 Tommy here from Lawrence Systems and I want to talk about managing the SSH config file. It is a great convenience to set this up, configure it so you can easily log into servers, give them names, give them aliases, essentially that you can just SSH right into them, maybe even tie in some forwards, maybe tie in a dynamic forward that ties the proxy chains and maybe even just push a command through there, specify different user names, identity files. This is a great shortcut to managing servers through SSH, so I want to dive into this. The only prerequisites are that you have a Linux-based distribution with bash completion installed. If you're running something that's based on Ubuntu, as far as I know, that is completely installed by default and that you have an understanding of how SSH keys work because I have SSH keys installed already on the servers we'll be logging into that allows me to automatically log in. I have a video on generating and installing those, but it will work with password authentication as well. I also will be linking to my proxy chains video because I'll be using proxy chains in this and showing you how that works and a couple other things as we kind of talk through this, including T-Mux we'll be using it to split the screen. Before we jump all into that, let's first. If you'd like to learn more about me and my company, head over to larnesystems.com. If you'd like to hire a short project, there's a hires button right at the top. If you'd like to help keep this channel sponsor-free and thank you to everyone who already has, there is a join button here for YouTube and a Patreon page. Your support is greatly appreciated. If you're looking for deals or discounts on products and services we offer on this channel, check out the affiliate links down below. They're in the description of all of our videos, including a link to our shirt store. We have a wide variety of shirts that we sell and new designs come out, well, randomly, so check back frequently. And finally, our forums, forums.larnesystems.com is where you can have a more in-depth discussion about this video and other tech topics you've seen on this channel. Now, back to our content. Okay, we're going to start right here at the command prompt. And I can SSH into jump at 192.1683.195. This is part of the jump box demo I have for my other SSH videos I recently posted. And that does allow me to log in as that. I also have permission to log in as root. Oops, rot. Let's spell root right. This is part of the reason auto completion is so important. All right, we can log in as root as well. And someone will be happy that I'll press control L to clear the screen versus typing clear. Both of these clear the screen. Anyways, so let's edit the SSH config file dot SSH config and look at alternative ways to log in and auto complete so Tom doesn't type O root. So we go here and I've included some emojis because why not? You can and it looks fun. So here's the jump box testing emoji right here. We're down at the bottom of this file. You can kind of see how you create all the different host entries in here up at the top. I have all kinds of host entries for all the different servers we have. And down at the bottom is where I'm sitting at my demos and tests so I can easily log into things. So host jump box test testing emojis and reboot jump box. Let's first look at this one right here. So it's host name 192.1683.195. User jump port 22. I want to run Tmux as soon as I log in because you know that's nice. Request TTY is what's going to allow me to run Tmux and request a screen on there. So let's go ahead and exit and watch how that works. SSH jump box test. And if you notice how it doubled up because I was already running Tmux. It's not running Tmux inside of Tmux on this system here. Exit and it exited. So let's go back into the config file. What if we didn't run Tmux? We'll just comment these out. Just the basics. We're going to say user jump port 22. Now this is also ways you can specify from the command line what port SSH defaults to 22. But you do have to implicitly list it when you're using the config file. So we'll go here host name user jump port 22. Write this out. Now we logged in without kicking off Tmux when we logged in. It's just a normal command prompt. So pretty simple there. What if we wanted to log in as root? Well, that's pretty easy too. Just go here. And away we go. We can now log in and we've now logged in as root instead. So instead of logging in as jump use, we logged in as root. So it's really easy to edit the config file. A couple of our conveniences of the config file. First, besides the autocomplete is the fact that you can actually just push a command. Maybe you want to create and this is obviously a dangerous one to just throw in there's reboot. But maybe you have something you want to kick off and you want it to autocomplete and you want it to easily just reboot it with one command without having to go in and deal with this any further. So user root, because that's who has permission to reboot. Port 22 remote command is just going to be reboot. Simple enough. So ESSH to reboot to jump box test. Now I'm going to pull up over here. There's the system right here that we're actually logging into. You can see the network. There's the IP address. So we'll kick off the command. We'll make the screen a little smaller so you can see what it's doing. And right away it reboots this. It'll reboot relatively fast. So you can also use this to push commands. Now if you notice at the bottom it says local IP, VPN IP, but if I were to look at what my public IP is, you'd get my office IP address right now. How can we fix that? Well, that's another interesting feature that you can do in here and I've talked about proxy change and I mentioned at the beginning of the video. What about doing this with a proxy where you want to have a dynamic forward? Now you can set up local forwards, remote forwards, and other SSH forwarding. I'll leave a link to the full details on the config parameters that are offered in the SSH config. But let's look at something like this. This is my home jail demo. The host name, that's the IP address of where the jail is. I want to log in as root, port 22. And this goes back to my related proxy change video, dynamic forward, port 9050. And I want to specifically say use this identity file, which is another option. If you have multiple identity files or multiple locations for them, instead of just pulling from the defaults, you can specify. Technically, this would be the default one anyways, because this is what I have in my identity file. But this is one of those things you can override and maybe have more than one identity file and this is how you can manage them on a per host basis. And this dynamic forward, so we don't have to add that, is going to allow me to quickly pivot into that network. So let's go here and quit. And we'll SSH into the home demo. And great. Now I'm logged in at this particular system. And we're just going to split the screen right here again with Tmux. This is where I bring up proxy chains a lot. I got to tell you, I use proxy chains quite a bit to quickly use Linux and pivot into another network to do different things. But for here, we're just going to go Firefox. And then our pivot point and purpose is just so we can go here. And that is my home public IP address, 6914103125. And it changes from time to time, because I don't have a static at home. And anytime I swap firewalls, which is I do a lot of my testing, it changes. Now, this also has pivoted me into, and I've brought this up before, so we can find local resources on that particular network. But of course, I'm VPNed in, so I have access to them anyways. But this is another way you can get into a client's network or with SSH. Now, I can even do this because I want to see something from, let's say, my forums. I can even SSH into my forums, which of course I've got shortcutted in here. And then I can add that dynamic forward and away we go. This can be very helpful, though, when you want to set servers up, and especially you type the same commands a lot. You want to restart things a lot. Let's go back into the config file. And it's really that simple to manage. You can go here, like this remote command reboot, or we have the remote command on this one if we want to spawn T-Mux each time. These are all ways you can help easily automate the system so you can get in there, get something done. Maybe you have some type of script you want it to kick off. Then you go, you know, I don't actually want to SSH and then run the script. I just need this thing to happen. Maybe it's a series of things and you can kick them off. This is an important part when you're doing DevOps is what levels of automation you can get to and the more automation you get to, the more that frees your time up to do more creative things or spend time troubleshooting something and as opposed to typing out long commands where you type a root like I did at the beginning. Now, the final little thing I'm going to mention is something kind of interesting I found. Now, I do this all for the command line. I'm not using a menu-driven system, but I had kind of teased on it on a couple posts I did on Twitter. We're going to go here and quit and look at the command line version of this that has a menu that someone wrote over in Bash. It's actually really slick. And it's this particular tool by this developer, which I'll leave a link below as well, called SSH2. And I told them, as I did talk to the developer, that I would give them a shout-out on a game they had as well, which is actually kind of slick. They've been writing a game in Bash. And so I will reference this if you want to play the little game they wrote in Bash. It's kind of neat, but we're going to focus on the reason I found them and this SSH2 and how this works. So what this allows you to do, and for people who spend, well, less time in the command line than I do, but you want to give them an easy way to navigate a series of config files in there, that's what SSH2 does. So let's take a look at it. Now, contents. I can say all servers, lab servers, LTS servers. And we're just going to focus on the lab servers that we have here. And I can log in the Security Onion Jump Server demo, ZenLab JumpBox. Now, how'd this work? Or how do I even run a command on this? You know, run a command, like for example, against the JumpBox here. Show free memory. This will actually basically script things, and it's actually stuck for some reason. It actually turns out the IP address change when we issue that reboot command, so we'll change the IP address here. My lab servers don't always get static IPs, so let me change it here. Now, the reason also for changing in here is, as you notice with this SSH tool, this SSH2, it pulls from the SSH config, so you don't have to maintain anything particularly separate. We just go in here, and now we can run the command this time, and now that we have the right IP address, show free memory. Well, fingerprint changed. We'll say yes, and it dumped the free memory and gave us back controls. We'll run that one more time. We'll actually list files. Run. There's list files. Brings you back to the command. I thought this was kind of slick. Like I said, I do most of the stuff from the command line and add the commands as needed, but being able to just go in here and push something, or even add SSH keys, copy, alias, upload, they have a couple different change local port, remote port, a couple of different built-in features, or just the ability to go through the lab right here and have these set up, so someone who's less tax savvy can kick this off and maybe even just run a command, and you can dig further into this and rewrite all the commands that are in here. So if you have something common you want to run on different servers, you can build the SSH config file, use this, and I just thought it was kind of a slick tool for doing this, and I like tools that at least get people started in an easier way to admin things, and menu driven is really nice. Like I said, I prefer to command line myself, but hey, it's still pretty slick. Now one other thing I'll mention in here, you notice how it says lab servers, and when we go to contents we have the option for LTS or lab servers. Let's go and exit, and this is in their documentation as well, exactly how to create these. So let's go to the config and we scroll up a little bit and we will see where it says lab servers. So it says host dummy lab servers. So we'll go ahead, I'm just going to copy that real quick, and we'll put it towards the bottom, insert, host dummy, and we'll call these, only have one, but we'll still call it Tom server. Right, kick off the SSH2 again, contents, Tom server. There's the one server we have under Tom server, and it says home lab demo, contents, lab server, here's these, or I can go to contents all and it just dumps them all on the screen here. I do like this, especially as you get a large config file and you don't maybe remember what was in it. It is also kind of nice for that. So I'll admit to that's why it is loaded on here, not just because I like the command line and I'm saying I don't use it, but sometimes I guess I do use it when I go, oh yeah, I haven't logged that server in a while. Is it in my config file? And you know, what's an easy way to manage that? One more comment on that. So if we go and edit this config file, and we wanted to add another name on here to say things like testing emojis. So we have here, and this is not necessary, and these, for example, the host dummy, it's ignored by standard command line SSH. It's only used by this SSH2 bash setup to look for things, including how we have host, jump box, the pound, and then a comment afterward. So let's go ahead and look at the Tom's home server that's down here at the bottom, home jail demo, insert, pound, Tom's jail at home. Contents Tom's server, and it allows you to change the comments on the end. This can be, like I said, pretty handy when you do have a lot of servers to look at, and it's still the same thing. The commands are right here to run against whatever ones are in there, and set up the port tunneling, and you can change this to whatever tunneling you may want to use commonly for once again, pivoting in and out of networks, and SSH tunneling. I don't know if you would do a specific video on it, but look it up. It's pretty amazing. It's more ways you can take and tunnel SSH to bring different ports and move them over to different areas. Really slick, really handy for doing this and making your admin life a lot easier so you type both things a lot less and, you know, can get things done faster, which is always the goal. Now we're going to jump out of this and some final thoughts. How do you manage that config file? Well, let's talk about that. If you notice, the config file is a symbolic link. What is a symbolic link to? LTS, bash scripts, Tom says to stage config. This is actually a private file that I use syncing for. And the reason I do it like this is because each one of my systems, my laptop, my desktop, and any other systems I need to have that in sync for, anytime I add something or I start my demos or add a new server to any location, such as my desktop or my laptop, I have it sync via syncing, private repository lockdown, and automatically sync that config file between all those systems. Those are some of the ways you can do it. So you are, you know, constantly keeping these in sync. Because as you add a server here, I don't want to have another server over here with a different name, or maybe I forgot, maybe I used a slightly different, you know, variable when I set that up. It's easier to have them all the same. And that's the simple way to kind of manage it between all the systems that I have. Please note I do not have, because this would be a little bit scarier, syncing my SSH keys between the two systems. I just manually, because they don't change very often, I manually put those on there and also exclude them from any backups. That way, your SSH keys, I talked about generating them. I said secure them. I said keep them on an encrypted drive. All those things are very, very valid. Also, I don't have them syncing. So if I update my SSH keys, that to me is still a very manual process because it should be. It's slightly inconvenient, but it also should be. You don't want these getting loose and out there because then people could start logging into your servers. And I do recommend keeping servers behind VPNs and locking them down as best as possible, et cetera. Do all the best security practices. So hopefully this enlightened you on how my auto-complete, how the SSH config works. I'll leave links to the other videos I mentioned and alluded to that are kind of related to this and some of the other command line tools that I've talked about before. Thanks. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos, or other tech topics in general, even suggestions for new videos. They're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you and once again, thanks for watching and see you next time.