How to use per-host SSH configuration

Learn how to make your SSH use more efficient and convenient with per-host configurations.

How to use per-host SSH configuration

Secure Shell (SSH) has a lot of tricks up its sleeve. With plenty of configuration options, you can make both the SSH daemon and client do just about anything you need. Most users end their configuration of SSH with the sshd_config and ssh_config files. However, there is another configuration file that gives the tool much more flexibility.

That configuration file is ~/.ssh/config. In that file, you can configure SSH on a per-host basis. This means you can configure different hosts to behave differently.

For example, if you want to setup one particular host with a username, SSH key, batch mode enabled (which tells SSH to never ask for a passphrase or password), and the escape sequence disabled (which avoids issues when transferring arbitrary data). Say another configuration would use a specific user for any host on a specific domain or IP address scheme. With the SSH config file this and more can be done.

SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)

What you'll need

The only things you'll need to make this work are:

  • A Linux machine with SSH installed

  • Any number of remote machines that allow SSH connections

How to configure hosts

We'll stick with the examples I suggested earlier. So our first host will:

  • Set a username

  • Specify an SSH key

  • Enable batch mode

  • Disable the escape sequence

The second host will:

  • Set a username

  • Enable the username for all hosts on a specific network

To edit the necessary configuration file, issue the command:

nano ~/.ssh/config

If this is your first time configuring SSH hosts, this file will be empty. Our first entry will look like this:

Host Debian
    User jack
    IdentityFile ~/.ssh/
    BatchMode yes
    EscapeChar none

You can name the host anything you like. In my case, this is a Debian server, so the name Debian was apropos. Make sure you set the HostName as the IP address or domain of the remote server and the User to the remote username you want to use.

Save and close the file. 

Because we've set this to not ask for a password or passphrase, SSH key authentication will need to be setup. To copy your SSH key to the remote server, issue the command:


Where USERNAME is the remote user and SERVER_IP is the IP address of the remote server.

Once you have SSH key authentication taken care of, you can then SSH into the Debian host with the command:

ssh Debian

You won't be asked for an address or a password. The connection is almost instantaneous.

Next, let's configure a username to be used on any machine on a given network. Say the username is jack and the network address scheme is This configuration (again, in the .ssh/config file) would be:

Host  192.168.1.*
    User jack

Save and close the file. 

When you want to SSH to any machine on that network (with the default username jack), you could simply issue the command:


Where SERVER_IP is the IP address of the remote server. As long as that server is on the 192.168.1.x address scheme, it won't ask for a username. 

And that's the basics of setting up per-host SSH configurations. You can learn more about this type of setup by issuing the command:

man ssh_config

By employing this setup, your usage of SSH will not only be simplified, it'll be more efficient. 

Also see


Image: Jack Wallen