If you often connect to multiple remote systems using SSH on Linux or macOS systems, you might struggle to remember all the different usernames, non-standard ports, IP addresses, and command-line options required.
One solution might be creating a bash alias for each remote server connection. But there’s a more effective and straightforward solution available. OpenSSH lets you set up a per-user configuration file to store various SSH options for each remote machine you connect to.
This article provides an overview of the SSH client configuration file. It outlines some of the most commonly used configuration options to help you simplify the process of connecting to remote servers.
Requirements of Using SSH Config File
Before using the SSH config file you need Linux or macOS system with an OpenSSH client installed on the system.
SSH Config File Location
Wondering what is SSH config file and where its location is? The configuration file for OpenSSH client-side is config and is located in the
.ssh directory within the user’s home directory.
When the user runs the ssh command for the first time, the
~/.ssh directory is automatically created. If the directory does not exist, you can create it using the following command:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
If the SSH configuration file does not exist by default, you may need to create it using the touch command:
It is important to ensure that this file is only readable and writable by the user and not accessible by others you can do that with the following command:
chmod 600 ~/.ssh/config
SSH Config File Structure and Patterns
Here is the structure of the SSH Config File:
Host hostname1 SSH_OPTION value SSH_OPTION value Host hostname2 SSH_OPTION value Host * SSH_OPTION value
The SSH client config file is structured into sections called stanzas. Each stanza is identified by a Host directive and includes specific SSH options that are used during the establishment of a connection with a remote SSH server.
While indentation is not mandatory, it is recommended as it enhances the file’s readability.
The Host directive can hold either a single pattern or a list of whitespace-separated patterns. Each of the patterns can consist of either none or several non-whitespace characters, or one of the specified pattern specifiers.
*– Matches zero or more characters. For instance,
Host *matches all hosts, while
192.168.0.*matches hosts in the
?– Matches exactly one character. The pattern,
Host 10.10.0.?matches all hosts in
!– negates the match when used at the start of a pattern. For example,
!10.10.0.5matches any host in the
The configuration file for SSH is read by the client stanza by stanza. In the case of multiple matching patterns, the options from the first matching stanza are given priority. It is therefore recommended to place more host-specific declarations at the beginning of the file, and more general overrides at the end of the file.
To access the total list of available SSH options, you can either type
man ssh_config in your terminal or refer to the ssh_config main page.
Additionally, other programs such as scp, sftp, and rsync also read the SSH config file.
SSH Config File Example
We’ve reviewed the fundamentals of the SSH configuration file, Now let’s examine the following example.
Generally, When establishing an SSH connection to a remote server, it is customary to provide the username, hostname, and port information. For example, to access a user account named
james on the server with the hostname
dev.example.com via port
2322, you would enter the following command line instruction:
ssh [email protected] -p 2322
Add the following lines to your
~/.ssh/config file to connect to the server with the same options as given in the above command by typing
~/.ssh/config Host dev HostName dev.example.com User james Port 2322
After that whenever you type
ssh dev, the ssh client will read configuration file to use the connection details allocated for the
Shared SSH Config File Example
The example given below can make a better understanding of the detailed information about the host patterns and option precedence.
See the following example file:
Host lewis HostName 192.168.1.10 User nico Port 7654 IdentityFile ~/.ssh/lewis.key Host creed HostName 192.168.10.20 Host alex HostName 192.168.10.50 Host *ell user oberyn Host * !alex LogLevel INFO Host * User root Compression yes
• If you enter
ssh lewis into the command line, the ssh client will scan the file and utilize the options from the initial match, which is
Host lewis. It will then proceed to inspect subsequent stanzas, one at a time, for any applicable patterns The following matching stanza is
Host * !alex which refers to all hosts except for
alex and the connection option from this stanza will be implemented. Although the final definition,
Host * also matches, the ssh client will only consider the
Compression option because the
User option is already defined in the
Host lewis stanza.
When you enter the command
ssh lewis the complete set of available options is as listed below:
HostName 192.168.1.10 User nico Port 7654 IdentityFile ~/.ssh/lewis.key LogLevel INFO Compression yes
ssh creed the matching host patterns are:
Host * !alex and
Host *. The options used in this case are:
HostName 192.168.10.20 User oberyn LogLevel INFO Compression yes
The corresponding host patterns for running
ssh alex are:
Host *ell, and
Host *. The options employed in this scenario are:
HostName 192.168.10.50 User oberyn Compression yes
The ssh client will apply the options specified in the
Host * !alex and
Host * sections to all connections, except for alex.
How to Override SSH Config File Option
The precedence order in which the ssh client reads its configuration is as follows:
- Options specified from the command line.
- Options defined in the
- Options defined in the
To specify a single option for override on the command line, consider the following scenario where you have the following definition:
Host dev HostName dev.example.com User james Port 2322
Again if you want to use all available options except connecting as the user
james and instead connecting as user
root , specify the desired user on the command line:
ssh -o "User=root" dev
You can use the -F (configfile) option to indicate a different per-user configuration file.
If you want to ignore all of the options that are mentioned in the
ssh configuration file, simply use the following command:
ssh -F /dev/null [email protected]
In this tutorial you’ve learned about the process of configuring your user SSH config file. Additionally, you may consider setting up SSH key-based authentication to connect to your Linux servers without the need to input a password.
Normally, SSH is set to listen on port 22. However, changing the default SSH port can enhance your server’s security by mitigating the threat of automated attacks.
If you still have any question regarding this tutorial feel free to comment down below.