---

---

SSH aliases makes your life easier if :

• You are using SSH frequently. You probably don’t want to type long command lines, especially if you are using authentication keys.
• You have multiple GitHub accounts.

SSH aliases are defined within the file ~/.ssh/config. In the snippet below we define an alias:

Host hostAlias
    HostName host.example.com
    user svn
    Port 22
    IdentityFile ~/.ssh/host.example.com
    IdentitiesOnly yes

Now, the command ssh hostAlias is equivalent to the command ssh -i ~/.ssh/host.example.com -p 22 svn@host.example.com.

If you have multiple GitHub accounts, aliases are the best solution to handle SSH keys. Let’s say that you have two GitHub accounts:

• joe. This account is associated with the SSH key ~/.ssh/joe.on.github
• bill. This account is associated with the SSH key ~/.ssh/bill.on.github

The problem arises when you need to specify the URI to your repositories:

• git@github.com:joe/youRepos.git
• git@github.com:bill/youRepos.git

... same user (git), same host (github.com)!. Damn it!

There are various solutions to handle this situation. But the best solution I found is to use SSH aliases. You define one SSH alias for each user (Joe and Bill), and then you specify these aliases into the repositories' URIs. Because the GIT client uses the SSH client, the aliases will be replaced by their definitions.

Example (~/.ssh/config):

host joe.github.com
    HostName github.com
    User joe
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/github_joe
    IdentitiesOnly yes

host bill.github.com
    HostName github.com
    User bill
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/github_bill
    IdentitiesOnly yes

Now the repositories' URI become:

• git@joe.github.com:joe/youRepos.git
• git@bill.github.com:bill/youRepos.git

SSH tunnels configuration is always confusing. You wonder what "localhost" means.

• Does it identify the "local" server, you are logged in right now ?
• Does it identify the "remote" server ?

As a picture says a thousand words:

Below, the Perl script used to test the tunnel.

use strict; use Getopt::Long; use IO::Socket::INET; my $cli_port = undef; my $cli_role = undef; my $cli_remote = 'localhost'; my $cli_help = undef; GetOptions( 'port=i' => \$cli_port, 'role=s' => \$cli_role, 'remote=s' => \$cli_remote, 'help' => \$cli_help) or die("Error in command line arguments\n"); defined($cli_port) or die("Mandatory option --port is missing.\n"); defined($cli_role) or die("Mandatory option --role is missing (expected values: client|server).\n"); $cli_role =~ m/^client|server$/i or die("Invalid value for option --role.\n"); $cli_role = lc($cli_role); if ($cli_role eq 'server') { print STDOUT "Starting a server. Binding a sockect to TCP port number \"${cli_port}\" on all interfaces.\n"; server($cli_port); } else { print STDOUT "Starting a client. Connect to TCP port number \"${cli_port}\" on ${cli_remote}.\n"; client($cli_port, $cli_remote); } exit 0; # Start a server. # @param $in_port TCP port number. sub server { my ($in_port) = @_; my $socket; my $client; $socket = new IO::Socket::INET(Listen => 1, LocalAddr => 'localhost', LocalPort => $in_port, Proto => 'tcp', Reuse => 1) or die("Server: could not create the socket. $!.\n"); while(1) { print STDOUT "Waiting for a client to connect...\n"; $client = $socket->accept(); print STDOUT "A client is connected.\n"; while (1) { my $message = <$client>; print STDOUT "GOT $message"; $client->send("I am ok\n"); if ($message =~ m/^Close now/) { print STDOUT "The client closed the connexion.\n"; last; } } $client->close(); print STDOUT "\n"; } $socket->close(); } # Start a client. # @param $in_port TCP port number. sub client { my ($in_socket, $in_remote) = @_; my $socket; $socket = new IO::Socket::INET(PeerAddr => $in_remote, PeerPort => $cli_port, Proto => 'tcp') or die("Client: could not create the socket: $!.\n"); foreach (1 .. 3) { my $message = "Msg $_: How are you?\n"; my $response = undef; print STDOUT "SENDING: $message"; $socket->send($message); $response = <$socket>; print STDOUT "GOT: $response"; } $socket->send("Close now\n"); $socket->close(); }

Well, what is "localhost" ?

This question is confusing because we are adopting the wrong point of view. We adopt "our" point of view... which is a very pertinent point of view whatsoever. However, we should adopt the point of view of the "processes" (that opens the connexions). Whether we are looking at the process on the laptop or the process on the server, both processes open connexions to "localhost" (on different ports, however, in our example). Therefore "localhost" does not, physically, identify one end of the tunnel (the laptop or the server, in our example). It identifies both ends, from two distinct points of view.

I don't know about you, but I'd rather not type these long command lines. That's why I use SSH aliases for tunnels (whithin ~/.ssh/config).

Host tunnelAlias
    HostName distant_server
    User user
    Port 22
    IdentityFile ~/.ssh/distant_server
    LocalForward 2000 localhost:9000

ssh tunnelAlias is equivalent to ssh -i ~/.ssh/distant_server -L 2000:localhost:9000 user@distant_server.

Host reverseTunnelAlias
    HostName distant_server
    User user
    Port 22
    IdentityFile ~/.ssh/distant_server
    RemoteForward 9000 localhost:2000

ssh reverseTunnelAlias is equivalent to ssh -i ~/.ssh/distant_server -R 2000:localhost:9000 user@distant_server.

Good link: https://www.digitalocean.com/community/tutorials/how-to-configure-custom-connection-options-for-your-ssh-client

---

---

---

---

---