Sample configuration files in OpenSSH

We will now create and configure a configuration file for OpenSSH. Global or local config file for SSH client can create shortcuts for sshd server including advanced ssh client options. You can configure your OpenSSH SSH client with various files as follows to save time and type in commonly used ssh client command line options like port, username, hostname, id file, and more.

Let’s use some common examples of OpenSSH configuration files.

Client configuration in OpenSSH config file for the whole system

  1. / etc / ssh / ssh_config: This file sets the default configuration for all OpenSSH client users on this desktop / laptop and should be readable by all users on the system.

OpenSSH client configuration for a specific user

  1. ~ / .ssh / config or $ HOME / .ssh / config: This is a custom user config file that overrides the settings in the global client config file / etc / ssh / ssh_config.

Configuration files ~ / .ssh /

To create an ssh configuration file, there are the following rules:

  • You need to edit ~ / .ssh / config in a text editor like vi.
  • One config parameter per line is allowed in the config file with the parameter name followed by its value or values. Syntax:
    config value
    config1 value1 value2
  • You can use the equal sign ( instead of a space between the parameter name and the values.
    config1=value1 value2
  • All blank lines are ignored.
  • All lines starting with a hash (#) are ignored.
  • All values ​​are case sensitive, but parameter names are missing.

Tip: If this is new Linux, Apple OS X / Unix, or if you have never used ssh before creating the ~ / .ssh / directory, use the following syntax:

mkdir -p $ HOME / .ssh

chmod 0700 $ HOME / .ssh

Examples of

For demo purpose, our setup looks like this:

  1. Local Desktop Client – Apple OS X or Ubuntu (Linux).
  2. Remote Unix Server – The OpenBSD server running the latest OpenSSH server.
  3. Remote OpenSSH server ip / host: (
  4. OpenSSH server remote user: andreyex
  5. OpenSSH remote port: 4242
  6. Local ssh private key file: / nfs / shared / users / grayex / keys / server1 / id_rsa

Based on the information above, my ssh command looks like this:$ ssh -i /nfs/shared/users/andreyex/keys/server1/id_rsa -p 4242 [email protected]

or$ ssh -i /nfs/shared/users/andreyex/keys/server1/id_rsa -p 4242 -l andreyex

You can avoid entering all the parameters of the ssh command while logging into a remote machine and / or executing commands on the remote machine. All you have to do is create an ssh config file. Open the Terminal app and create your config file by entering the following command:

## edit file in $HOME dir
vi ~/.ssh/config


## edit file in $HOME dir
vi $HOME/.ssh/config

Add / apply the following config option for the shortcut on server1 as per our sample setup:

Host server1
     User andreyex
     Port 4242

Save and close the file. To open a new SSH session on, enter the following command:

$ ssh server1

Adding another host

Add the following to your ~ / .ssh / config file:

Host nas01
     User root
     IdentityFile ~/.ssh/nas01.key

You can just type:

$ ssh nas01

Put it all together

Here is my example ~ / .ssh / config file that explains and builds, designs and evaluates the various remote access needs with the ssh client:

### по умолчанию для всех ##
Host *
     ForwardAgent no
     ForwardX11 no
     ForwardX11Trusted yes
     User andreyex
     Port 22
     Protocol 2
     ServerAliveInterval 60
     ServerAliveCountMax 30
## переопределение согласно хосту ##
Host server1
     User andreyex
     Port 4242
## Домашний сервер nas ##
Host nas01
     User root
     IdentityFile ~/.ssh/nas01.key
## Вход в Aws Cloud ##
Host aws.apache
     User wwwdata
     IdentityFile ~/.ssh/aws.apache.key
## Вход на внутренний сервер локальной сети в через наш публичный офис Великобритании ssh на основе шлюза с помощью ##
## $ ssh ##
Host uk.lan
     User andreyex
     ProxyCommand  ssh [email protected] nc %h %p 2>/dev/null
## Наш Прокси-Сервер ##
## Вперед всех локальный порт 3128 трафик на порт 3128 на удаленном сервере  ## 
## $ ssh -f -N  proxyus ##
Host proxyus
    User breakfree
    IdentityFile ~/.ssh/
    LocalForward 3128

Understanding write configuration ~ / .ssh /

  • Host: Determines which host or node the configuration section is used for. The section ends with a new host part or end of file. A single * template can be used to provide global defaults for all hosts.
  • HostName: Specifies the real hostname for the login. Numeric IP addresses are also allowed.
  • User : Specifies the username for the SSH connection.
  • IdentityFile: Specifies the file from which to read the user’s DSA, ECDSA, or DSA authentication identifier. The default is ~ / .ssh / identity for protocol version 1 and ~ / .ssh / id_dsa, ~ / .ssh / id_ecdsa and ~ / .ssh / id_rsa for protocol version 2.
  • ProxyCommand: Specifies the command to connect to the server. The command line continues to the end of the line and is executed using the user’s shell. On the command line, any occurrence of% h will be replaced with the hostname for the connection,% p for the port, and% r for the remote username. A command can be basically anything, and it must read from its standard input and write to its standard output. This directive is useful in conjunction with nc (1) and its proxy support. For example, the following directive will connect through an HTTP proxy at -X connect -x h% p
  • LocalForward: Specifies that the TCP port on the local computer will be forwarded over a secure channel to the specified host and port from the remote computer. The first argument must be port [bind_address:]and the second argument should be host: hostport.
  • Port : Specifies the port number to connect to on the remote host.
  • Protocol: Specifies the ssh (1) protocol versions to be supported in order of preference. Possible values: 1 and 2.
  • ServerAliveInterval: Sets the timeout in seconds after which, if no data has been received from the server, ssh (1) will send a message over an encrypted channel to request a response from the server.
  • ServerAliveCountMax: Sets the number of live server messages that can be sent without ssh (1), receiving any messages from the server. If this threshold is reached while sending server messages, ssh will disconnect from the server, ending the session.

Speed ​​up ssh session

Multiplexing is nothing more than sending more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results in reduced overhead when creating new TCP connections. Update your ~ / .ssh / config file:

Host server1
        ControlPath ~/.ssh/controlmasters/%[email protected]%h:%p
        ControlMaster auto

In this example, I am looking at one host to access another server, i.e. intercepts the host using the ProxyCommand:

## ~/.ssh/config ##
Host internal
  User vivek
  ProxyCommand ssh [email protected] -W %h:%p
  ControlPath ~/.ssh/controlmasters/%[email protected]%h:%p
  ControlMaster auto

A note on shell aliases (deprecated method)

Sample configuration files in OpenSSHWARNING! This bash shell aliased based tweak might work for you. However, we recommend that you use ~ / .ssh / config for better results in the long run. SSH config file is more advanced and elegant solutions. The alias command is only used here for demonstration purposes, and is here for historical reasons.

An alias is nothing more than a shortcut to commands, and you can create an alias using the following syntax in your ~ / .bashrc file:

## создайте новый псевдоним оболочки bash следующим образом ##
alias server1="ssh -i/nfs/shared/users/andreyex/keys/server1/id_rsa -p 4242 [email protected]"

Then to ssh to server1 instead of typing the full command ssh -i / nfs / shared / users / andreyex / keys / server1 / id_rsa -p 4242 [email protected] you would only need to type the command ‘server1 ‘and press the key [ENTER]:

$ server1