How to configure SSH Client in Linux ?
At times we may need to access multiple remote systems with different IP addresses/hostnames, usernames, non-standard-ports with various command-line options. One way is to create a bash alias for each remote connection. But we have an easy and much better solution to this problem. OpenSSH allows to create per-user configuration file to store different SSH options for each remote server. In this article, we will see the basics of SSH Client configuration with some examples.
Linux or macOS system with OpenSSH Client installed.
The SSH client-side configuration file is named config which is stored in the .ssh directory under the user’s home directory. By default, the config file will not be present and the user needs to create it using the touch command. This file should be readable and writable only by the user and should not be accessed by others.
Config File Syntax
SSH config file takes the following syntax,
Host [Alias1] Option1 [value] Option2 [value] Option3 [value] Host [Alias2] Option1 [value] Option2 [value] Host [Alias3] Option1 [value]
SSH Client reads the configuration file stanza by stanza. If more than one pattern matches, then the options from the first matching stanza take precedence. Hence, the host-specific declaration should come first and the generic declaration should be kept last.
SSH Client does not care about indentation but it’s recommended for readability.
There is numerous number of ssh options available which can be found by typing man ssh_config in Linux terminal or can check in /etc/ssh/ssh_config file for reference.
SSH Config File Example
When a user wants to connect to a remote server through ssh, then he should mention remote username followed by IP address or hostname and port (default port 22 can be ignored). Consider below example,
Now, we can have the below lines in ~/.ssh/config file,
If we simply type ssh server, the ssh client will read the configuration file and use the options mentioned to connect to the remote server.
SSH Config Patterns
The host directive mentioned in syntax can contain one pattern or space-separated list of patterns.
Host nancy server Working Patterns nancy, server
Patterns can contain one of the following specifiers as well,
- * – Matches zero or more characters.
Host nancy* Working Patterns nancy,nancy123,nancy-server,etc
- ? – matches exactly one character.
Host nancy? Working Patterns nancy1, nancy2, nancy3, etc
- ! – When used at the start of a pattern, it negates the match.
Host nan* !nancy Working Patterns nan-1, naneo, etc [nancy will not work]
SSH Config Precedence
Let’s consider the below example to understand more about the precedence in ssh options when multiple hosts are defined,
Host nancy HostName 10.21.43.150 Compression no Host jancy HostName 10.2.33.58 PermitLocalCommand no Host trial HostName 10.2.33.57 PermitLocalCommand yes Host *cy !jancy User woot Port 22 Host * User root Port 22 Compression yes
- When a user types ssh nancy, the ssh client applies the options from the first match which is Host nancy. Then it checks for the next matching pattern which is Host *cy !jancy. Then the next matching pattern is Host *, here none of the options are considered as they got over-ridden in the earlier matched patterns. The full list of options are,
Host nancy HostName 10.21.43.150 User woot Port 22 Compression no
- When a user types ssh jancy, the matching patterns are Host jancy and Host *. The options used are,
Host jancy HostName 10.2.33.58 Port 22 User root Compression yes PermitLocalCommand no
- When the user types ssh trial, the matching patterns are Host trial and Host *,
Host trial HostName 10.2.33.57 PermitLocalCommand yes User root Port 22 Compression yes
- For all other remote connections, the ssh client will use Host *cy !jancy and Host *.
Override SSH Config File Options
SSH client reads the configuration file in the following order,
- Options are mentioned in the command line.
- Options mentioned in the ~/.ssh/config file.
- Options mentioned in the /etc/ssh/ssh_config file.
Now if the user wants to connect to amp150.arubathena.com but with a different user, then it can be over-ridden in the command line as below,