SSH Config Mastery: Stop Typing Long Commands

Still typing ssh -i ~/.ssh/my-key.pem -p 2222 user@server.example.com? There’s a better way.

The SSH Config File

~/.ssh/config transforms verbose commands into simple ones.

Basic Config

Now just:

1
2
3
ssh prod
ssh staging
ssh dev

Wildcards and Patterns

Jump Hosts (Bastion)

1
2
# Connects through bastion automatically
ssh internal-db

Port Forwarding

Local Forward

Access remote service locally:

1
2
ssh -N db-tunnel &
psql -h localhost -p 5432  # Connects to remote DB

Dynamic Forward (SOCKS Proxy)

1
2
ssh -N socks-proxy &
curl --socks5 localhost:1080 http://internal-service/

Agent Forwarding

Use your local keys on remote servers:

Now you can SSH from bastion to other servers using your local keys.

Security note: Only enable ForwardAgent for trusted hosts.

Reuse connections for speed:

1
mkdir -p ~/.ssh/sockets

First connection is normal. Subsequent connections to the same host are instant.

Common Options

AWS EC2 Pattern

Git Over SSH

Use in git:

1
git clone github-work:company/repo.git

Debugging

1
2
3
4
5
6
7
8
# Verbose output
ssh -v prod

# More verbose
ssh -vvv prod

# Test config
ssh -G prod | grep -E "^(hostname|user|port|identityfile)"

Security Hardening

Full Example

The SSH Config Checklist

One Host entry per server
Keys specified per host
Bastion/jump hosts configured
Connection multiplexing enabled
Keepalives for long sessions
Git hosts configured

A good SSH config means never typing a hostname or remembering a port again. Invest 10 minutes, save hours.

The SSH Config File#

Basic Config#

Wildcards and Patterns#

Jump Hosts (Bastion)#

Port Forwarding#

Local Forward#

Dynamic Forward (SOCKS Proxy)#

Agent Forwarding#

Multiplexing (Connection Sharing)#

Common Options#

AWS EC2 Pattern#

Git Over SSH#

Debugging#

Security Hardening#

Full Example#

The SSH Config Checklist#

📬 Get the Newsletter