Configuring SSH
In order to simplify SSH access to remote hosts
while keeping access securewe recommend INCD users to adopt the following recommendations.Enabling SSH agents and X11 forwarding
enable the forwarding of both SSH
credentials.authentication credentials and X11 graphical windows. Thisenableswilljumpingfacilitate your SSH access by enabling:- Logging in across hosts without having to enter passwords or other
credentials.credentials; - X11 applications to forward their GUI back to your workstation display using the SSH connection.
Notice that these two features are unrelated The following SSH configurations should be entered in the local workstation (PC or laptop desktop) from which the remote INCD hosts are to be accessed.
- Logging in across hosts without having to enter passwords or other
Enabling SSH agents and forwarding
-
Edit the local SSH config file, either the system configuration file or the user specific configuration file in your home directory.
$sudo vi /etc/ssh/ssh_config
or
$sudo vi $HOME/.ssh/config
-
Add the following options:
Host * ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes
-
Disclaimer: In some operating systems the location of the SSH configuration file may change please check your OS for details.
-
Optionally the same forwarding can be performed from the command line by using:
ssh -A -X -Y remote-
hosthostname -
More information about SSH and port forwarding can be found in:
- The INCD wiki page on SSH port forwarding available here
- The SSH Forwarding guide