SSH Config File Tips & Tricks

Many of us use ssh to connect to local and remote machines and in my other articles I have shown many nice tricks like tunneling to enhance network access. Not well known is the little tricks you can do with your ~/.ssh/config file

Below I show some tips on how to edit your ~/.ssh/config file for specific user, long host names and port configurations

Shortening A Host Name

If you have a ssh server that has a long name such as you can use your ssh config to help shorten your keystrokes a bit

Edit your ~/.ssh/config file and enter the following

Host atwork

Now any time you want to connect to just use atwork as the hostname instead

Using An Alternate Port Number

Some ISPs block port 22 and you are forced to use the server at a non standard port other than port 22. If your server is running on port 99, rather than specifying -p 99 every time you ssh you can enter the following into your ssh config file

Port 99

The next time you ssh to your session will automatically use port 99

Using An Default Username

I use my own username on my laptop, but I use my real name to ssh into my work. Instead of typing in your username every time you can set your username per host in your config file. Just enter the following into your config file and change the name from johndoe to whatever your username is.

User johndoe

The next time you ssh to your it will automatically log you in as john doe

SSH Into A Non Public System Through A Publically Accessible System

Most small companies and home system users only allow one system accessible through the firewall. However they also have other systems internally that you can ssh into. For example you have a system that is accessible only on the internal network ( but on the same network there is a system that is externally accessible (

Insert the following into your ssh config file

ProxyCommand ssh -q -W %h:%p

Now if you ssh into internal, it will automatically go through Saving you from having to ssh into then once logged in having to then again login to

Time Out / Keep Alive

Most SSH servers will kick you off after so much time. Using the following option in your config file will send a message to the SSH server every X seconds so your connection stays up.

Host internal
ServerAliveCountMax 4 #Note default is 3
ServerAliveInterval 15 #Note default is 0

ServerAliveInterval will send a keep alive message every 15 seconds, and ServerAliveCountMax Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. Combined they provide a good constant connection without getting booted off

Forwarding Many Internal Hosts

If you want access to a host(s) inside the internal protected network that is available once you ssh into then you can set up multiple forwards so that you can access those resources locally. I have on another article shown how to port forward an internal machine to a local port but then you have to remember the local port number you forwarded it to. The following will show how to use aliases and forwarding to access hosts/servers with the same names as you would as if you were at your office. The following are some examples and a little explanation below.

Host mywork
LocalForward localhost:2525
LocalForward locahost:2049
LocalForward locahost:5900
LocalForward locahost:2220

HostName localhost
Port 2525

HostName localhost
Port 2049

HostName localhost
Port 5900

HostName localhost
Port 2220

Now once you ssh into 'mywork' you can access the resources listed above with the same hostnames as you would use if you were in your office. Combine those entries with the keep alive ones above in the previous example and you have a nice make shift vpn.