If you’re still typing ssh -i ~/.ssh/prod-key.pem -p 2222 ubuntu@ec2-54-123-45-67.compute-1.amazonaws.com, you’re working too hard. SSH config files let you define aliases with all your connection details.
Basic Config# Create or edit ~/.ssh/config:
H o s t H U P I p o s o d r s e r e o t r t n d N t a u 2 i m b 2 t e u 2 y n 2 F e t i c u l 2 e - 5 ~ 4 / - . 1 s 2 s 3 h - / 4 p 5 r - o 6 d 7 - . k c e o y m . p p u e t m e - 1 . a m a z o n a w s . c o m
Now connect with just:
Common Options# H o s t H U P I # S S # C C C # F # C m o s o d e e o o o o o y s e r e K r r R n n n F r C m s t r t n e v v e t t t o w o p e N t e e e u r r r r a m r r a d 2 i p r r s o o o w r p e v m e 2 t A A e l l l a d r s e e p y c l l M P P r A e s r l F o i i c a a e d g s i s o i n v v o s t r e s o e y l n e e n t h s a n i n r e e I C n e i g t o v c n o e r ~ s e n y e ~ t t u c / t n y e r / i e n t a . t e ( s . . o r t i u s 6 s g e s n v M o t s 0 ( o x s a a n o h 0 c o a h a l x s / a d m / l s r p i i 6 3 o e f l d v 0 c f o e _ e k u r . e e l c d t s o 2 s w l m 5 / i o 5 % t w 1 r h 9 @ c % t o h h n - i n % s e p ) c t i o n s )
Wildcards and Patterns# # H # H # H o o o A s M s N s l t u t e t l U I l U I g S s d t d s d a e h . e e i e e e t r o e r n p v r n i ! v s x t l t o g e t a a i e s d i n i r s m d t t e t t A p m y h a p y h l i l i F o g l F u i n e n i s i o i b v . l t n y l . e a c e s g e c I o o n d m ~ p ~ m t o / r / e m . o . r a s d s v i s s a n h h l / / e d 6 x e 0 a p m l p o l y e - - k k e e y y . . p p e e m m
Jump Hosts (Bastion)# When you need to hop through a bastion server:
# H # H H H o o o o T s S s s s h t e t t t e H U I r U P H H b o s d v i s r i o i o b a s e e e n e o n s n s a s t r n r t r x t t t t s t N t s e y e N e N t i a a i r d J r a r a i o m d t b n e u n m n m o n e m y e a p m a e a e n i F h l l p l l b n i i - o - 1 - 1 a l n * y b a 0 d 0 s e d a p . b . t s p 0 0 i ~ b t . . o / a i 1 1 n . s o . . . s t n 5 5 e s i 0 1 x h o a / n m b p a l s e t . i c o o n m - k e y . p e m
Now ssh internal-app automatically jumps through the bastion.
Legacy ProxyCommand# For older SSH versions:
H o s t P i r n o t x e y r C n o a m l m - a * n d s s h - W % h : % p b a s t i o n
Port Forwarding# Local Forward (access remote service locally)# H o s t H L t o o u s c n t a n N l e a F l m o - e r d w b s a e r r d v e 5 r 4 . 3 e 2 x a l m o p c l a e l . h c o o s m t : 5 4 3 2
Connect and access remote PostgreSQL on localhost:5432:
1
2
ssh tunnel-db
psql -h localhost -p 5432
Remote Forward (expose local service remotely)# H o s t H R e o e x s m p t o o N t s a e e m F - e o l r o s w c e a a r r l v d e r 8 . 0 e 8 x 0 a m l p o l c e a . l c h o o m s t : 3 0 0 0
Dynamic SOCKS Proxy# H o s t H D p o y r s n o t a x N m y a i m c e F o s r e w r a v r e d r . 1 e 0 x 8 a 0 m p l e . c o m
1
2
ssh proxy
# Configure browser to use SOCKS5 proxy at localhost:1080
AWS and Cloud Patterns# EC2 Instances# H H o o s s t t H U I I S U a o s d a d t s w s e e w e r e s t r n s n i r - N t - t c K p a e i * i t n r m c t t H o o e 2 y y o w d - F F s n 5 u i i t H 4 s l l K o . e e e e s 1 r y t 2 ~ ~ C s 3 / / h F . . . e i 4 s s c l 5 s s k e . h h i 6 / / n / 7 a a g d w w e s s n v - - o / p d n r e u o f l d a l . u p l e t m . p e m
With SSM (no direct SSH)# 1
2
3
4
# Use AWS Session Manager as a ProxyCommand
Host i-*
ProxyCommand aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'
User ec2-user
GitHub and GitLab# # H # H # H o o o G s W s G s i t o t i t t H U I r H U I t H U I P H g o s d k g o s d L g o s d r u i s e e i s e e a i s e e e b t t r n G t t r n b t t r n f h N t i h N t l N t e w u a g i t u a g i a a g i r i b m i t H b m i t b m i t r t . e t y u - e t y . e t y e h c F b w F c F d o g i o g i o g i A s m i l ( r i l m i l u p t e d k t e t e t e h i h l h c u ~ f u ~ a ~ e i b / f b / b / n f . . e . . . . t i c s r c s c s i c o s e o s o s c m h n m h m h a k / t / / t e g g g i y i a i i o t c t t n h c h l s u o u a b u b b p - n - - u k t w k b e ) o e l y r y i k c - k k e e y y
For multiple GitHub accounts, clone with the alias:
1
git clone git@github-work:company/repo.git
Connection Multiplexing# Speed up repeated connections:
H o s t C C C o o o n n n t t t r r r o o o l l l M P P a a e s t r t h s e i r ~ s / t a . u s 6 t s 0 o h 0 / s o c k e t s / % r @ % h - % p
Create the socket directory:
1
2
mkdir -p ~/.ssh/sockets
chmod 700 ~/.ssh/sockets
Now the first connection opens a socket, subsequent connections reuse it (much faster).
Security Options# H o s t H # C M K # P P # F s o i A e a r o e s P p C x D s e D r c t r h s A i s f o w u N e e l s w e n a r a f r h g a o r ' r e m e s m o b r r t d - e r a r l d e A s a c i e A d f g e s s e - t u A o e r e t s s h p t u r n v c r 2 h m a h t w t e u o 5 a s s e h a r r n 6 2 s n e r n e g - - c w t n d o . e g 5 u o i t e r c 1 r r c i a x m 2 v d a c g a a @ - e t a e m l o e 2 a i t n p g p t 5 u o i t l o e m 5 t n o e r n @ 1 h n . i s o 9 n s c t s p - o o h h e s p m m . n h u s c s a b o s 2 l m h 5 i , . 6 c c c , k h o c e a m u y c , r h h v a m e 2 a 2 0 c 5 - - 5 p s 1 o h 9 l a - y 2 s 1 - h 3 2 a 0 5 2 5 6 5 @ - 6 o e @ p t l e m i n @ b s o s s p s h e h . n . c s o o s r m h g . c o m
Defaults for All Hosts# Put at the end of your config:
H o s t # S S # H V # I # A # U e e a i d d s S r r S s s U e A d m e e v v e h u s n d K a K n e e c K a e t d e c e s r r u n l i y O y i A A r o H m t k s S c b l l i w o o y e T : h l i i t n s d F y o a e v v y H t e i s A U i e e o K r l g s n d I C s e n e t e e e n o t y o n y f t u s k ~ t k e a e n y e / a e s u r t y e y . g y y l v M e s s e e c t a a s s n s h s l x h t a / i 6 3 i n 0 d _ e d 2 5 5 1 9
Include Other Configs# Split configs by environment:
# I H n o ~ c s / l t . u S s d e s e r h v / c e c o r o n A n f l f i i i g v g . e d I / n * t e r v a l 6 0
# H o ~ s / t . U I s w s d s o e e h r r n / k t c - a i o * d t n m y f i F i n i g l . e d / ~ w / o . r s k s h / w o r k - k e y
# H o ~ s / t . U I s h s d s o e e h m r n / e t c - p i o * i t n y f F i i g l . e d / ~ p / e . r s s s o h n / a p l e r s o n a l - k e y
Complete Example# # # H # H H H # H # H # H o o o o o o o ~ W s W s s s P s G s D s / o t o t t t e t i t e t . r H U I r U I P H H L r H U P t U I f S C C C A s k b o s d k w s d r w o w o o s h o s o H g s d a e o o o d s a s e e o e e o o s o s c o o s e r u i e e u r n n n d h b s t r n s r r n x r t r t a n m t r t b t r n l v t t t K / a t N t e k t y k N k N l a e N h t t e r r r e c s i a a i r - d i J - a - a F l a p 2 u g i s r o o o y o t o m d t v * e t u a m d m o m i 2 b i t A l l l s n i n e m y e p y m p e b e r e 2 . t y l M P P T f o i F r l F p p w 2 c F i a a e o i n b n i s o i 1 1 a h o i v s t r A g a l y l b 0 0 r o m l e t h s g s e e a . . d m e I e i e t v s 0 0 e n r ~ s n i ~ i ~ t . . 5 . ~ t / t t o / a / i 1 1 4 e / e a . n . . o . . 3 x . r u s 6 y . s b s n 1 2 2 a s v t s 0 e c s a s 0 0 m s a o h 0 s o h s h l p h l / m / t / o l / s p w i w c e g 6 o a o o o a . i 0 c n r n r l c t k y k ) k h o h e . . . o m u t c p p s b s o e e t / m m m : % 5 r 4 @ 3 % 2 h - % p
Debugging# 1
2
3
4
5
6
7
8
# Verbose output
ssh -v myserver
# Very verbose
ssh -vvv myserver
# Check which config file options are being used
ssh -G myserver
Quick Reference# Option Purpose HostNameActual hostname/IP UserLogin username PortSSH port IdentityFilePrivate key path ProxyJumpJump host LocalForwardForward remote port locally ServerAliveIntervalKeepalive interval ControlMasterConnection multiplexing
A good SSH config file is like a phone book for your servers. Set it up once, update it when things change, and stop typing the same options repeatedly. Your fingers will thank you.