Home » Linux » How to use the SSH Config File on Linux 2024
Linux

How to use the SSH Config File on Linux 2024

April 16, 2023
0
How to use the SSH Config File

If you often connect to multiple remote systems using SSH on Linux or macOS systems, you might struggle to remember all the different usernames, non-standard ports, IP addresses, and command-line options required.

One solution might be creating a bash alias for each remote server connection. But there’s a more effective and straightforward solution available. OpenSSH lets you set up a per-user configuration file to store various SSH options for each remote machine you connect to.

This article provides an overview of the SSH client configuration file. It outlines some of the most commonly used configuration options to help you simplify the process of connecting to remote servers.

Requirements of Using SSH Config File

Before using the SSH config file you need Linux or macOS system with an OpenSSH client installed on the system.

SSH Config File Location

Wondering what is SSH config file and where its location is? The configuration file for OpenSSH client-side is config and is located in the .ssh directory within the user’s home directory.

When the user runs the ssh command for the first time, the ~/.ssh directory is automatically created. If the directory does not exist, you can create it using the following command:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

If the SSH configuration file does not exist by default, you may need to create it using the touch command:

touch ~/.ssh/config

It is important to ensure that this file is only readable and writable by the user and not accessible by others you can do that with the following command:

chmod 600 ~/.ssh/config

SSH Config File Structure and Patterns

Here is the structure of the SSH Config File:

Host hostname1
    SSH_OPTION value
    SSH_OPTION value

Host hostname2
    SSH_OPTION value

Host *
    SSH_OPTION value

The SSH client config file is structured into sections called stanzas. Each stanza is identified by a Host directive and includes specific SSH options that are used during the establishment of a connection with a remote SSH server.

While indentation is not mandatory, it is recommended as it enhances the file’s readability.

The Host directive can hold either a single pattern or a list of whitespace-separated patterns. Each of the patterns can consist of either none or several non-whitespace characters, or one of the specified pattern specifiers.

  • * – Matches zero or more characters. For instance, Host * matches all hosts, while 192.168.0.* matches hosts in the 192.168.0.0/24 subnet.
  • ? – Matches exactly one character. The pattern, Host 10.10.0.? matches all hosts in 10.10.0.[0-9] range.
  • ! – negates the match when used at the start of a pattern. For example, Host 10.10.0.* !10.10.0.5 matches any host in the 10.10.0.0/24 subnet except 10.10.0.5.

The configuration file for SSH is read by the client stanza by stanza. In the case of multiple matching patterns, the options from the first matching stanza are given priority. It is therefore recommended to place more host-specific declarations at the beginning of the file, and more general overrides at the end of the file.

To access the total list of available SSH options, you can either type man ssh_config in your terminal or refer to the ssh_config main page.

Additionally, other programs such as scp, sftp, and rsync also read the SSH config file.

SSH Config File Example

We’ve reviewed the fundamentals of the SSH configuration file, Now let’s examine the following example.

Generally, When establishing an SSH connection to a remote server, it is customary to provide the username, hostname, and port information. For example, to access a user account named james on the server with the hostname dev.example.com via port 2322, you would enter the following command line instruction:

ssh [email protected] -p 2322

Add the following lines to your ~/.ssh/config file to connect to the server with the same options as given in the above command by typing ssh dev:

~/.ssh/config

Host dev
    HostName dev.example.com
    User james
    Port 2322

After that whenever you type ssh dev, the ssh client will read configuration file to use the connection details allocated for the dev host: 

ssh dev

Shared SSH Config File Example

The example given below can make a better understanding of the detailed information about the host patterns and option precedence.

See the following example file:

Host lewis
    HostName 192.168.1.10
    User nico
    Port 7654
    IdentityFile ~/.ssh/lewis.key

Host creed
    HostName 192.168.10.20

Host alex
    HostName 192.168.10.50

Host *ell
    user oberyn

Host * !alex
    LogLevel INFO

Host *
    User root
    Compression yes

If you enter ssh lewis into the command line, the ssh client will scan the file and utilize the options from the initial match, which is Host lewis. It will then proceed to inspect subsequent stanzas, one at a time, for any applicable patterns The following matching stanza is Host * !alex which refers to all hosts except for alex and the connection option from this stanza will be implemented. Although the final definition, Host * also matches, the ssh client will only consider the Compression option because the User option is already defined in the Host lewis stanza.

When you enter the command ssh lewis the complete set of available options is as listed below:

HostName 192.168.1.10
User nico
Port 7654
IdentityFile ~/.ssh/lewis.key
LogLevel INFO
Compression yes

When running ssh creed the matching host patterns are: Host creed, Host *ell, Host * !alex and Host *. The options used in this case are:

HostName 192.168.10.20
User oberyn
LogLevel INFO
Compression yes

The corresponding host patterns for running ssh alex are: Host alex, Host *ell, and Host *. The options employed in this scenario are:

HostName 192.168.10.50
User oberyn
Compression yes

The ssh client will apply the options specified in the Host * !alex and Host * sections to all connections, except for alex.

How to Override SSH Config File Option

The precedence order in which the ssh client reads its configuration is as follows:

  1. Options specified from the command line.
  2. Options defined in the ~/.ssh/config.
  3. Options defined in the /etc/ssh/ssh_config.

To specify a single option for override on the command line, consider the following scenario where you have the following definition:

Host dev
    HostName dev.example.com
    User james
    Port 2322

Again if you want to use all available options except connecting as the user james and instead connecting as user root , specify the desired user on the command line:

ssh -o "User=root" dev

You can use the -F (configfile) option to indicate a different per-user configuration file.

If you want to ignore all of the options that are mentioned in the ssh configuration file, simply use the following command:

ssh -F /dev/null [email protected]

Conclusion

In this tutorial you’ve learned about the process of configuring your user SSH config file. Additionally, you may consider setting up SSH key-based authentication to connect to your Linux servers without the need to input a password.

Normally, SSH is set to listen on port 22. However, changing the default SSH port can enhance your server’s security by mitigating the threat of automated attacks.

If you still have any question regarding this tutorial feel free to comment down below.

James

James

Hi, this is James, a tech specialist and a core member of the TrioTeam. I like to research and write content about various interesting things especially tech-related stuff, and also have an interest in philosophical discussion. I have been writing solutions for technical problems, how-to tutorials, technology reviews, tools and websites, and so on for TrioGuide.

Related Articles
We will be happy to hear your thoughts

Leave a reply

TrioGuide – Your trusted source of the content encyclopedia. We aim to provide Tech Tutorials, Articles, and Guidelines on what we need in daily life.

TrioGuide
Logo