In trying to implement some of the hacks in Linux Server Hacks, I had to go to the ssh manpage, where I discovered a number of cool tricks.
- In order to get key-based authentication (i.e., passwordless) working, the
$HOME/.sshdirectory must be mode
0700, and all files in it must be mode
0600. Once that's setup properly, key-based authentication works perfectly.
- You can have a file called config in your
$HOME/.sshdirectory that specifies user-specific settings for using SSH, as well as a number of host-specific settings:
Compression yesturns on compression
ForwardX11 yesturns on X11 forwarding by default
ForwardAgent yesturns on ssh-agent forwarding by default
- Host-based settings go from one Host keyword to the next, so place them at the end of the file. Do it in the following order:
```apacheconf Host nickname HostName actual.host.name User username_on_that_host Port PortToUse ``` This means, for instance, that I can ssh back and forth between home using the same key-based authentication and the same ssh-to script ([more below](#ssh-to)) I use for work servers -- because I don't have to specify the port or the username.
I mentioned a script called
ssh-to earlier. This is a neat little hack from the server hacks book as well. Basically, you have the following script in your path somewhere:
#!/bin/bash ssh -C `basename $0` $*
Then, elsewhere in your path, you do a bunch of
ln -s /path/to/ssh-to /path/to/$HOSTNAME, where
$HOSTNAME is the name of a host to which you ssh regularly; this is where specifying a host nickname in your
$HOME/.ssh/config file can come in handy. Then, to ssh to any such server, you simply type
$HOSTNAME at the command line, and you're there!