||
HostName guppy.sharcnet.ca | |||
Host iqaluk | |||
HostName iqaluk.sharcnet.ca | |||
Host prism | |||
HostName prism.sharcnet.ca | |||
Host redfin | |||
HostName redfin.sharcnet.ca | |||
Host school | |||
HostName school.sharcnet.ca | |||
Host wobbie | |||
HostName wobbie.sharcnet.ca | |||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 13:24, 27 April 2018
You can use the ssh configuration file to save typing the full host name most of the time. For example, "ssh belize" is faster than "ssh belize.math.uwaterloo.ca".
The basics
Create the file ~/.ssh/config, and add the following:
# MATH hosts
Host boogaloo hood thelon winisk kazan
HostName %h.math.uwaterloo.ca
# SHARCNET hosts
Host kraken orca requin saw angel dtn gulf hound lundun mako megamouth monk tope bramble brown goblin gulper guppy iqaluk prism redfin school wobbie
HostName %h.sharcnet.ca
# COMPUTE CANADA hosts
Host graham
HostName %h.computecanada.ca
then change permissions on that config file to be only readable by your user:
chmod 600 ~/.ssh/config
and sure that ~/.ssh has full access only to your user:
chmod 700 ~/.ssh
Now you'll be able to ssh directly to all of those hosts by just using the main name.
Preventing time-out
You may run into issue where your ssh session is times-out and is killed from inactivity. You can prevent this by adding the following line within each 'host' group.
ServerAliveInterval 540
For example:
# MATH hosts
Host boogaloo
HostName %h.math.uwaterloo.ca
ServerAliveInterval 540
X Forwarding
If you want to automatically enable X forwarding, you can add
ForwardX11 yes
ForwardX11Trusted yes
to the hosts that you want to enable the X forwarding for. It's generally a Bad Idea to enable it for all hosts, so only enable it for the hosts that you trust and will be forwarding X from. If this is the MATH machines, then the snippet from the top becomes
# MATH hosts
Host boogaloo
HostName %h.math.uwaterloo.ca
ForwardX11 yes
ForwardX11Trusted yes
SciNet
SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines in your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc).
# SciNet
Host scinet sci
HostName login.scinet.utoronto.ca
Host dm1 datamover1
Hostname datamover1
ProxyCommand ssh -q scinet -W %h:%p
Host dm2 datamover2
Hostname datamover2
ProxyCommand ssh -q scinet -W %h:%p
Host gpc*
ProxyCommand ssh -q -Y scinet -W %h:%p
ForwardX11 yes
ForwardX11Trusted yes
Here X is only forwarded from the gpc development nodes, and not from the datamover nodes. For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases here:
# SciNet
Host scinet sci
HostName login.scinet.utoronto.ca
Host dm1
Hostname datamover1
Host dm2
Hostname datamover2
Older SSH clients
If you're running an older SSH client, it won't understand the %h shortcut used above. In that case, you'll need to use the fully spelled out aliases for those systems:
# MATH hosts
Host belize
HostName belize.math.uwaterloo.ca
Host thelon
HostName thelon.math.uwaterloo.ca
Host winisk
HostName winisk.math.uwaterloo.ca
Host kazan
HostName kazan.math.uwaterloo.ca
Host zambezi
HostName zambezi.math.uwaterloo.ca
Host plata
HostName plata.math.uwaterloo.ca
Host linux
HostName linux.math.uwaterloo.ca
Host biglinux
HostName biglinux.math.uwaterloo.ca
Host fastlinux
HostName fastlinux.math.uwaterloo.ca
# SHARCNET hosts
Host kraken
HostName kraken.sharcnet.ca
Host orca
HostName orca.sharcnet.ca
Host requin
HostName requin.sharcnet.ca
Host saw
HostName saw.sharcnet.ca
Host angel
HostName angel.sharcnet.ca
Host dtn
HostName dtn.sharcnet.ca
Host gulf
HostName gulf.sharcnet.ca
Host hound
HostName hound.sharcnet.ca
Host lundun
HostName lundun.sharcnet.ca
Host mako
HostName mako.sharcnet.ca
Host megamouth
HostName megamouth.sharcnet.ca
Host monk
HostName monk.sharcnet.ca
Host tope
HostName tope.sharcnet.ca
Host bramble
HostName bramble.sharcnet.ca
Host brown
HostName brown.sharcnet.ca
Host goblin
HostName goblin.sharcnet.ca
Host gulper
HostName gulper.sharcnet.ca
Host guppy
HostName guppy.sharcnet.ca
Host iqaluk
HostName iqaluk.sharcnet.ca
Host prism
HostName prism.sharcnet.ca
Host redfin
HostName redfin.sharcnet.ca
Host school
HostName school.sharcnet.ca
Host wobbie
HostName wobbie.sharcnet.ca