Using the SSH Config File

Ashutosh Roy Choudhury -

Introduction

Before we begin talking about how to use the SSH Configuration File, let's briefly understand – What is SSH ?

SSH, short for Secure Shell, is a secure network protocol for remote access and file transfers. It encrypts and protects data exchanged between a client and a server, preventing unauthorized access and eavesdropping.

SSH provides a secure way to connect to servers and devices remotely, managing them securely from anywhere. Its authentication protocol ensures only authorized users can access sensitive information, making it an essential tool for system administrators and developers. Discover more about SSH's role in securing remote connections and data transfers.

In this tutorial, you will use the SSH Configuration File. We will also address a few FAQs on how to use the SSH Config File.

Advantages of SSH

  1. Secure Remote Access: SSH ensures encrypted and secure connections, preventing unauthorized access to remote systems.
  2. Data Protection: SSH encrypts transmitted data, safeguarding it from eavesdropping and potential tampering.
  3. Authentication: SSH uses strong authentication methods, ensuring only authorized users can establish a connection.
  4. Port Forwarding: SSH allows secure tunneling of data between local and remote ports, facilitating secure communication.
  5. File Transfer: SSH supports secure file transfers between devices, ensuring data integrity and confidentiality.

Prerequisites

We'll assume you're running Linux or macOS and have the OpenSSH client installed.

SSH Config File Location

The config file for OpenSSH is located in the .ssh directory under the user's home directory and is entitled config.

When a user uses the ssh command for the first time, the ~/.ssh directory is created automatically. If the directory does not exist on your system, use the following command to create it:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

If the SSH configuration file does not exist by default, use the touch command to create it:

touch ~/.ssh/config

This file must only be readable and writable by the user, and it must not be available to anybody else:

chmod 600 ~/.ssh/config

SSH Config File Structure and Patterns

Patterns and Structure of SSH Configuration Files

Host hostname1
    SSH_OPTION value
    SSH_OPTION value

Host hostname2
    SSH_OPTION value

Host *
    SSH_OPTION value

Stanzas are used to organize the contents of the SSH client config file (sections). Each stanza begins with the Host directive and lists particular SSH parameters to use when connecting to a remote SSH server.

Indentation is optional, but preferred because it makes the document simpler to read.

The Host directive can contain a single pattern or a list of patterns separated by whitespace. Each pattern can contain one of the following pattern specifiers or zero or more non-whitespace characters:

  • * - Matches zero or more characters. For example, Host * matches all hosts, while 192.168.0.* matches hosts in the 192.168.0.0/24 subnet.
  • ? - Matches exactly one character. The pattern, Host 10.10.0.? matches all hosts in 10.10.0.[0-9] range.
  • ! - It denies the match when used at the start of a pattern. For example, Host 10.10.0.* !10.10.0.5 matches any host in the 10.10.0.0/24 subnet except 10.10.0.5.

The SSH client scans the configuration file stanza by stanza, and if multiple patterns match, the first matching stanza's settings take precedence. As a result, more host-specific declarations should be at the front of the file, and more universal overrides should go towards the bottom.

By entering man ssh_config in your terminal or reading the ssh config man page, you may get a complete list of available ssh settings.

Other programs, such as scp, sftp, and rsync read the SSH config file.

SSH Config File Example

Let's look at an example of an SSH configuration file now that we've covered the basics.

When connecting to a remote server through SSH, the remote user name, hostname, and port are usually specified. For instance, to log in as john to dev.example.com on port 2322 from the command line, type:

ssh john@dev.example.com -p 2322

Put the following lines in your "~/.ssh/config file to connect to the server using the same options as the command above, simply by entering ssh dev:

Host dev
    HostName dev.example.com
    User john
    Port 2322

When you run ssh dev, the ssh client will read the configuration file and connect to the dev host using the following credentials:

ssh dev

Shared SSH Config File Example

This example explains the host patterns and option precedence in further detail.

Take the following file as an example:

Host targaryen
    HostName 192.168.1.10
    User daenerys
    Port 7654
    IdentityFile ~/.ssh/targaryen.key

Host tyrell
    HostName 192.168.10.20

Host martell
    HostName 192.168.10.50

Host *ell
    user oberyn

Host * !martell
    LogLevel INFO

Host *
    User root
    Compression yes
  • The ssh client scans the file and applies the settings from the first match, which is Host targaryen, when you execute ssh targaryen. The next stanzas are then checked one by one for a matching pattern. Host *!martell (all hosts except martell) is the next one that matches, and it will use the connection option from this stanza. The last specification, Host *, likewise matches, but because the User option is already provided in the Host targaryen stanza, the ssh client will only accept the Compression option.

    The following is the complete list of options available when you type ssh targaryen.
HostName 192.168.1.10
User daenerys
Port 7654
IdentityFile ~/.ssh/targaryen.key
LogLevel INFO
Compression yes
  • Host tyrell, Host *ell, Host *!martell, and Host * are the matching host patterns when using ssh tyrell. Options used in this case are:
HostName 192.168.10.20
User oberyn
LogLevel INFO
Compression yes
  • The matched host patterns for ssh martell are: Host martell, Host *ell, and Host *. Options used in this case are:
HostName 192.168.10.50
User oberyn
Compression yes
  • The ssh client will utilize the options supplied in the Host *!martell for any other connections. Sections and Host *.

Override SSH Config File Option

The following is the order in which the ssh client reads its configuration:

  1. Options specified from the command line.
  2. Options defined in the ~/.ssh/config.
  3. Options defined in the /etc/ssh/ssh_config.

You can specify a single option on the command line if you want to override it. For instance, consider the following definition:

Host dev
    HostName dev.example.com
    User john
    Port 2322

If you want to utilize all of the other settings but connect as user root instead of john, provide the user on the command line as follows:

ssh -o "User=root" dev

You can specify an alternative per-user configuration file using the -F (configfile) option.

Use the following command to tell the ssh client to ignore all of the options in the ssh configuration file:

ssh -F /dev/null user@example.com

FAQs to Using the SSH Configuration File

What settings can I configure in the SSH config file?

You can define various settings, including host aliases, remote usernames, preferred authentication methods, forwarding options, and more.

How do I set up host-specific configurations? 

By specifying the hostname or alias as a configuration block header in the SSH config file, you can define settings that apply only to that specific host.

Can I disable strict host key checking for a specific host? 

Yes, by setting the "StrictHostKeyChecking" option to "no" in the host-specific configuration block, you can disable strict host key checking for that host.

How do I configure SSH to use a specific private key for a host? 

You can specify the private key file to use for a specific host by defining the "IdentityFile" option in the host-specific configuration block.

Can I configure SSH to use a non-standard port for a host? 

Yes, by setting the "Port" option in the host-specific configuration block, you can instruct SSH to connect to that host using a non-standard port.

How can I save time using SSH config file? 

The SSH config file enables you to define connection settings once, avoiding repetitive commands and allowing quick connections with a simple SSH hostname.

Can I use wildcards in the SSH config file? 

Yes, you can use wildcards like "*" to match multiple hosts or patterns and define global or group-specific settings.

Conclusion

We've taught you how to set up your user's ssh configuration file. Set up SSH key-based authentication to login to your Linux servers without having to enter a password.

SSH listens on port 22 by default. By minimizing the danger of automated attacks, changing the default SSH port offers an extra layer of security to your server.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.