Using the SSH Config File - DesignLinux

Sep 03 2020
designlinux 0 Comments

If you are doing administrator work or need to connect regularly the multiple remote systems via SSH, it is difficult to remember all the remote IP addresses, usernames and ports. For this problem there is a simple solution is to using OpenSSH set up a per-user configuration file and store different SSH options for each remote system. This article explains basics of the SSH client config file.

Prerequisites

Make sure you have installed OpenSSH on your machine.

SSH Config File Location

OpenSSH client config file is located at .ssh directory under user’s home directory with name config. If this directory not exists it will be creates when the user first time run ssh command. You also can create using the following command, if not exists:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

Generally, by default SSH configuration file is not exists you can create using touch command:

touch ~/.ssh/config

The file must be readable and writable only by the user and other’s can not do access:

chmod 600 ~/.ssh/config

SSH Config File Structure

Following is the basic structure of the SSH config file:

Host HOSTNAME_1
    SSH_OPTION value
    SSH_OPTION value

Host HOSTNAME_2
    SSH_OPTION value

Host *
    SSH_OPTION value

The contents of the config file organized section wise and each section starts with the Host directive and contains specific SSH options that are used when establishing a connection with the remote SSH server. You can set indent in file so it will be easy to manage.

The Host directive can contain one pattern or a whitespace-separated list of patterns. Each pattern can contain zero or more non-whitespace character or one of the following pattern specifiers:

  • * – Matches zero or more characters. For example, Host * matches all hosts, while 102.102.0.* matches hosts in the 102.102.0.0/24 subnet.
  • ? – Matches exactly one character. The pattern, Host 102.102.0.? matches all hosts in 102.102.0.[0-9] range.
  • ! – When used at the start of a pattern, it negates the match. For example, Host 102.102.0.* !102.102.0.5 matches any host in the 102.102.0.0/24 subnet except 102.102.0.5.

The SSH client reads the configuration file section by section, and if more than one patterns match, the options from the first matching section take precedence.

To get the full list of available ssh options by typing man ssh_config in your terminal or by visiting the ssh_config man page.

The scp , sftp , and rsync programs can read the SSH config files.

SSH Config File Example

Let’s have a look at the following example:

Generally, to connect a remote server via SSH you should specify the remote usernames, hostname, and port. For instance, to log in as user name kunj to the host 192.168.1.102 on port 456 from the command line, type:

ssh [email protected] -p 456

This is little bit difficult to remember each option so you can connect simply typing the ssh devserver, add the following lines to your ~/.ssh/config file:

Host devserver
    HostName 192.168.1.102
    User kunj
    Port 456

Once you type the ssh devserver, the ssh client will read the configuration file and use the connection options which are specified for the devserver section:

ssh devserver

Shared SSH Config File Example

This example gives more detailed information about the host patterns and option precedence.

Let’s take the following example file:

Host kunjyen
    HostName 102.102.1.10
    User kunjrys
    Port 7654
    IdentityFile ~/.ssh/kunjyen.key

Host kunjell
    HostName 102.102.10.20

Host kavyaell
    HostName 102.102.10.50

Host *ell
    user kunjayn

Host * !kavyaell
    LogLevel INFO

Host *
    User root
    Compression yes

On type the ssh kunjyen, the ssh client will read the file and find the first match and apply. In our example, it is Host kunjyen. After that it will checks for next section one by one for matching pattern. The next matching one is Host * !kavyaell and it will apply the connection option from this section. The last section Host * also matches, but the ssh client will take only the Compression option because the User option is already defined in the Host kunjyen section.

The full list of options used when you type ssh kunjyen is as follows:

HostName 102.102.1.10
User kunjrys
Port 458
IdentityFile ~/.ssh/kunjyen.key
LogLevel INFO
Compression yes

When running ssh kunjell the matching host patterns are: Host kunjell, Host *ell, Host * !kavyaell and Host *. The options used in this case are:

HostName 102.102.10.20
User kunjayn
LogLevel INFO
Compression yes

If you run ssh kavyaell, the matching host patterns are: Host kavyaell, Host *ell and Host *. The options used in this case are:

HostName 102.102.10.50
User kunjayn
Compression yes

Override SSH Config File Option

In following order the ssh client reads the configuration:

  1. The options which are specified from the command line.
  2. Options defined in the ~/.ssh/config file.
  3. Options defined in the /etc/ssh/ssh_config.

To override a single option, you can specify it on the command line. For example, if you have the following definition:

Host kunjdev
    HostName 102.102.102.102
    User kunj
    Port 456

If you want to use all other options but to login as root user instead of kunj, you just need to specify the user on the command line:

ssh -o "User=root" kunjdev

To tell the ssh client to ignore all of the options specified in the ssh configuration file, use:

ssh -F /dev/null [email protected]

Conclusion

This article explained how to configure your user in ssh config file. You can also set up SSH key-based authentication and connect to your Linux servers without entering a password.

To add an extra layer to your server you can change the default SSH Port. By default, SSH listen on port 22.

Tags: ,