ssh config: Difference between revisions

From Fluids Wiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
 
(12 intermediate revisions by 3 users not shown)
Line 4: Line 4:
Create the file ~/.ssh/config, and add the following:
Create the file ~/.ssh/config, and add the following:


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="bash">
  # MATH hosts
# MATH hosts
  Host belize thelon winisk kazan zambezi plata fe101 fe105 fe107 cpu105 cpu111 cpu113 cpu119 cpu121 cpu123 cpu125 cpu127
Host boogaloo hood thelon winisk kazan
      HostName %h.math.uwaterloo.ca
    HostName %h.math.uwaterloo.ca
 
# SHARCNET hosts
Host kraken orca requin saw angel dtn gulf hound lundun mako megamouth monk tope bramble brown goblin gulper guppy iqaluk prism redfin school wobbie
    HostName %h.sharcnet.ca
 
# COMPUTE CANADA hosts
Host graham
    HostName %h.computecanada.ca


  # SHARCNET hosts
  Host kraken orca requin saw angel dtn gulf hound lundun mako megamouth monk tope bramble brown goblin gulper guppy iqaluk prism redfin school wobbie
      HostName %h.sharcnet.ca
</syntaxhighlight>
</syntaxhighlight>


then change permissions on that config file to be only readable by your user:
then change permissions on that config file to be only readable by your user:


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="bash" enclose="div">
   chmod 600 ~/.ssh/config
   chmod 600 ~/.ssh/config
</syntaxhighlight>
</syntaxhighlight>
Line 22: Line 27:
and sure that ~/.ssh has full access only to your user:
and sure that ~/.ssh has full access only to your user:


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="bash" enclose="div">
   chmod 700 ~/.ssh
   chmod 700 ~/.ssh
</syntaxhighlight>
</syntaxhighlight>


Now you'll be able to ssh directly to all of those hosts by just using the main name.
Now you'll be able to ssh directly to all of those hosts by just using the main name.
=== Preventing time-out ===
You may run into issue where your ssh session is times-out and is killed from inactivity. You can prevent this by adding the following line within each 'host' group.
<syntaxhighlight lang="bash">
    ServerAliveInterval 540
</syntaxhighlight>
For example:
<syntaxhighlight lang="bash" enclose="div">
# MATH hosts
Host boogaloo
    HostName %h.math.uwaterloo.ca
    ServerAliveInterval 540
</syntaxhighlight>
=== X Forwarding ===
If you want to automatically enable X forwarding, you can add
<syntaxhighlight lang="bash" enclose="div">
    ForwardX11 yes
    ForwardX11Trusted yes
</syntaxhighlight>
to the hosts that you want to enable the X forwarding for. It's generally a [https://padraic2112.wordpress.com/2007/07/09/bad-security-201-remote-x-sessions-over-ssh/ Bad Idea] to enable it for all hosts, so only enable it for the hosts that you trust and will be forwarding X from. If this is the MATH machines, then the snippet from the top becomes
<syntaxhighlight lang="bash" enclose="div">
# MATH hosts
Host boogaloo
    HostName %h.math.uwaterloo.ca
    ForwardX11 yes
    ForwardX11Trusted yes
</syntaxhighlight>


== SciNet ==
== SciNet ==
SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines in your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc).
SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines in your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc).


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="bash" enclose="div">
   # SciNet
   # SciNet
   Host scinet sci
   Host scinet sci
Line 45: Line 83:


   Host gpc*
   Host gpc*
       ProxyCommand ssh -q scinet -W %h:%p
       ProxyCommand ssh -q -Y scinet -W %h:%p
      ForwardX11 yes
      ForwardX11Trusted yes
</syntaxhighlight>
</syntaxhighlight>


For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases:
Here X is only forwarded from the gpc development nodes, and not from the datamover nodes. For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases here:


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="bash" enclose="div">
   # SciNet
   # SciNet
   Host scinet sci
   Host scinet sci
Line 62: Line 102:
</syntaxhighlight>
</syntaxhighlight>


== X Forwarding ==
== Older SSH clients ==
If you want to automatically enable X forwarding, you can add
If you're running an older SSH client, it won't understand the %h shortcut used above. In that case, you'll need to use the fully spelled out aliases for those systems:
<syntaxhighlight lang="text" enclose="div">
      ForwardX11 yes
      ForwardX11Trusted yes
</syntaxhighlight>
to the hosts that you want to enable the X forwarding for. It's generally a [https://padraic2112.wordpress.com/2007/07/09/bad-security-201-remote-x-sessions-over-ssh/ Bad Idea] to enable it for all hosts, so only enable it for the hosts that you trust and will be forwarding X from. If this is the MATH machines, then the snippet from the top becomes
 
<syntaxhighlight lang="text" enclose="div">
  # MATH hosts
  Host belize thelon winisk kazan zambezi plata fe101 fe105 fe107 cpu105 cpu111 cpu113 cpu119 cpu121 cpu123 cpu125 cpu127
      HostName %h.math.uwaterloo.ca
      ForwardX11 yes
      ForwardX11Trusted yes
</syntaxhighlight>
 
== thelon / kazan / winisk ==
These hosts don't understand the %h shortcut used above. So you need to paste in the fully spelled out aliases for those systems:


<syntaxhighlight lang="text" enclose="div">
<syntaxhighlight lang="text" enclose="div">
# MATH hosts
# MATH hosts
Host belize belize.math
Host belize
     HostName belize.math.uwaterloo.ca
     HostName belize.math.uwaterloo.ca


Host thelon thelon.math
Host thelon
     HostName thelon.math.uwaterloo.ca
     HostName thelon.math.uwaterloo.ca


Host winisk winisk.math
Host winisk
     HostName winisk.math.uwaterloo.ca
     HostName winisk.math.uwaterloo.ca


Host kazan kazan.math
Host kazan
     HostName kazan.math.uwaterloo.ca
     HostName kazan.math.uwaterloo.ca


Host fe101 fe101.math
Host zambezi
     HostName fe101.math.uwaterloo.ca
     HostName zambezi.math.uwaterloo.ca
 
Host fe105 fe105.math
    HostName fe105.math.uwaterloo.ca
 
Host fe107 fe107.math
    HostName fe107.math.uwaterloo.ca
 
Host cpu105 cpu105.math
    HostName cpu105.math.uwaterloo.ca
 
Host cpu111 cpu111.math
    HostName cpu111.math.uwaterloo.ca
 
Host cpu113 cpu113.math
    HostName cpu113.math.uwaterloo.ca
 
Host cpu119 cpu119.math
    HostName cpu119.math.uwaterloo.ca


Host cpu121 cpu121.math
Host plata
     HostName cpu121.math.uwaterloo.ca
     HostName plata.math.uwaterloo.ca


Host cpu123 cpu123.math
Host linux
     HostName cpu123.math.uwaterloo.ca
     HostName linux.math.uwaterloo.ca


Host cpu125 cpu125.math
Host biglinux
     HostName cpu125.math.uwaterloo.ca
     HostName biglinux.math.uwaterloo.ca


Host cpu127 cpu127.math
Host fastlinux
     HostName cpu127.math.uwaterloo.ca
     HostName fastlinux.math.uwaterloo.ca


# SHARCNET hosts
# SHARCNET hosts

Latest revision as of 13:24, 27 April 2018

You can use the ssh configuration file to save typing the full host name most of the time. For example, "ssh belize" is faster than "ssh belize.math.uwaterloo.ca".

The basics

Create the file ~/.ssh/config, and add the following:

# MATH hosts
Host boogaloo hood thelon winisk kazan
    HostName %h.math.uwaterloo.ca

# SHARCNET hosts
Host kraken orca requin saw angel dtn gulf hound lundun mako megamouth monk tope bramble brown goblin gulper guppy iqaluk prism redfin school wobbie
    HostName %h.sharcnet.ca

# COMPUTE CANADA hosts
Host graham
    HostName %h.computecanada.ca

then change permissions on that config file to be only readable by your user:

   chmod 600 ~/.ssh/config

and sure that ~/.ssh has full access only to your user:

   chmod 700 ~/.ssh

Now you'll be able to ssh directly to all of those hosts by just using the main name.

Preventing time-out

You may run into issue where your ssh session is times-out and is killed from inactivity. You can prevent this by adding the following line within each 'host' group.

    ServerAliveInterval 540

For example:

# MATH hosts
Host boogaloo
    HostName %h.math.uwaterloo.ca
    ServerAliveInterval 540

X Forwarding

If you want to automatically enable X forwarding, you can add

    ForwardX11 yes
    ForwardX11Trusted yes

to the hosts that you want to enable the X forwarding for. It's generally a Bad Idea to enable it for all hosts, so only enable it for the hosts that you trust and will be forwarding X from. If this is the MATH machines, then the snippet from the top becomes

# MATH hosts
Host boogaloo
    HostName %h.math.uwaterloo.ca
    ForwardX11 yes
    ForwardX11Trusted yes


SciNet

SciNet has a login node that you need to login to first before you can access the transfer/development nodes. You can shortcut this process with a few more lines in your ~/.ssh/config file. The following lines make sense for any machine outside of SciNet (your laptop, belize, etc).

  # SciNet
  Host scinet sci
      HostName login.scinet.utoronto.ca

  Host dm1 datamover1
      Hostname datamover1
      ProxyCommand ssh -q scinet -W %h:%p

  Host dm2 datamover2
      Hostname datamover2
      ProxyCommand ssh -q scinet -W %h:%p

  Host gpc*
      ProxyCommand ssh -q -Y scinet -W %h:%p
      ForwardX11 yes
      ForwardX11Trusted yes

Here X is only forwarded from the gpc development nodes, and not from the datamover nodes. For the ~/.ssh/config file on your SciNet account, you do not want to include the proxy commands. It only makes sense to include the aliases here:

  # SciNet
  Host scinet sci
      HostName login.scinet.utoronto.ca

  Host dm1
      Hostname datamover1

  Host dm2
      Hostname datamover2

Older SSH clients

If you're running an older SSH client, it won't understand the %h shortcut used above. In that case, you'll need to use the fully spelled out aliases for those systems:

# MATH hosts
Host belize
    HostName belize.math.uwaterloo.ca

Host thelon
    HostName thelon.math.uwaterloo.ca

Host winisk
    HostName winisk.math.uwaterloo.ca

Host kazan
    HostName kazan.math.uwaterloo.ca

Host zambezi
    HostName zambezi.math.uwaterloo.ca

Host plata
    HostName plata.math.uwaterloo.ca

Host linux
    HostName linux.math.uwaterloo.ca

Host biglinux
    HostName biglinux.math.uwaterloo.ca

Host fastlinux
    HostName fastlinux.math.uwaterloo.ca

# SHARCNET hosts
Host kraken
    HostName kraken.sharcnet.ca

Host orca
    HostName orca.sharcnet.ca

Host requin
    HostName requin.sharcnet.ca

Host saw
    HostName saw.sharcnet.ca

Host angel
    HostName angel.sharcnet.ca

Host dtn
    HostName dtn.sharcnet.ca

Host gulf
    HostName gulf.sharcnet.ca

Host hound
    HostName hound.sharcnet.ca

Host lundun
    HostName lundun.sharcnet.ca

Host mako
    HostName mako.sharcnet.ca

Host megamouth
    HostName megamouth.sharcnet.ca

Host monk
    HostName monk.sharcnet.ca

Host tope
    HostName tope.sharcnet.ca

Host bramble
    HostName bramble.sharcnet.ca

Host brown
    HostName brown.sharcnet.ca

Host goblin
    HostName goblin.sharcnet.ca

Host gulper
    HostName gulper.sharcnet.ca

Host guppy
    HostName guppy.sharcnet.ca

Host iqaluk
    HostName iqaluk.sharcnet.ca

Host prism
    HostName prism.sharcnet.ca

Host redfin
    HostName redfin.sharcnet.ca

Host school
    HostName school.sharcnet.ca

Host wobbie
    HostName wobbie.sharcnet.ca