ssh config

  • $HOME/.ssh/config -- personal configuration
  • /etc/ssh/ssh_config -- global configuration

Format:

Host <alias> SSH_OPTION value

Common options

Host * # match all hosts User matchy IdentityFile $HOME/.ssh/id_ed25519 Host cloud HostName dev.example.com # automatically use "matchy" as the User # automatically use id_ed25519 as the IdentityFile Host dev HostName 147.47.233.45 User mischa # overwrites User="matchy" Port 2333 IdentityFile $HOME/.ssh/id_rsa # overwrites

Port forwarding

Host to_forward # ... + LocalForward <port-to-forward> 127.0.0.1:<port-on-local>

Jump/Bastion server make-easy

ProxyJump is available since OpenSSH version 7.5.

Host bastion HostName transfer.example.com User matchy IdentityFile ~/.ssh/id_ed25519 Host node HostName 192.168.50.233 # the intranet IP to the bastion + ForwardAgent yes + ProxyJump bastion

If your ssh is olderthan OpenSSH 7.5 but newer than OpenSSH 5.4 (assuming bastion config exists in the ssh config):

Host node # ... + ProxyCommand ssh bastion -W [%h]:%p

If your ssh is even older than OpenSSH 5.4...

Host node # ... + ProxyCommand ssh bastion nc -q0 %h %p 2> /dev/null

Change starting directory

RemoteCommand is available since OpenSSH version 7.5.

Host node # ... + RequestTTY force + RemoteCommand cd /path/to/your/directory && bash -l

The command bash -l means starting a bash session as the login shell. Alternatively, if you prefer zsh or fish (or any other shells), simply use zsh -l or fish -l instead.

To Dos

  • Avoid broken pipe