I run lots of Linux servers. I create them, install some stuff, mess around with them, forget them, come back to them…and forget my credentials. My life used to look like this:
$ ssh -i ~/steveko.pem firstname.lastname@example.org Permission denied (publickey). $ ssh -i ~/steveko.pem email@example.com Permission denied (publickey). $ ssh -i ~/stevebennett.pem firstname.lastname@example.org Permission denied (publickey). $ ssh -i ~/steveko.pem email@example.com Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-26-generic x86_64) ...
This got really tedious. You can’t memorise many IP addresses, so you’re constantly referring to emails, post-its or even SMSes. Then you rebuild your server, the IP address changes, and you’re lost again.
And because some of the servers are administered by other people, I can’t always choose my own user name, so more faffing around.
So, here’s my solution:
A naming convention for servers
Give each server a name. Ignore the actual hostname of the server, or what everyone else calls it. My convention goes like this:
- nectar-tugg-dev: A development server for the TUGG project, running on NeCTAR Research Cloud infrastructure.
- rmit-microtardis-prod: A development server for MicroTardis, running on RMIT infrastructure.
- nectar-tunnelator: A side project “tunnelator” running on NeCTAR Research Cloud infrastructure. Small projects only have one server.
The key here is minimising what you need to remember. If I’m doing some work on a project, I’ll always know the project name and whether I want to work on the prod or dev server. Indeed, it’s an advantage to have to specifically type “-prod” when working on a production machine.
Put all IP addresses in /etc/hosts.
When I create a server, or someone tells me an IP, I immediately give it a name, and store it in /etc/hosts. The file looks like this:
## # Host Database ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost 22.214.171.1249 nectar-tunnelator 126.96.36.1999 swin-bpsyc-dev ...
This has the huge advantage that you can also put those names in the browser address bar: http://nectar-tunnelator
If a server moves location, just update the entry in /etc/hosts, and forget about it again.
Put all access information in ~/.ssh/config
The SSH configuration file can radically simplify your life. You have one entry per server, like this:
Host latrobe-vesiclepedia-dev User steveb IdentityFile /Users/stevebennett/Dropbox/VeRSI/NeCTAR/nectar.pem Port 9022
Notice how we don’t need to spell out the IP address again. And by storing the access details here, we can connect like this:
$ ssh latrobe-vesiclepedia-dev
So much less to remember. And because it’s so easy to connect, suddenly tools like SCP, and SSH tunnelling become much more attractive.
$ scp myfile.txt latrobe-vesiclepedia-dev $ ssh latrobe-vesiclepedia-dev sudo cp myfile.txt /var/www
In reality, it gets even simpler. Most of my NeCTAR boxes are Ubuntu, with a login name of “ubuntu”. The “nectar-” naming convention proves valuable:
Host nectar-* IdentityFile /Users/stevebennett/Dropbox/VeRSI/NeCTAR/nectar.pem User ubuntu
That means that any NeCTAR box using that key and username doesn’t even need its own entry in .ssh/config:
$ ssh nectar-someserver