SSH - Custom configuration set-up
The .ssh/config
file is the central user-specific file where most
customization ca go into. For example, it can specify which username
ssh
should use for which connection or which private key should be
used to connect to a specific service.
Unfortunately, given how much complexity can be offloaded into this
file, set-up may not be straight-forward and this single FAQ page will
never be enough to describe anything in detail. In question, please use
man ssh_config
as you initial reference.
Base Atlas’ specific set-up
Put this set of lines into ~/.ssh/config
to tell ssh
to use the
specified username and private key to log into Atlas.
Host *.atlas.aei.uni-hannover.de
IdentitiesOnly yes
IdentityFile ~/.ssh/id_ed25519-atlas
user USER
(please exchange USER
on the last line with your Atlas user name
given to you at account creation).
Gitlab set-up
For our gitlab instance gitlab.aei.uni-hannover.de
, the appropriate
lines for using your dedicated key ~/.ssh/id_ed25519-aei-gitlab
would be
Host gitlab.aei.uni-hannover.de
IdentitiesOnly yes
IdentityFile ~/.ssh/id_ed25519-aei-gitlab
user git
(this will only work, if you uploaded the public key to this private one via the web interface beforehand)
Notable other options
There are a number of options you may or may not want to set. If you
required a remote graphical window via the “X” interface, you may need
to specify ForwardX11 yes
and maybe even ForwardX11Trusted yes
in
your ~/.ssh/config
(please see word of caution section below).
Also, if you want to re-use you public key within Atlas to hop from
one host to another internally, you may want to forward the ssh agent
connection by specifying ForwardAgent yes
in ~/.ssh/config
.
Word of caution: Enabling any of the forwarding features, will
create a direct 2-way connection between your local machine and the
machine you are logged into. Anyone with root
privileges on the
remote machine could in principle access your local machine via these
channels, i.e. your local X
-server or the ssh agent.
Obviously, we do not do that, but you may need to weigh the (small) risk against the convenience offered here!