Configurations for ssh that make some things more convenient
I have recently found a couple of really neat configurations that make my life using ssh a lot easier.
I often use ssh on non-standard ports. This is advantageous because of two different reasons. It allows to run multiple virtual machines being directly accessible via one IP address. This can be important because the IPv4 address space is very limited and somehow the jump to IPv6 is very slow.
Also, running sshd on a non-standard port prevents a huge number of hack attempts. Just compare your auth logs between two machines with access to the Internet, one having sshd running on port 22, another on a different port. The difference is astounding.
The standard port can be configured in the ssh configuration files (/etc/ssh/ssh_config machine wide, ~/.ssh/config for the user profile) by the directive "Port <portnumber>". This by itself already helps if the same non-standard port is used all the time by eliminating the need for the -p command line argument (it also btw. conveniently affects scp, and even the ext option for cvs - but who uses cvs when you can have bzr :)).
However, if you use different ports for different VMs on the same IP address, there is another neat configuration possible. The configuration directive can be made per host:
In fact all kinds of declarations can be configured specifically for a particular host. Another example is the login name used, or the hostname itself can be aliased with a more convenient and shorter name.
Adding now public key authentication to the mix, the only thing that needs to be done is call "ssh test", "ssh test2", or "ssh test3" instead of "ssh -p <portnumber> <username>@<hostname>". Quite a difference in convenience!
When public key authentication is used, often ssh-agent is also used in order to save entering the passphrase every time the public key is used. However, if one jumps from one server to another, or inside the server additional public key authentication is necessary because of i.e. uploading something to the ppa, or pushing something to the central branch of the revision system, the original ssh-agent does not automatically takes care of it. However, ssh also has a solution for this: "ForwardAgent yes". If this is placed in the ssh configuration file as well, all the authentication happens automatically.