SSH Config Tips That Save Hours

Every time you type ssh -i ~/.ssh/mykey.pem -p 2222 admin@192.168.1.50, you’re wasting keystrokes. The SSH config file exists to eliminate this friction.

Basic Host Aliases

Create or edit ~/.ssh/config:

Now just:

1
2
ssh prod
ssh staging

Common Options

Option	What it does
`Port`	Non-standard SSH port
`IdentityFile`	Which key to use
`ForwardAgent`	Forward your SSH agent (for jumping through servers)
`ServerAliveInterval`	Send keepalive every N seconds (prevents timeout)
`ServerAliveCountMax`	Disconnect after N missed keepalives

Wildcard Patterns

Apply settings to multiple hosts:

The second block is useful for ephemeral VMs where host keys change often.

Jump Hosts (ProxyJump)

Access internal servers through a bastion:

Now ssh internal-db automatically routes through the bastion. No manual tunneling.

For older SSH versions, use ProxyCommand:

Port Forwarding Shortcuts

Set up tunnels without remembering the syntax:

1
2
ssh -N db-tunnel  # -N means no shell, just tunnel
# Now localhost:5432 reaches the remote postgres

Dynamic SOCKS Proxy

Route all traffic through an SSH server:

1
2
ssh -N proxy
# Configure browser to use SOCKS5 proxy at localhost:1080

Reuse connections for faster subsequent logins:

Create the socket directory:

1
mkdir -p ~/.ssh/sockets

First ssh prod takes normal time. Subsequent connections are instant because they reuse the existing socket.

Per-Host Compression

Enable compression for slow connections:

Or disable for fast local networks where compression adds overhead:

Agent Forwarding (Careful!)

Forward your SSH keys to the remote server:

⚠️ Security warning: Only enable this for trusted servers. A compromised server with agent forwarding can use your keys.

Safer alternative — use ProxyJump instead of agent forwarding when possible.

Default Settings

Apply to all hosts with Host *:

IdentitiesOnly yes prevents SSH from trying every key in your agent — only uses explicitly specified keys.

Includes

Split config into multiple files:

Then organize:

Real Example

Here’s a practical config:

With this config:

ssh work-prod jumps through bastion automatically
ssh nas connects to local NAS
ssh aws-whatever uses the right user and key
All connections stay alive and multiplex

Debugging

See what SSH is actually doing:

1
2
3
ssh -v prod           # Verbose
ssh -vv prod          # More verbose
ssh -vvv prod         # Maximum verbosity

Check which config options apply:

1
ssh -G prod | grep -i identity

File Permissions

SSH is picky about permissions:

1
2
3
4
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/*.pub

If permissions are wrong, SSH will ignore your config or refuse to use keys.

Five minutes setting up ~/.ssh/config saves hours over a year. Every ssh -i key -p port user@host you don’t type is cognitive load you don’t spend.

Basic Host Aliases#

Common Options#

Wildcard Patterns#

Jump Hosts (ProxyJump)#

Port Forwarding Shortcuts#

Dynamic SOCKS Proxy#

Multiplexing (Connection Sharing)#

Per-Host Compression#

Agent Forwarding (Careful!)#

Default Settings#

Includes#

Real Example#

Debugging#

File Permissions#

📬 Get the Newsletter