posts/2018-09-06-ssh-recommendations.html

   1 <!DOCTYPE html>
   2 <html lang="en">
   3 <meta charset="utf-8">
   4 <meta name="viewport" content="width=device-width, initial-scale=1">
   5 <link rel="stylesheet" href="../style.css" type="text/css">
   6 <link rel="icon" type="image/png" href="icon.png">
   7 <title>SSH recommendations</title>
   8 <body>
   9 <h1>azarus' page</h1>
  10 <h2>SSH recommendations</h2>
  11 <p>Date: 2018-09-06</p>
  12 <p>I realized how inconvenient and what a hassle it is to use ssh with its
  13 default settings, so here's what I use to save my fingers from typing lots.
  14 <h2>ssh-agent</h2>
  15 <p>You certainly use public-key based authentiation in SSH with locally
  16 encrypted keys <i>(right?)</i>. If you're wondering how people keep sane when
  17 entering their key password multiple times daily: <b>They don't.</b> They
  18 use ssh-agent, which is provided with OpenSSH. To make it start and be the same
  19 across all your shell sessions, here's a fragment of my ~/.kshrc:</p>
  20 <pre>
  21 export SSH_AUTH_SOCK=~/.ssh/ssh-agent.sock
  22 ssh-add -l 2&lt;/dev/null &gt;dev/null
  23 if [ $? -ge 2 ]; then
  24         ssh-agent -a "$SSH_AUTH_SOCK" &gt;/dev/null
  25 fi
  26 </pre>
  27 <p>To make ssh-agent add your keys when you first use them in the session, add
  28 this in your ~/.ssh/config:</p>
  29 <pre>
  30 AddKeysToAgent yes
  31 </pre>
  32 <h2>SSH multiplexing</h2>
  33 <p>SSH connections take a while to establish, and waiting for things to happen
  34 is just so... <i>80s</i>. So the clever folks who invented and wrote the SSH
  35 protocol added a handy feature: <b>multiplexed connections.</b></p>
  36 <p>When using a multiplexed connection, any subsequent connection is initialized
  37 almost instantaneously, since there is no need for:
  38 <ul>
  39         <li>DNS lookup (possibly even a timely reverse one)</li>
  40         <li>Establishing a TCP connection</li>
  41         <li>Authentication</li>
  42 </ul>
  43 And thus, multiplexing is very handy for when you want to use multiple or many
  44 SSH sessions subsequently. To enable them (which I recommend), add to
  45 ~/.ssh/config:</p>
  46 <pre>
  47 ControlMaster auto
  48 ControlPath ~/.ssh/cm-%r@%h:%p
  49 ControlPersist 10m
  50 </pre>
  51 <h2>Note</h2>
  52 <p>Everything described here is also (of course) documented in the
  53 <a href="https://man.openbsd.org/ssh">ssh man page</a> <i>(also see the "see
  54 also" <a href="https://man.openbsd.org/ssh#SEE_ALSO">section</a>)</i> provided
  55 with OpenSSH.</p>
  56 <footer>
  57 <hr>
  58 <p>Unless otherwise noted, this content is <a href="https://creativecommons.org/publicdomain/zero/1.0/">
  59 publicly licensed (CC0)</a>.</p>
  60 <p>This website is served by the <a href="https://man.openbsd.org/httpd">httpd</a> daemon, running on OpenBSD 6.3.</p>
  61 </footer>
  62 </body>
  63 </html>