SSH Config

Efficient SSH configuration is essential for DevOps engineers managing cloud infrastructure (AWS, Azure, GCP) and automating secure connections. This guide covers practical SSH config usage, real-world examples, and best practices.


What is the SSH Config File?

  • Located at ~/.ssh/config

  • Allows you to define connection settings for multiple hosts

  • Simplifies SSH commands and enables advanced features (jump hosts, key management, etc.)

If the file does not exist, create it:

touch ~/.ssh/config
chmod 600 ~/.ssh/config  # Secure the config file

Basic SSH Config Structure

Host <alias>
  HostName <server_ip_or_dns>
  User <username>
  IdentityFile <path_to_private_key>

Example: Connect to an AWS EC2 instance

Host nano-server
  HostName 174.129.141.81
  User ubuntu
  IdentityFile ~/t3_nano_ssh_aws_keys.pem

Now connect with:

ssh nano-server

Multiple Hosts and Wildcards

You can define multiple hosts and use wildcards for bulk configuration.

Host dev-*
  User devuser
  IdentityFile ~/.ssh/dev.pem

Host prod-server
  HostName 10.0.0.10
  User ubuntu
  IdentityFile ~/.ssh/prod.pem

Host ?-server
  User generic

Host !prod-server
  LogLevel DEBUG

Host *-server
  IdentityFile ~/.ssh/low-security.pem
  • * matches any number of characters (e.g., dev-* for all dev servers)

  • ? matches a single character (e.g., ?-server)

  • ! negates a match (e.g., !prod-server)


Real-World DevOps Examples

1. Use a Jump Host (Bastion)

Host private-server
  HostName 10.0.1.5
  User ec2-user
  ProxyJump bastion-host

Host bastion-host
  HostName 54.12.34.56
  User ec2-user
  IdentityFile ~/.ssh/bastion.pem

2. Use Different Keys for Different Clouds

Host aws-*
  IdentityFile ~/.ssh/aws.pem
Host azure-*
  IdentityFile ~/.ssh/azure.pem
Host gcp-*
  IdentityFile ~/.ssh/gcp.pem

3. Forward SSH Agent for Git Operations

Host github.com
  User git
  ForwardAgent yes

Best Practices

  • Always set permissions: chmod 600 ~/.ssh/config

  • Use descriptive aliases for hosts

  • Use wildcards to avoid repetition

  • Never commit private keys or sensitive config to version control

  • Use ProxyJump for secure access to private networks

  • Document your config for team use


References


Tip: Use SSH config to simplify Ansible, Terraform, and cloud CLI workflows by referencing host aliases instead of full connection strings.


Add to SUMMARY.md

- [How to Use SSH Config](pages/should-learn/linux/commands/ssh/how-to-use-ssh-config.md)

Last updated