Quick SSH access
How to not get lost in the forest of ssh servers you have to work with

Development Cluj Napoca, Sept. 19, 2016, by Yeti
Estimated reading time:
Tags: DevOps
For 8vance, one of the more complex projects that we're working on here in Cluj, we have a growing infrastructure - about 15 servers for production, acceptance and testing put together.

As our product is growing rapidly, some of these servers switch roles or become more specialized in their purpose, and they don't always (deserve to) get a DNS name just as they are created - so people need to keep track of servers and login credentials, which usually means that probably they will have to look something up in their inboxes every time they don't work with the one server they normally work on.

Luckily,  the ssh package in Ubuntu (and other distros, I'm sure) comes with some nifty tools to handle things like this. I realised that not everybody uses them, so this quick post serves as a quick'n'dirty howto for managing credentials to many servers.

~/.ssh/config

The ~/.ssh/config file is a nice place to put aliases and configs for your servers. Some of the more common things you can put in there are the port, an alias for the server, the username you want to connect with, and the identity (key) you want to use. If the file does not exist by default, you can just create it, ssh will pick it up.

What's awesome about this file is that the ssh command is aware of it and you get auto-complete features for ssh names in your terminal (also works with scp). So instead of writing something like ssh user@123.45.67.89, you would write ssh prod and you will be prompted for a password.

Example entry in ~/.ssh/config
Host rpi
Hostname 192.168.0.102
User pi

Host lair
Hostname 37.251.139.245
User yeti
Port 24

Keys > passwords

Using the PKI and your own private keys makes it possible (and easy) to login without passwords, so that you don't have to look them up every time. The way to set this up is to get your own key (if you use github or bitbucket with ssh, you probably did this already). Then you copy your key in the ~/.ssh/authorized_keys of the target server's user you use and you're done. Ubuntu comes with an utility to do this automatically for you: ssh-copy-id. Just do something like ssh-copy-id prod and your keys will be copied over the prod.

By now, it should be enough to just type ssh prod and you should be ready to rock. Even better, your sysadmin can copy your keys from an existing server to a new server he/she is setting up for you, and you have access - no need for passwords ever to go over the network. However, you'll probably still want to know your password for sudo purposes.

Bonus: mobile access

The number one Android ssh client (by default Google Play Store reckoning) is called JuiceSSH. If you want to be able to set up 15 server connections on it, it takes a lot of typing and fidgeting. Fortunately, JuiceSSH also has this companion app that takes your ~/.ssh/config file and it loads all your hosts as connections in JuiceSSH, so you're ready to go. 

As a sidenote, JuiceSSH also allows you to set up your keys so that you can access the system(s) without passwords.
Image of Yeti
About the author
I believe the more people know how to express their ideas in code, the better the world can become.

36 Comments



Leave a Comment