SSH / Clientconfig – Unknown wrongfully
If you have several Linux servers in your care and are allowed to maintain them, you surely know the problem of different SSH keys for different customers, environments or security aspects. Now of course there are several solutions, one approach could be to use the putty agent (under Windows). But if you work with a Linux client or use one in a private environment, it will be difficult. Of course there are also possible agents like keychain. But there are also possibilities with the already installed openssh-client, which I have to introduce to you here. For some reason this possibility is quite unknown, we want to change that. By the way this usage also works for rsync and other SSH based tools.
With the configfile located in the .ssh directory of the userhome, you can store all possible settings for the SSH client, including connection settings like:
1 2 ForwardAgent yes ForwardX11 yes
But what I actually wanted to talk about is the fact that you can also pass the
IdentityFile at this point, even bound to a host context. Let’s assume you have one key for the host fu-solutions.de and another for weichert.it and don’t want to pass usernames or the keyfile. Without setting up an alias. The corresponding host context in
~/.ssh/config would look like this:
1 2 3 4 5 6 7 8 9 ForwardAgent yes ForwardX11 yes Host fu-solutions.com User Admin1 IdentityFile ~/.ssh/key-file1 Host soft.it User Admin2 IdentityFile ~/.ssh/key-file2
Now it is enough to enter the command line
ssh weichert.it or
ssh fu-solutions.de and after a confirmation the connection is automatically established with Admin2 or Admin1 (depending on the destination) and the corresponding
Match the targets or environments can be differentiated.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 # Used for connections to fu-solutions.de Host fu-solutions.de User Admin1 IdentityFile ~/.ssh/key-file1 # Used for connections to weichert.it Host weichert.it User Admin2 IdentityFile ~/.ssh/key-file2 # Used for all host with domain "domain.tld" # without an identityfile Host *.domain.tld User Admin3 # Match is used for combining host conditions.
This should be an incentive at this point, I hope I could give you a new and interesting opportunity to organize the SSH connections on a jumphost or your client. More information about the possibilities and possible configuration parameters can be found on the page ssh.com or in the manpage for ssh_config(5).