[CoLoCo] ssh but kind of a mac question so please forgive

Scott Scriven ubuntu-us-co at toykeeper.net
Tue Sep 23 06:21:31 BST 2008 

* Jim Hutchinson <jim at ubuntu-rocks.org> wrote:
> > For security reasons I don't want to copy the key.

In general, it's not an issue.  Just generate a key pair on each 
host with "ssh-keygen", and add the public key to your server in 
~/.ssh/authorized_keys.  Then, if you ever have reason to believe 
your key has been compromised, remove it from your 
authorized_keys file.

Using a different key for each host makes it easy to turn 
individual hosts on/off, and greatly reduces the problem of 
keeping keys secure.

> I'll give this a try. I have a couple follow up questions, 
> though. Are all those fields necessary? Does this just set up 
> one particular host and if you have 2 or more you would do one 
> for each? I'm curious why it doesn't at least set up parts of 
> this for each host (or does it?).  Can the nickname be 
> arbitrary? Do you then specify this in the ssh command or does 
> it just look for it anyway?

The .ssh/config file basically saves you the trouble of having to 
use command line options.  So, instead of running this...

  ssh -D 8080 -p 5151 myuser at 1.2.3.4

You could instead run this...

  ssh home-tunnel

You just need to make a config file...

  Host home-tunnel ht
    Hostname 1.2.3.4
    Port 5151
    DynamicForward 8080

  Host *
    User myuser

Note that, as shown, you could shorten the command even more:

  ssh ht

You can specify as many hosts as you like; just remember to put 
defaults at the bottom.  In this example, the username 'myuser' 
will be used anywhere you don't specify otherwise.  You could 
also do other types of defaults, like having different settings 
for work, for launchpad, and for home:

  Host home
    Hostname 1.2.3.4

  Host www
    Hostname web-server-1.myemployer.com

  Host *.myemployer.com
    User my_work_user_name
    IdentityFile ~/.ssh/id_rsa.work

  Host *.launchpad.net
    User my_launchpad_user_name
    IdentityFile ~/.ssh/id_rsa.launchpad

  Host *
    User my_default_user_name

Does this help clear things up, and explain some of the 
possibilities?


-- Scott

More information about the Ubuntu-us-co mailing list