Configuration of OpenSSH client
macOS and Linux use OpenSSH as standard SSH client and SSH server. On updated Windows 10 PCs with the OpenSSH client installed, the same setup can be used. The configuration can be applied in several ways:
- Via standard configuration from vendor, common for all users. Normally configured in /etc/ssh/ssh_config and/or under /etc/ssh/ssh_config.d/*
- Via command line options to ssh, e.g., ssh -o Compression=yes
- Single user setup by editing ~/.ssh/config
An .ssh/config file can contain a general setup for all machines you want to contact. You can also make configurations specifically for single machines or groups of machines.
Configurations applicable to all machines should be put at the end of the file. SSH uses the first applicable configuration item. If you put global settings at the end, you can overrule on or more of them by setting more specific configuration items higher up in the config file.
Configuration example
Host testmachine Hostname test.one-domene.com User test Host *.home.com User homeuser ForwardX11 yes Host uioproxy User uiouser Hostname login.uio.no DynamicForward 9000 Host *.uio.no !login.uio.no ProxyJump username@login.uio.no Host * ControlMaster auto ControlPath /tmp/%r@%h:%p Compression yes ForwardX11 no
Log in to testmachine
Here you can log in to test.one-domene.com, with the user test with the following command:
[user@host ~]$ ssh testmachine
You can also run ssh test@test.one-domene.com.
Log in to home computer
Log in to any machine under *.home.com:
[user@host ~]$ ssh pc.home.com
Here you will log in to pc.home.com with the user homeuser. This is the same as running ssh -X homeuser@pc.home.com with X11 forwarding turned on.
Log in to login.uio.no
[user@host ~]$ ssh uioproxy
Here you will log on to the machine login.uio.no with the user uiouser. You will have DynamicForward turned on on local port 9000. By configuring 127.0.0.1:9000 as SOCKS proxy in your browser, all traffic from the browser will go through login.uio.no so that your browser will appear to be inside the UiO network.
Log in to officelinux.uio.no
[user@host ~]$ ssh officelinux.uio.no
Here you will login to the machine officelinux.uio.no with the user user, but the login will go through login.uio.no with the user username.
This is mainly useful for macOS or Linux laptops. Normally most people will also have the same user name on the ProxyJump machine as on their local client.
ControlMaster
Host * ControlMaster auto ControlPath /tmp/%r@%h:%p Compression yes ControlPersist 10m ForwardX11 no
This config applies to all connections, which will then be configured with ControlMaster. The first login to a machine will be the Master. In this case a socket is set up under /tmp with the name user@remote.host:port.
When you log in to a new session to the same machine or copy a file in another window you will not be asked for login credentials. Instead a new channel in the same session will be created, to spare you from lots of logins. When the first session is closed (remotely or by you) you have to log in again.
Compression yes enables compression for the whole session.
ControlPersists 10m keeps the ControlMaster session open 10 minutes after the last logout. If you accidentally close the master login session, you can log in again within 10 minutes without being asked for password and two-factor code again.
ForwardX11 is another config option that will hit every configuration item in our example except uioproxy, which is higher up and set to another value.
Setup on Windows
Make sure to find the correct folder and make sure the configuration files are stored without any suffix/file extension.
The correct place for the builtin ssh client is C:\Users\<brukernavn>\.ssh\config
Putty configuration
Many use Putty as SSH client on Windows. In Putty you can enable most of the options mentioned above, but the setup is stored in sessions. All settings are done per host.
After October 1st 2021 login to most machines on UiO with SSH will have to be done via a login or jump host. Putty does not directly support this, but you can achieve almost the same with the following setup.
1. Make a new session in Putty and give it a name
Under the SSH option, type in the command in the remote command window. Putty will after the first jump try to login to uiobruker@kontormaskin.uio.no.
2. Choose the right remote command
3. Fill in UiO username
Add the user you will log in with for the first jump, normally your uio username (here uiobruker).
4. Save the setup
Go back to Session and save the setup.
At login you will first be asked for password for first jump - your uio user on login.uio.no - and then password to the next jump which is the user on the office machine (kontormaskin).
Note: Many Putty users have asked for improvement of the ProxyJump function in Putty, so this may change in newer versions. The documentation here is based on version 0.75.
Call us
Opening hours are weekdays from 08:30 to 17:00 and Saturdays from 10:00 to 15:00.
Phone number: 22 84 00 04
Book a Zoom meeting
Students and employees can book a Zoom meeting with UiO Helpdesk. Available hours are Tuesday to Thursday between 11:00 and 13:00.
Book a video call