You are here

A couple of SSH tips

So I discovered something interesting about SSH a couple of months ago, and something else a couple of days ago; these discoveries together answered a bunch of my questions about why I could never make SSH work properly.

First, it turns out that SSH, unlike most programs that read config files, takes the first assignment to a config variable and ignores later ones. This means that if you want overrideable global settings, for example to the User variable, you need to put them at the end of the file, not the begginning. Completely counterintuitive, but there you are.

Second, it turns out that if the remote SSH service offers public key authentication (as most do) and you haven't supplied a matching private key, SSH may start trying to use all the public keys lying around in your .ssh directory. I haven't been able to replicate this reliably, and it seems to be at least partly an interaction with ssh-agent, which is probably the real fail. It actually sounds like a reasonable plan, except that usually the remote SSH service will only let you try a few keys before it cuts you off, which means that you never get to password authentication if you need it.

So, now I have things cleaned up. My keys are in a subdirectory .ssh/keys and so far I'm not seeing the bug in question. My config file has the global config, including my default username, at the bottom. SSH seems to be a lot happier now. Who knew? Fob

Group/Project: 

Comments

I was trying to get a private git tree from some guys in china and I figured out the same thing about putting the global settings at the bottom after the host entries. What a bad implementation/documentation of the .ssh/config file Sad

I had to use LogLevel DEBUG3 in the config file to see what was going on.

--mark

What is SSSH anyway? Is it programming term

SSH is the "Secure Shell", a way to get an encrypted channel for a command line on a remote computer. I've put a link in the article as well. Fob