SSH configuration file: Difference between revisions

no edit summary
(Created page with "<translate> ''Parent page: SSH'' On Linux and macOS you can modify your local SSH configuration file to change the default behaviour of <code>ssh</code> and simplify the login procedure. For example, if you want to login to <code>narval.computecanada.ca</code> as <code>username</code> using a SSH key with both agent and X11 forwarding enabled you need to use the following command: {{Command|prompt=[name@yourLaptop ~]|ssh -A -Y -i ~/.ssh/y...")
 
No edit summary
Line 2: Line 2:
''Parent page: [[SSH]]''
''Parent page: [[SSH]]''


On Linux and macOS you can modify your local SSH configuration file to change the default behaviour of <code>ssh</code> and simplify the login procedure. For example, if you want to login to <code>narval.computecanada.ca</code> as <code>username</code> using a [[Using SSH keys in Linux|SSH key]] with both agent and X11 forwarding enabled you need to use the following command:
On Linux and macOS you can modify your local SSH configuration file to change the default behaviour of <code>ssh</code> and simplify the login procedure. For example, if you want to login to <code>narval.computecanada.ca</code> as <code>username</code> using a [[Using SSH keys in Linux|SSH key]] you may need to use the following command:
{{Command|prompt=[name@yourLaptop ~]|ssh -A -Y -i ~/.ssh/your_private_key username@narval.computecanada.ca}}
{{Command|prompt=[name@yourLaptop ~]|ssh -i ~/.ssh/your_private_key username@narval.computecanada.ca}}
To avoid having to type this command each time you want to connect to Narval, add the following to <code>~/.ssh/config</code> on your local machine:
To avoid having to type this command each time you want to connect to Narval, add the following to <code>~/.ssh/config</code> on your local machine:
   Host narval
   Host narval
Line 9: Line 9:
     HostName narval.computecanada.ca
     HostName narval.computecanada.ca
     IdentityFile ~/.ssh/your_private_key
     IdentityFile ~/.ssh/your_private_key
    ForwardX11 yes
 
    ForwardX11Trusted yes
    ForwardAgent yes
You can now log into Narval by typing
You can now log into Narval by typing
{{Command|prompt=[name@yourLaptop ~]|ssh narval}}
{{Command|prompt=[name@yourLaptop ~]|ssh narval}}
Line 22: Line 20:
     [...]
     [...]
Note that you need to install your public [[SSH Keys | SSH key]] on each cluster separately or use [[SSH Keys#Using CCDB | CCDB]].
Note that you need to install your public [[SSH Keys | SSH key]] on each cluster separately or use [[SSH Keys#Using CCDB | CCDB]].
Note that other options of the <code>ssh</code> commands have corresponding parameters that you can put in your <code>~/.ssh/config</code> file on your machine. In particular, <code>-X</code> (X11 forwarding), <code>-Y</code> (trusted X11 forwarding), or <code>-A</code> (agent forwarding), can be set by adding lines with <code>ForwardX11 yes</code>, <code>ForwardX11Trusted yes</code> and <code>ForwardAgent yes</code> in the corresponding sections of your configuration file. Note however that we do not recommend doing so in general. Enabling X11 forwarding by default for all of your connection can slow down your sessions, especially if your X11 client on your computer is misconfigured.
Similarly, while forwarding your SSH agent is convenient, and is more secure than typing a password on a remote computer, it still comes with a risk. Should the server to which you are connecting to be compromised, a privileged user (<code>root</code>) could use your agent and connect to another host without your knowledge. That is why we recommend to use agent forwarding only when you need it. We also recommend that if you use this feature, you should combine it with <code>ssh-askpass</code>, so that any use of your SSH agent triggers a prompt on your computer, preventing usage of your agent without your knowledge.
[[Category:Connecting]]
[[Category:Connecting]]
</translate>
</translate>
Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837

edits