Sunday, January 6, 2013

SSH authentication order

I recently created a script the purpose of which is to copy statistics charts from one server to another. I had created ssh private/public key trust so that the script would be able to run automatically. However the connection to the remote server was in my opinion taking much too long. This was due to ssh running through all of the possible connection protocols in the default order. I figured there must be a way to change the order. After reading the man page for ssh_config I discovered that the default order is hostbased, publickey, keyboard-interactive, password.  I also discovered that the order can be changed by changing the default order. SSH obtains configuration settings in the following order,
  1. command-line arguments
  2. user's configuration file ~/.ssh/config
  3. /etc/ssh/ssh_config
  Additionally ssh allows configuration for specific hosts, Thus I setup the following ~/.ssh/config file.

Host chartserver
HostName 12.34.56.78
PreferredAuthentications=publickey,hostbased,keyboard-interactive,password

Host setting can be an alias
Hostname can be DNS or IP address
PreferredAuthentications, change the default order to the order you prefer, in my case I wanted to use publickey as the first method as that would be the method I would be using.  Now whenever I connect to the server the publickey authentication method will be the first that SSH attempts.