Configuring SSH

• In order to simplify SSH access to remote hosts while keeping access secure we recommend INCD users to adopt the following recommendations.

  Enabling SSH agents and X11 forwarding

  enable the forwarding of both SSH credentials.authentication credentials and X11 graphical windows. This enableswill jumpingfacilitate your SSH access by enabling:

  • Logging in across hosts without having to enter passwords or other credentials.credentials;
  • X11 applications to forward their GUI back to your workstation display using the SSH connection.

  Notice that these two features are unrelated The following SSH configurations should be entered in the local workstation (PC or laptop desktop) from which the remote INCD hosts are to be accessed.

Enabling SSH agents and forwarding

• Edit the local SSH config file, either the system configuration file or the user specific configuration file in your home directory.

  $sudo vi /etc/ssh/ssh_config
  

  or

  $sudo vi $HOME/.ssh/config
  

• Add the following options:

  Host *
     ForwardAgent yes
     ForwardX11 yes
     ForwardX11Trusted yes
  

• Disclaimer: In some operating systems the location of the SSH configuration file may change please check your OS for details.

• Optionally the same forwarding can be performed from the command line by using:

  ssh -A -X -Y  remote-hosthostname
  

• More information about SSH and port forwarding can be found in:

  • The INCD wiki page on SSH port forwarding available here
  • The SSH Forwarding guide