First Steps in Automating SSH Connections: Mastering the Config File

In the previous post, we explored the basic usage of the ssh command and some useful options. However, entering complex IP addresses, usernames, and port numbers every time can be quite a hassle. This is where the SSH Config File comes to the rescue, allowing you to store frequently used server connection information and access it easily using a nickname (Alias), much like a bookmark. 

What is the SSH Config File?

---

---

The SSH Config File is a configuration file that customizes the behavior of the SSH client. By storing connection information (username, port, key file, etc.) for specific hosts in this file, you can connect later using a short nickname.

• Location: Typically exists as a file named config inside the .ssh folder in the user's home directory.
  • Example: ~/.ssh/config

• Creating the file: If the ~/.ssh/config file does not exist, you can create it manually.

  bash touch ~/.ssh/config chmod 600 ~/.ssh/config # Provides read/write permissions only to the owner for security

Config File Writing Rules

The config file is a simple text file, and each host's settings are defined by starting with the Host keyword in a block format.

Basic Structure

Host [Alias]
    [Option1] [Value1]
    [Option2] [Value2]
    ...

• Host [Alias]: Signals the start of this block and defines the nickname (Alias) you will use. Instead of an alias, you can also put the actual host address (IP or domain) directly. Wildcard characters (*, ?) can also be used.

• Indentation: Options under Host need to be indented. You can use spaces or tabs, but it's a good practice to maintain consistency.

• Options: Below Host, list various SSH options that will be applied when connecting with that alias. These options are the same as those previously used in the ssh -option format.

Commonly Used Options

Example of Writing an SSH Config File

---

---

Let’s add settings for a few frequently accessed servers to the ~/.ssh/config file.

# First server: Web server (alias: webserver)
Host webserver
    HostName 192.168.1.100
    User ubuntu
    Port 2222
    IdentityFile ~/.ssh/id_ed25519_webserver # Use key specific to the web server

# Second server: Development server (alias: devbox)
Host devbox
    HostName dev.example.com
    User developer
    IdentityFile ~/.ssh/id_rsa_dev # Use RSA key
    # For this server, forward local port 8000 to the remote server's port 80
    LocalForward 8000 localhost:80 

# Third server: All AWS EC2 servers (alias: aws-*)
Host aws-*
    User ec2-user
    IdentityFile ~/.ssh/aws_ec2_key.pem
    # Send periodic signals to keep the connection alive
    ServerAliveInterval 60
    ServerAliveCountMax 3

# General settings for specific IP range (alias: 10.0.0.*)
Host 10.0.0.*
    User admin
    Port 22

Explanation:

• webserver: Connects to 192.168.1.100 as ubuntu using port 2222 and the id_ed25519_webserver key.

• devbox: Connects to dev.example.com as developer using the id_rsa_dev key and forwards local port 8000 to remote port 80.

• aws-*: Settings applicable to all aliases starting with aws-. For instance, if you connect to aws-prod or aws-dev, the User and IdentityFile settings will be automatically applied. The HostName will resolve to prod when connecting to aws-prod (this can be used later with the ssh aws-prod command).

• 10.0.0.*: When connecting to an IP address of the form 10.0.0.x, admin as the user and the default port 22 will be used automatically.

How to Use the Config File

Now that you've saved settings in the config file, connecting becomes much simpler. Let's build on the examples above.

1. Connecting with Nicknames

Execute the SSH connection command using only the nickname.

• Using the webserver alias:

    ssh webserver
    Enter passphrase for key '/home/youruser/.ssh/id_ed25519_webserver':
    ubuntu@webserver-ip:~ $

This command operates exactly like `ssh -p 2222 -i ~/.ssh/id_ed25519_webserver ubuntu@192.168.1.100` internally.

• Using the devbox alias:

    ssh devbox
    Enter passphrase for key '/home/youruser/.ssh/id_rsa_dev':
    developer@devbox-domain:~ $

(At the same time, connecting to local port 8000 will link to the remote port 80 of dev.example.com)

• Using the aws-prod (wildcard alias):

    ssh aws-prod
    Enter passphrase for key '/home/youruser/.ssh/aws_ec2_key.pem':
    ec2-user@aws-prod-hostname:~ $

Note: In the case of a wildcard Host like aws-prod where a host name isn't explicitly specified, you may need to either specify the HostName option or provide a host name on the command line. Since in the example aws-* the HostName isn't specified, when you run ssh aws-prod, the SSH client will assume prod as the host name. For more clarity, it's common to map the nickname to HostName prod.example.com, like Host prod-server.

Advantages of Using the Config File

• Convenience: Replace long, complex SSH commands with short nicknames to reduce input errors and save time.
• Productivity: Quickly move between frequently accessed servers, enhancing work efficiency.
• Manageability: Keep all connection-related settings in one place for easy maintenance. For instance, if the server's IP address changes, just update the config file.
• Security: Avoid leaving sensitive information (e.g., key file paths) in command history.

Conclusion

The SSH config file is an essential tool for all developers and system administrators using SSH. Leverage this file to make your SSH connection experience much more convenient and efficient. Open your ~/.ssh/config file and create your own nicknames!

Also, check out other posts related to SSH! You can find various articles related to SSH by searching for 'ssh' in the search box on the right.

If you have any questions, feel free to ask in the comments!