SSH - How to Use Config File

Tiago Stoco -

A VPN has not been setup neither for my home network nor my servers and the secure way currently being used to connect to them is SSH.

And, I am currently creating hard to maintain aliases in order to connect to my servers as seen below:

# SSH - Global Variable
ssh_LH="127.0.0.1"

## SSH - Tucana - FW1 SSH Connection #########

ssh_fw1_key_path="/home/tiago/Desktop/servers/Tucana/HV1/FW1/SSH/fw1-ssh-key"
ssh_fw1_user="admin"
ssh_fw1_address="fw1.infoitech.co.uk"

#>>>>>>>> Tunnels <<<<<<<

hv1_ip="192.168.1.100"
fw1_ip="192.168.1.2"
hv1_storage_game="192.168.30.50"

hv1_storage_game="$ssh_LH:322:$hv1_storage_game:22"
hv1_proxmox_ssh="$ssh_LH:222:$hv1_ip:22"
hv1_proxmox_gui="$ssh_LH:18006:$hv1_ip:8006"

fw1_gui="$ssh_LH:1443:$fw1_ip:443"

#>>>>>>>>>>>><<<<<<<<<<<<<
alias ssh-fw1='
sudo ssh -i $ssh_fw1_key_path \
-L $hv1_proxmox_ssh \
-L $hv1_proxmox_gui \
-L $fw1_gui \
-L $hv1_storage_game \
$ssh_fw1_user@$ssh_fw1_address
'

######################

It is time to learn how to properly use the ssh agent command and the  ssh config file to facilitate our life.

Navigate to your user's ssh folder and create the file config if not already there :

tiago@desktop-linux:~ $ cd ~/.ssh
tiago@desktop-linux:~/.ssh $ touch config
tiago@desktop-linux:~/.ssh $ ll
total 20
drwx------  2 tiago tiago 4096 Mar 26 02:48 ./
drwxr-xr-x 36 tiago tiago 4096 Mar 26 03:13 ../
-rw-------  1 tiago tiago   94 Mar 26 02:48 config
-rw-------  1 tiago tiago 3162 Mar 24 04:44 known_hosts
-rw-r--r--  1 tiago tiago 2942 Mar 17 15:19 known_hosts.old
It is important to restrict the permissions for this file to avoid abuse. Set it to user read and write only.
It is also important to notice that if you are forwarding privileged ports, instead of adding the config file to a normal user it has to be added to the root's user ssh profile folder ( /root/.ssh/ ).
And the IdentityFile option pointing to the private key should be used instead of the SSH agent as used in the example below.

Edit the file with your server parameters :

Host router1
        Hostname        192.168.20.1
        # R1 - LUCI GUI
        LocalForward    127.0.0.1:2443  127.0.0.1:443 
        # R2 - LUCI GUI ( HTTP )
        LocalForward    127.0.0.1:180  192.168.5.2:80 
        # R2 - SSH
        LocalForward    127.0.0.1:322  192.168.5.2:22 
        User            root

If you are using key authentication. We will need to add our key to the ssh agent with command below :

tiago@desktop-linux:~/.ssh $ ssh-add /home/tiago/Desktop/routers/linksys/SSH/private_openssh
Enter passphrase for /home/tiago/Desktop/routers/linksys/SSH/private_openssh: 
Identity added: /home/tiago/Desktop/routers/linksys/SSH/private_openssh (rsa-key-20190913)
tiago@desktop-linux:~/.ssh 13s $

We can now connect to our servers with the simple command :

tiago@desktop-linux:~/.ssh $ ssh router1

Resources :

SSH Config Manual

Visual Guide to SSH Tunnels

ssh-add Manual