In the previous post, I covered the basics of the ssh command and a few useful options. But let’s be honest—typing long IP addresses, usernames, and port numbers every single time gets old fast.
That’s where the SSH config file comes in. It lets you save your favorite server connection settings and connect using a simple alias.
Back when I was a total beginner and didn’t even know SSH config files existed, I kept thinking, “How am I supposed to type this long, messy SSH command every single time?” So I literally pasted the whole command into .bashrc and used it as an alias. Later, once I learned the proper way to do it with ~/.ssh/config, I realized how stupid my approach had been.
What is the SSH config file?
The SSH config file is a configuration file that lets you define how your SSH client behaves. If you save connection details for specific hosts (username, port, key file, etc.) in advance, you can later connect using only a short alias.
-
Location: It usually lives in your home directory under the
.sshfolder, with the filenameconfig. If you just installed SSH for the first time, it may not exist yet. -
Create the file: If
~/.ssh/configdoesn’t exist, create it manually. Make sure the permission is set to 600.
touch ~/.ssh/config
chmod 600 ~/.ssh/config # This permission setting is important for security.
How to write the config file
The config file is a simple text file. Each host is defined as a block that starts with the Host keyword.
Basic structure
Host [alias]
[option1] [value1]
[option2] [value2]
...
Host [alias]: Declares the beginning of a block and defines the alias you’ll use in your SSH command. Instead of an alias, you can also put the real hostname (IP address or domain). Wildcards (*,?) are supported as well.- Indentation: Options under
Hostshould be indented. Spaces or tabs both work—just stay consistent. - Options: Under
Host, you list SSH options that will apply when connecting using that alias. These correspond to things you might otherwise pass via the command line (likessh -p ...).
Common options
| Option | Description | Example |
HostName |
The actual server IP address or domain name | 192.168.1.100 or example.com |
User |
Remote username | ubuntu, ec2-user, root |
Port |
SSH port (default is 22) | 2222 |
IdentityFile |
Path to the private key file | ~/.ssh/id_ed25519_myserver |
ForwardAgent |
Enable SSH agent forwarding (when using ssh-agent) |
yes |
StrictHostKeyChecking |
Whether to enforce strict host key verification (yes recommended) |
no (temporarily for early testing) |
PortForwarding |
Whether to allow port forwarding | yes |
LocalForward |
Local port forwarding (same as -L) |
8080 localhost:80 |
ServerAliveInterval |
Interval (seconds) to check if the connection is alive | 60 (prevent disconnects) |
ServerAliveCountMax |
Number of failed checks before disconnecting | 3 |
Example SSH config
Let’s add a few frequently used servers to ~/.ssh/config.
# Server 1: Web server (alias: webserver)
Host webserver
HostName 192.168.1.100
User ubuntu
Port 2222
IdentityFile ~/.ssh/id_ed25519_webserver # Dedicated key for this server
# Server 2: Development server (alias: devbox)
Host devbox
HostName dev.example.com
User developer
IdentityFile ~/.ssh/id_rsa_dev # Using an RSA key
# Forward local port 8000 to the remote server's port 80
LocalForward 8000 localhost:80
# Server 3: All AWS EC2 servers (alias pattern: aws-*)
Host aws-*
User ec2-user
IdentityFile ~/.ssh/aws_ec2_key.pem
# Send keep-alives so the connection doesn't drop
ServerAliveInterval 60
ServerAliveCountMax 3
# General rule for a specific IP range (alias pattern: 10.0.0.*)
Host 10.0.0.*
User admin
Port 22
Explanation:
webserver: Connect to192.168.1.100as userubuntuvia port2222, using theid_ed25519_webserverkey.devbox: Connect todev.example.comas userdeveloperusing theid_rsa_devkey, and forward local port 8000 to remote port 80.aws-*: Settings applied to any alias that begins withaws-, such asaws-prodoraws-dev.10.0.0.*: Automatically appliesadminand port 22 when connecting to IPs in the10.0.0.xrange.
In practice, I don’t use wildcard (
*) host patterns very often. It’s usually easier to manage connections when you define a 1:1 config per server. Also, sometimes I connect to the same server with different settings, so I add separate aliases and “pick” one—like choosing a menu item at a restaurant—then connect withssh my-alias.
How to use the config file
Once you’ve saved settings in your config file, connecting becomes much simpler. Let’s try it using the examples above.
1. Connect using an alias
Run SSH using only the alias:
- Using the
webserveralias:
ssh webserver
Enter passphrase for key '/home/youruser/.ssh/id_ed25519_webserver':
ubuntu@webserver-ip:~ $
Internally, this is equivalent to running:
ssh -p 2222 -i ~/.ssh/id_ed25519_webserver ubuntu@192.168.1.100
- Using the
devboxalias:
ssh devbox
Enter passphrase for key '/home/youruser/.ssh/id_rsa_dev':
developer@devbox-domain:~ $
(At the same time, your local port 8000 will be forwarded to port 80 on
dev.example.com.)
Benefits of using SSH config
- Convenience: Replace long, complex SSH commands with short aliases, reducing typing and mistakes.
- Productivity: Jump between servers quickly and stay focused on your work.
- Easier management: Keep all connection settings in one place. If a server IP changes, you update only the config file.
- Security: Avoid leaving sensitive details (like key file paths) in your shell history.
Summary
The SSH config file is an essential tool for anyone who uses SSH regularly—developers and system admins alike. Use it to make your SSH workflow faster, cleaner, and more reliable. Open ~/.ssh/config and create your own aliases today!
If you’d like to read more SSH-related posts, try searching for “ssh” using the search box on the right.
And if you have any questions, feel free to ask in the comments!
There are no comments.