SSH config

The SSH configuration file resides in the .ssh directory in your home directory (at least when using Linux or macOS). It is simply called config. It is not created by default, so you would have to create the initial version.

Warning

Make sure only the owner has read and write permissions, neither group nor world should be able to read the file, i.e.,

$ chmod 700 .ssh/config

Simple usage

To simplify login in to a host, e.g., login.hpc.kuleuven.be as user vsc50005, you can add the following:

Host *
    ServerAliveInterval 60

Host hpc
    HostName login.hpc.kuleuven.be
    User vsc50005
    ForwardAgent yes
    ForwardX11 yes

Here, you should replace login.hpc.kuleuven.be by the hostname of the remote host you want to login to, and vsc50005 by your user name on that system. You can have as many host definitions as you want in the configuration file.

The first entry, i.e., Host * ensures that for any host you connect to, the server keep-alive interval is set to 60 seconds.

The second entry, i.e., Host hpc specifies that every SSH connection to login.hpc.kuleuven.be established using the hpc alias has agent and X forwarding enabled, so you don’t need to specify the -A and -X flags respectively.

Now you can simply log in to login.hpc.kuleuven.be using the hpc alias:

$ ssh hpc

How to use a key that is not the default?

If your SSH private key is not in the default directory (~/.ssh/), or doesn’t have the default name (id_rsa) you can specify the key to use on the command line using the -i option, or, more conveniently, by specifying its location in the ~/.ssh/config file.

Suppose that your private key is ~/Keys/priv_key_vsc, then you can use it to connect by specifying the IdentityFile attribute, i.e.,

Host hpc
    HostName login.hpc.kuleuven.be
    User vsc50005
    ForwardAgent yes
    ForwardX11 yes
    IdentityFile ~/Keys/priv_key_vsc

Note

Specifying identity files allows you to have distinct keys for different hosts, e.g., you can use one key pair to connect to VSC infrastructure, and a different one for your departmental server.

How to use a proxy host?

To use a host as a proxy, but log in through it on another node, the following entry can be added:

Host leibniz
    Hostname login.leibniz.antwerpen.vsc
    User vsc50005
    ProxyJump hpc
    ForwardAgent yes
    ForwardX11 yes

In this example, login.leibniz.antwerpen.vsc is the host you actually want to log in to, and login.hpc.kuleuven.be is the host you are using as a proxy jump host, i.e., you will log in to that one, but it will log you through to the leibniz login node.

Note

The alias hpc previously defined for login.hpc.kuleuven.be can be used to specify the proxy jump host.

How to set up a tunnel?

If you require a tunnel to a remote host on a regular basis, you can define a connection in the SSH configuration file, e.g.,

Host hpc_tunnel
    HostName login.hpc.kuleuven.be
    User vsc50005
    ForwardAgent yes
    ForwardX11 yes
    LocalForward 50005 login.hpc.kuleuven.be 50005

This ensures that a process on the login node that uses port 50005 can be accessed from your computer on that same port number.

Note

When choosing a port on a remote VSC system, it is good practice to use your VSC-number, since that would be unique. In the example above, the port number would be 50005 for VSC user vsc50005.

The tunnel can now be established as follows:

$ ssh -N hpc_tunnel

How to create a modular configuration file?

If you access many hosts, your .ssh/config file can grow very long. In that case, it might be convenient to group hosts into distinct files, and include those into your main .ssh/config file, e.g.,

Include ~/.ssh/config_vsc