SSH Config File Tips & Tricks

Many of us use ssh to connect to local and remote machines and in my other articles I have shown many nice tricks like tunneling to enhance network access. Not well known is the little tricks you can do with your ~/.ssh/config file

Below I show some tips on how to edit your ~/.ssh/config file for specific user, long host names and port configurations


Shortening A Host Name

If you have a ssh server that has a long name such as my.machine.my.company.com you can use your ssh config to help shorten your keystrokes a bit

Edit your ~/.ssh/config file and enter the following


Host atwork
HostName my.machine.my.company.com


Now any time you want to connect to my.machine.my.company.com just use atwork as the hostname instead



Using An Alternate Port Number

Some ISPs block port 22 and you are forced to use the server at a non standard port other than port 22. If your server is running on port 99, rather than specifying -p 99 every time you ssh you can enter the following into your ssh config file


Host example.company.com
Port 99


The next time you ssh to example.company.com your session will automatically use port 99



Using An Default Username

I use my own username on my laptop, but I use my real name to ssh into my work. Instead of typing in your username every time you can set your username per host in your config file. Just enter the following into your config file and change the name from johndoe to whatever your username is.


Host example.company.com
User johndoe


The next time you ssh to example.company.com your it will automatically log you in as john doe



SSH Into A Non Public System Through A Publically Accessible System

Most small companies and home system users only allow one system accessible through the firewall. However they also have other systems internally that you can ssh into. For example you have a system that is accessible only on the internal network (internal.company.com) but on the same network there is a system that is externally accessible (ssh.company.com).

Insert the following into your ssh config file


Host internal.company.com
ProxyCommand ssh -q -W %h:%p ssh.company.com


Now if you ssh into internal, it will automatically go through ssh.company.com. Saving you from having to ssh into ssh.company.com then once logged in having to then again login to internal.company.com



Time Out / Keep Alive

Most SSH servers will kick you off after so much time. Using the following option in your config file will send a message to the SSH server every X seconds so your connection stays up.


Host internal
ServerAliveCountMax 4 #Note default is 3
ServerAliveInterval 15 #Note default is 0


ServerAliveInterval will send a keep alive message every 15 seconds, and ServerAliveCountMax Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. Combined they provide a good constant connection without getting booted off



Forwarding Many Internal Hosts

If you want access to a host(s) inside the internal protected network that is available once you ssh into ssh.company.com then you can set up multiple forwards so that you can access those resources locally. I have on another article shown how to port forward an internal machine to a local port but then you have to remember the local port number you forwarded it to. The following will show how to use aliases and forwarding to access hosts/servers with the same names as you would as if you were at your office. The following are some examples and a little explanation below.


Host mywork
HostName ssh.company.com
LocalForward localhost:2525 mail.company.com:25
LocalForward locahost:2049 nfs.company.com:2049
LocalForward locahost:5900 vncserver.company.com:5900
LocalForward locahost:2220 workstationssh.company.com:22


Host mail.company.com
HostName localhost
Port 2525


Host nfs.company.com
HostName localhost
Port 2049


Host vncserver.company.com
HostName localhost
Port 5900


Host workstationssh.company.com
HostName localhost
Port 2220


Now once you ssh into 'mywork' you can access the resources listed above with the same hostnames as you would use if you were in your office. Combine those entries with the keep alive ones above in the previous example and you have a nice make shift vpn.