Don’t type usernames
If your username on a remote server is different from your local username, specify this in your SSH config as well:
Host www* mail HostName %h.example.com User simon
Now even though my local username is smylers, I can just do:
$ ssh www2
and SSH will connect to the simon account on the server. Again, Putty users can save usernames in their session config to avoid being prompted on each connection.
It can be irritating if a network blip terminates your SSH connections. OpenSSH can be told to ignore short outages (though this also means it takes longer to notice permanent outages). The precise numbers to use are a matter of preference, but putting something like this in your SSH config seems to work quite well:
TCPKeepAlive no ServerAliveInterval 60 ServerAliveCountMax 10
If the network disappears your connection will hang, but if it then re-appears with 10 minutes it will resume working.
If connecting to a server seems to sit there for a few seconds not doing anything, try adding this line to your config:
GSSAPI is an authentication method related to Kerberos. If you don’t know what it is, you almost certainly aren’t using it. But some servers are configured to attempt GSSAPI authentication, and only try other methods after a 2-second time-out. By instructing your client never to use this authentication method, the attempt, and therefore the time-out, is skipped.
And if that speeds up connecting for you, ask the server’s sys-admin to disable it in the server config, for the benefit of all users ‒ exactly the same line as above, but in
Jumping through servers
Sometimes you can’t make a network connection directly to the server you wish to access; you have to first SSH to an intermediate server and then on to the server you want. This can also be automated. First make sure that you have keys and agent forwarding set up so that you can SSH to the intermediate server in one command and from there to the target server in a second command, each without any prompting:
$ ssh gateway gateway $ ssh db
Then in your local SSH config, specify that a connection to the target server should be proxied through the intermediate server, using the -W option:
Host db HostName db.internal.example.com ProxyCommand ssh gateway -W %h:%p
Then you can just do:
$ ssh db
And, after a brief pause while SSH chugs through authenticating twice, you’ll have a shell on the second server. The -W option was introduced in OpenSSH 5.4. If you have an older version you can achieve the same result with Netcat instead.
Reverse ssh tunnel with key
At the server
ssh-keygen -t rsa no passphrase (enter)
/usr/bin/tunel.sh and write:
#!/bin/bash while : do ssh -l user -R 8000:localhost:22 -N example.com done
.ssh/id_rsa.pub to the client and put it in
scp .ssh/id_rsa.pub firstname.lastname@example.org:/home/user/.ssh/authorized_keys
Reverse tunnel without key
At the server:
ssh -l user -R 8000:localhost:22 -f -N example.com
At the client:
last updated on 11 Apr 2015, 7:40 p.m.
ssh root@localhost -p 8000