Jump to content

Mod:Hunt Research Group/pimpSSH

From ChemWiki

How to... pimp up your SSH client

your local config file

If you don't want to specify your username and various other parameters often used in SSH connections, you can set up a config file, that will take care of that for you. Just open or create the file ~/.ssh/config. Mine looks like this: 

Host hpc
     Hostname XXX.hpc.ic.ac.uk
     user XXX
Host marc
     Hostname XXX.uni-marburg.de
     user XXX
     Port YYY
Host *
     ForwardAgent yes
     ForwardX11 yes
     ForwardX11Trusted yes
     Compression yes
     NoHostAuthenticationForLocalhost yes
     ServerAliveInterval 900
     XAuthLocation /opt/X11/bin/xauth
     ServerAliveInterval 60
     ForwardX11Timeout 24h
     Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

(Wherever it says 'XXX' you have to enter the correct information of course.)

ServerAliveInterval 60 every 60 seconds send a null packet to the client to keep the connection alive
ClientAliveInterval 60 every 60 seconds send a null packet to the server to keep the connection alive
ForwardX11Timeout 24h refuses X11 connections after 12hours, 20min is the default??

a common "error" message on macs

  • if you see this:
No xauth data; using fake authentication data for X11 forwarding.
  • it means that the system cannot find your "xauth" program, macs have this in a non-standard directory
  • add "XAuthLocation /opt/X11/bin/xauth" to your config file as shown above

what does a config file do?

  • This allows you to set configurations that should apply to any host (* section) and specific settings for a few recurring hosts.
  • if you assign short names to the hosts, you can connect to the hpc simply by typing ssh hpc instead of ssh [options] username@domain.
  • the short names apply to all programs of the ssh family.
  • for example if I wanted to copy a file from the cluster in Marburg (my old university) to London, I could simply write scp marc:[file] hpc:[file] without having to worry about the different ports and usernames.

specialised commands

  • If you want to speed up your ssh connection
alias ssh-x='ssh -c aes128-ctr -XYC'
-c selects a cipher for encrypting the connection
-C enables compression of the ssh connection
-X enables X11 forwarding
-Y enhances the security of the X11 forwarding connection

your system config file

system config files can be found in
/etc/ssh/ssh_config
/etc/ssh/sshd_config

using a cipher

use the command "ssh -Q cipher" to see which ciphers are available, for example
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
Retrieved from "https://chemwiki.ch.ic.ac.uk/index.php?title=Mod:Hunt_Research_Group/pimpSSH&oldid=761557"