Categories

How to Use SSH Configure File

Posted by By Adam 4 years Ago
Understanding the client SSH Config File

In this tutorial, we will learn How to Use the SSH Configure File to store the server details:

Introduction

If you’re regularly using the SSH command to connect multiple remote systems or servers.
It’s very difficult, or we can say it’s nearly impossible to remember all IP addresses, Usernames, Non-standard ports of all remote servers.

To overcome this we can create a bash alias for each remote server one by one but still, this method is not useful if you want to add multiple bash alias for multiple remote servers. However, there is a much better and simpler option for this problem. SSH provides a facility to create a configuration file for each user to store different remote server details to log in.

Read Also: Understanding ln Command in Linux (Create Symbolic Links)

Prerequisites

You need a Linux or a macOS with OpenSSH client installed.

SSH Config File Location

OpenSSH client-side configuration file is named with config and stored in .ssh directory, under the user’s home directory.

The ~/.ssh directory is automatically created when the user runs the ssh command for the first time in the system. If you are unable to find this Directory, create it using the below command:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

By default, the SSH configuration file does not exist, so you need to create the file using the below command:

touch ~/.ssh/config

Set the file permission to readable and writable only for users and others who can’t access this file:

chmod 600 ~/.ssh/config

SSH Config File Structure and Patterns

The structure of SSH configuration is as below:

host hostname A
    OPTION value
    OPTION value

host hostname B
    OPTION value

host *
    OPTION value

The SSH client configuration file is in Stanzas (sections).  Each section points to a host which has some option values like port number, user, etc. These Options establish the connection with the remote SSH server.

It is recommended to use Indentation (Space after every stanza), to make the file easier to read.

The Host can contain one pattern or a whitespace-separated list of patterns. Each pattern can contain a zero or more non-whitespace character or one of the following pattern specifiers:

  • * – It indicates all or a fixed range in the host. For example If we use Host * it will select all the available host. If we want to select a range in the IP address then we use 187.123.0.*, it will select the range 0 to 255 IP addresses.
  • ? – It indicates a fixed match or value. For example, we want 0-20 range in an IP address 187.123.0.[0-20] , It will select 0-20 IP addresses
  • ! – Exclude a match or value. For example 187.123.0.*, we have to select a pool of /24 IP but need to exclude one IP address 187.123.0.23 then use 187.123.0.* ! 187.123.0.23

SSH client reads the configuration file section by section, if multiple patterns are found then it will give priority to the first one. Most of the specific declarations must be given at the beginning of the file.

If you want to know the full list of available ssh options by typing man ssh_config in your terminal or for more detailed information visit the ssh_config page.

SSH config file is also read by the other programs such as scp , sftp and rsync.

SSH Config File Example

We have to connect to a server as a user named Linuxpanda to called Linuxpanda.com on port 4324 form the terminal:

ssh [email protected] -p 4324

We can also access the server with the config file, just enter the above details in "~/.ssh/config the file.

Host Linux
    HostName Linuxpanda.com
    User Linuxpanda
    Port 4324

Now whenever we type ssh Linux  It will establish a connection with the server.

ssh Linuxpanda

Shared SSH Config File Example

In the below example, we will learn more detailed information about the host pattern and option precedence.

Let’s check the examples:

Host Hunter
    HostName 172.177.9.110
    User centos
    Port 7654
    IdentityFile ~/.ssh/Hunter_Private.key

Host Test1server
    HostName 192.168.10.20

Host Test2server
    HostName 192.168.10.50

Host * !Test2server
    LogLevel INFO
    
Host *server
    user Alex

Host *
    User root
    Compression yes
  • When we type ssh Hunter in the terminal, ssh will read the file and apply the option form the First match Host Hunter, then it will search for the another match that is Host * !Debian and include it. The next match will be Host *, it will include only the Compression part because it already has the User part from the Host Hunter.
HostName 172.177.9.110
    User centos
    Port 7654
    IdentityFile ~/.ssh/Hunter_Private.key
    LogLevel INFO
    Compression yes
  • When we type ssh Test1server, the matched will be Host * !DebianHost *server and Host *.
HostName 192.168.10.20
user Alex
LogLevel INFO
Compression yes
  • When we type ssh Test2server , the matched will be Host Test2serverHost *serverHost *.
HostName 192.168.10.50
user Alex
Compression yes
  • All other SSH Host or Login will include Host * !Test2serverHost *serverHost *in their details if not mentioned in the command like user, port, compression.

Override SSH Config File Option

The SSH client reads the configuration according to the priority order.

  1. SSH Options specified from the command line (First Priority)
  2. Defined in the ~/.ssh/config (Second Priority)
  3. SSH Options defined in the /etc/ssh/ssh_config (Third Priority)

If we want to override any option, then we can mention that option in the command. For example, the following details:

Host Hunter
    HostName Linuxpanda.com
    User centos
    Port 7654

We want to include all the details except the User then we have to specially mention the user in the command:

ssh -o "User=root" Hunter

SSH command also allows an option to specify an alternative per-user configuration file with the help of  -F [config file].

If we want to ignore all the options specified in the config file then use:

ssh -F /Hunter/null [email protected]

Conclusion

In this tutorial, we have explained how to configure ssh config file as per the requirement. We can set up the SSH key-based authentication and connect to the server without entering the password.  

If we did not mention the port in the config file then by default it uses port 22. To increase the security on the server change the default port of the SSH to reduce the risk of attacks on the server.

If you guys have any queries related to this How to Use SSH Configure File tutorial, Let me know in the comments.