ssh configuration

ssh tips & tricks #

Setting up simpler logins #

It can be tedious to remember to type long login commands every time when logging in via ssh to hamilton. I therefore recommend that you set up an ssh config file.

Additionally, you might also want to set up ssh keys for passwordless login.

The ssh-config configuration file #

When you run ssh it reads a configuration file at $HOME/.ssh/config. This file contains configuration commands that the ssh client applies. For full details, see the documentation.
When you run ssh it reads a configuration file at C:\Users\yourusername\.ssh\config. This file contains configuration commands that the ssh client applies. For full details, see the documentation.

We will just add some configuration to make it simpler to access Hamilton. To do so, we add a configuration block that contains

Host hamilton
  HostName hamilton.dur.ac.uk
  User YOURUSERNAME

Having done so, you can now write ssh hamilton instead of ssh YOURUSERNAME@hamilton.dur.ac.uk.

Passwordless login with ssh keys #

This bit is somewhat more complicated to get right, so if you’re happy with the shortened login, you could just stop.

As well as permitting login with a password, ssh allows login via public key authentication. To work, your local machine must have a keypair, and any remote machine you wish to log in to must have the public key.

A minimal sequence of instructions is to generate a keypair on your local machine with

$ ssh-keygen -t rsa -b 4096 -C "YOUREMAIL@ADDRESS"
Here, and elsewhere in the notes, the $ indicates the shell prompt. You should not type it.

This will prompt you for a passphrase. DO NOT LEAVE IT BLANK, since without a passphrase, anyone with the private key can log in as you!

Next, you must copy the public key to the server you wish to log in to. You can do this (assuming you set up your ssh config as above) with ssh-copy-id hamilton.

Now, when you log in, you’ll be prompted for the passphrase for the private key before being asked for your password. This may not seem like an advantage, but you can set up an ssh-agent that saves the passphrases on your machine for the duration of a login session.

Getting the agent setup continues to be complicated, although possibly your system just does it by magic. GitHub have a useful guide (ignore the github-specific bits). On Mac, this stackexchange question has some tips.