![How to use the SSH Config File on Linux [year] 2 How to use the SSH Config File](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwj1wMA_JOeR8unIbSyCCnNiAUjmXuPd6k3axxAgn84cYYN2gVeg-CpZhyloAqD0x0qPpLtSDEtNw1r7YovNu_VtONvIgyNPI4dgKcsqVhrdaV8H_NtNjE-x24w17nv11LAeZg01njrtjtdH3ihPy02osmtt21q5VqMCJuMh9V-lPNgi1s4xj90jeJ/s1200/how-to-use-the-ssh-config-file.jpg)
If you often connect to multiple remote systems using SSH on Linux or macOS systems, you might struggle to remember all the different usernames, non-standard ports, IP addresses, and command-line options required.
One solution might be creating a bash alias for each remote server connection. But there’s a more effective and straightforward solution available. OpenSSH lets you set up a per-user configuration file to store various SSH options for each remote machine you connect to.
This article provides an overview of the SSH client configuration file. It outlines some of the most commonly used configuration options to help you simplify the process of connecting to remote servers.
Requirements of Using SSH Config File
Before using the SSH config file you need Linux or macOS system with an OpenSSH client installed on the system.
SSH Config File Location
Wondering what is SSH config file and where its location is? The configuration file for OpenSSH client-side is config and is located in the .ssh
directory within the user’s home directory.
When the user runs the ssh command for the first time, the ~/.ssh
directory is automatically created. If the directory does not exist, you can create it using the following command:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
If the SSH configuration file does not exist by default, you may need to create it using the touch command:
touch ~/.ssh/config
It is important to ensure that this file is only readable and writable by the user and not accessible by others you can do that with the following command:
chmod 600 ~/.ssh/config
SSH Config File Structure and Patterns
Here is the structure of the SSH Config File:
Host hostname1
SSH_OPTION value
SSH_OPTION value
Host hostname2
SSH_OPTION value
Host *
SSH_OPTION value
The SSH client config file is structured into sections called stanzas. Each stanza is identified by a Host directive and includes specific SSH options that are used during the establishment of a connection with a remote SSH server.
While indentation is not mandatory, it is recommended as it enhances the file’s readability.
The Host directive can hold either a single pattern or a list of whitespace-separated patterns. Each of the patterns can consist of either none or several non-whitespace characters, or one of the specified pattern specifiers.
*
– Matches zero or more characters. For instance,Host *
matches all hosts, while192.168.0.*
matches hosts in the192.168.0.0/24
subnet.?
– Matches exactly one character. The pattern,Host 10.10.0.?
matches all hosts in10.10.0.[0-9]
range.!
– negates the match when used at the start of a pattern. For example,Host 10.10.0.*
!10.10.0.5
matches any host in the10.10.0.0/24
subnet except10.10.0.5
.
The configuration file for SSH is read by the client stanza by stanza. In the case of multiple matching patterns, the options from the first matching stanza are given priority. It is therefore recommended to place more host-specific declarations at the beginning of the file, and more general overrides at the end of the file.
To access the total list of available SSH options, you can either type man ssh_config
in your terminal or refer to the ssh_config main page.
Additionally, other programs such as scp, sftp, and rsync also read the SSH config file.
SSH Config File Example
We’ve reviewed the fundamentals of the SSH configuration file, Now let’s examine the following example.
Generally, When establishing an SSH connection to a remote server, it is customary to provide the username, hostname, and port information. For example, to access a user account named james
on the server with the hostname dev.example.com
via port 2322
, you would enter the following command line instruction:
ssh [email protected] -p 2322
Add the following lines to your ~/.ssh/config
file to connect to the server with the same options as given in the above command by typing ssh dev
:
~/.ssh/config
Host dev
HostName dev.example.com
User james
Port 2322
After that whenever you type ssh dev
, the ssh client will read configuration file to use the connection details allocated for the dev
host:
ssh dev
Shared SSH Config File Example
The example given below can make a better understanding of the detailed information about the host patterns and option precedence.
See the following example file:
Host lewis
HostName 192.168.1.10
User nico
Port 7654
IdentityFile ~/.ssh/lewis.key
Host creed
HostName 192.168.10.20
Host alex
HostName 192.168.10.50
Host *ell
user oberyn
Host * !alex
LogLevel INFO
Host *
User root
Compression yes
• If you enter ssh lewis
into the command line, the ssh client will scan the file and utilize the options from the initial match, which is Host lewis
. It will then proceed to inspect subsequent stanzas, one at a time, for any applicable patterns The following matching stanza is Host * !alex
which refers to all hosts except for alex
and the connection option from this stanza will be implemented. Although the final definition, Host *
also matches, the ssh client will only consider the Compression
option because the User
option is already defined in the Host lewis
stanza.
When you enter the command ssh lewis
the complete set of available options is as listed below:
HostName 192.168.1.10
User nico
Port 7654
IdentityFile ~/.ssh/lewis.key
LogLevel INFO
Compression yes
When running ssh creed
the matching host patterns are: Host creed
, Host *ell
, Host * !alex
and Host *
. The options used in this case are:
HostName 192.168.10.20
User oberyn
LogLevel INFO
Compression yes
The corresponding host patterns for running ssh alex
are: Host alex
, Host *ell
, and Host *
. The options employed in this scenario are:
HostName 192.168.10.50
User oberyn
Compression yes
The ssh client will apply the options specified in the Host * !alex
and Host *
sections to all connections, except for alex.
How to Override SSH Config File Option
The precedence order in which the ssh client reads its configuration is as follows:
- Options specified from the command line.
- Options defined in the
~/.ssh/config
. - Options defined in the
/etc/ssh/ssh_config
.
To specify a single option for override on the command line, consider the following scenario where you have the following definition:
Host dev
HostName dev.example.com
User james
Port 2322
Again if you want to use all available options except connecting as the user james
and instead connecting as user root
, specify the desired user on the command line:
ssh -o "User=root" dev
You can use the -F (configfile) option to indicate a different per-user configuration file.
If you want to ignore all of the options that are mentioned in the ssh configuration file
, simply use the following command:
ssh -F /dev/null [email protected]
Conclusion
In this tutorial you’ve learned about the process of configuring your user SSH config file. Additionally, you may consider setting up SSH key-based authentication to connect to your Linux servers without the need to input a password.
Normally, SSH is set to listen on port 22. However, changing the default SSH port can enhance your server’s security by mitigating the threat of automated attacks.
If you still have any question regarding this tutorial feel free to comment down below.