Configuring SSH

In order to simplify SSH access to remote hosts we recommend INCD users to adopt the following recommendatios and configuration defaults.

Enabling SSH agents and X11 forwarding

Activate the forwarding of both SSH authentication credentials and X11 graphical windows. This will facilitate your SSH access by enabling:

• Logging in across hosts without having to enter passwords or other credentials (ForwardAgent);
• X11 applications to forward their GUI back to your workstation display using the SSH connection (ForwardX11 and ForwardX11Trusted).

Notice that these are two independent features unrelated to each other, you can activate one or both. If you do not require the forwarding of graphical X11 windows you can skip it. Similarly if you do not plan to access other hosts behind the login host or if you do not trust the remote host you should skip the forwarding of SSH credentials (ForwardAgent).

To activate both options the following configuration steps should be performed in the local workstation (PC or laptop desktop) from which the remote INCD hosts will be accessed.

• Edit the local SSH config file, either the system configuration file or the user specific configuration file in your home directory.

  $sudo vi /etc/ssh/ssh_config
  

  or

  $sudo vi $HOME/.ssh/config
  

• Add the following options:

  Host *
     ForwardAgent yes
     ForwardX11 yes
     ForwardX11Trusted yes
  

• Disclaimer: In some operating systems the location of the SSH configuration file may change please check your OS for details.

Alternatively the same SSH forwarding options can be activated from the command line for each connection by invoking SSH with the corresponding flags -A -X and -Y:

  ssh -A -X -Y  remote-hostname

More information about SSH and port forwarding can be found in:

• The INCD wiki page on SSH port forwarding available here
• The SSH Forwarding guide