Skip to content

SSH Config: Best Practices and Advanced Techniques

Unlock the full potential of SSH configuration with this comprehensive guide.

Configuration Examples

Publickey for Github Example 
Host github.com gist.github.com
  User git
  Hostname github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_ed25519
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Publickey and Password Example 
Host router
  user wuseman
  Hostname 192.168.1.1
  IdentityFile ~/.ssh/id_rsa-2022-08-23
  KexAlgorithms +diffie-hellman-group1-sha1
  PreferredAuthentications publickey,password
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
  PubkeyAcceptedKeyTypes +ssh-rsa
VPS: Publickey Example 
Host vps
  user wuseman
  Hostname 192.168.1.1
  IdentityFile ~/.ssh/id_ed25519-2022-04-21
  KexAlgorithms +diffie-hellman-group1-sha1
  PreferredAuthentications publickey
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
Only Password Example 
Host server
  user wuseman
  Hostname 192.168.1.1
  PreferredAuthentications publickey,password
  KexAlgorithms +diffie-hellman-group1-sha1
  PreferredAuthentications assword
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
ProxyJump: Configuration 
Host finalserver
  Hostname finalserver.com
  User wuseman
  ProxyJump middleman
  IdentityFile ~/.ssh/id_rsa
 
Host middleman
  Hostname middleman.com
  User wuseman
  IdentityFile ~/.ssh/id_rsa
Connection timeout configuration
  • This configuration will set a custom connection timeout
Host slowserver
  Hostname slowserver.com
  User wuseman
  ConnectTimeout 60
  IdentityFile ~/.ssh/id_rsa
SSH protocol Version 1 Example 
Host oldserver
  Hostname oldserver.com
  User wuseman
  Protocol 1
  IdentityFile ~/.ssh/id_rsa
SSH protocol version 2 
Host oldserver
  Hostname oldserver.com
  User wuseman
  Protocol 2
  IdentityFile ~/.ssh/id_rsa
Disabling host checking 
Host volatile
  Hostname volatile.com
  User wuseman
  CheckHostIP no
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
Server with custom SSH configuration 
Host customconfig
  User wuseman
  Hostname 192.168.1.1
  IdentityFile ~/.ssh/id_rsa
  Port 2222
  ServerAliveInterval 20
  ServerAliveCountMax 3
  Compression yes
Multiple IdentityFiles 
Host multikey
  Hostname multikey.com
  User wuseman
  IdentityFile ~/.ssh/id_rsa
  IdentityFile ~/.ssh/id_ed25519
  IdentityFile ~/.ssh/id_ecdsa
Gitea / Samsung Laptop / Server / WeeChat .... example. 
host 192.168.1.181
	user server 
	port 22
	identityfile ~/.ssh/wuseman/id_ed25519_wuseman
	hostkeyalgorithms=+ssh-dss,ssh-rsa
	pubkeyacceptedkeytypes +ssh-rsa
	kexalgorithms +diffie-hellman-group1-sha1

host server
	user server 
	Hostname server
	port 22
	identityfile ~/.ssh/wuseman/id_ed25519_wuseman
	hostkeyalgorithms=+ssh-dss,ssh-rsa
	pubkeyacceptedkeytypes +ssh-rsa
	kexalgorithms +diffie-hellman-group1-sha1
Dropbear Unlocking - Ubuntu Server 
host server
	User root
	Hostname unlock-server
	Port 2222
	IdentityFile ~/.ssh/wuseman/id_ed25519_wuseman
	HostKeyAlgorithms=+ssh-dss,ssh-rsa
	PubkeyAcceptedKeyTypes +ssh-rsa
	KexAlgorithms +diffie-hellman-group1-sha1
	RequestTTY yes
	RemoteCommand cryptroot-unlock

```