How do I create an SSH config file?

Create the file at ~/.ssh/config using a text editor. First ensure the .ssh directory exists with 'mkdir -p ~/.ssh && chmod 700 ~/.ssh', then create the config file with 'touch ~/.ssh/config && chmod 600 ~/.ssh/config'. Add Host blocks with your connection details, or use our interactive generator to build the config visually.

Where is the SSH config file located?

The user-level SSH config file is located at ~/.ssh/config on Linux and macOS. On Windows with OpenSSH, it is at C:\Users\YourName\.ssh\config. The system-wide SSH config is at /etc/ssh/ssh_config. User settings override system settings. The file must have 600 permissions (read/write for owner only).

How do I use SSH config for multiple servers?

Add a separate Host block for each server in your ~/.ssh/config file. Each block specifies a short alias, the hostname or IP, username, port, and identity file. You can then connect with just 'ssh alias' instead of typing the full command. Use a 'Host *' block at the end to set defaults like ServerAliveInterval for all connections.

SSH Config Generator - Build ~/.ssh/config Files Easily

Understanding SSH Config Files

The SSH config file (~/.ssh/config) lets you define shortcuts and default settings for SSH connections. Instead of typing long commands like ssh -i ~/.ssh/mykey -p 2222 user@192.168.1.100, you can define a host block and simply type ssh myserver.

SSH Config File Location

The user-level SSH config file lives at ~/.ssh/config. The system-wide config is at /etc/ssh/ssh_config. User settings override system settings. If the file does not exist, create it:

mkdir -p ~/.ssh && chmod 700 ~/.ssh
touch ~/.ssh/config && chmod 600 ~/.ssh/config

Basic SSH Config Syntax

Each host block starts with Host followed by an alias. Indented lines below it set options for that host. You can use wildcards (*) to set defaults for all hosts.

Host myserver
    HostName 192.168.1.100
    User deploy
    Port 22
    IdentityFile ~/.ssh/id_ed25519

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3

SSH Config File Example: Jump Host (ProxyJump)

A jump host (or bastion host) is an intermediary server you connect through to reach a private server. This is common in cloud environments where internal servers are not directly accessible from the internet.

Host bastion
    HostName bastion.example.com
    User admin
    IdentityFile ~/.ssh/bastion_key

Host internal-server
    HostName 10.0.1.50
    User deploy
    ProxyJump bastion
    IdentityFile ~/.ssh/internal_key

Now ssh internal-server automatically routes through the bastion host.

SSH Tunnel Command via Config

SSH tunnels forward ports between your local machine and a remote server. Use LocalForward to access a remote service locally, or RemoteForward to expose a local service remotely.

Host db-tunnel
    HostName db-server.example.com
    User admin
    LocalForward 5432 localhost:5432
    IdentityFile ~/.ssh/db_key

After running ssh db-tunnel, connect to localhost:5432 to reach the remote database.

SSH Proxy Jump Config for AWS

AWS environments often use a bastion host in a public subnet to reach EC2 instances in private subnets. Configure ProxyJump to automate this:

Host aws-bastion
    HostName 54.x.x.x
    User ec2-user
    IdentityFile ~/.ssh/aws-bastion.pem

Host aws-private
    HostName 10.0.2.15
    User ec2-user
    ProxyJump aws-bastion
    IdentityFile ~/.ssh/aws-private.pem

GitHub Deploy Key Setup

When you have multiple GitHub accounts or deploy keys, use SSH config to specify which key to use for each:

Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_personal
    IdentitiesOnly yes

Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_work
    IdentitiesOnly yes

Clone with: git clone git@github-personal:user/repo.git

Common SSH Permission Denied Fix

The "Permission denied (publickey)" error is the most common SSH issue. Typical causes:

Wrong key file -- ensure IdentityFile points to the correct private key
Key not added to remote ~/.ssh/authorized_keys
Wrong file permissions -- private key must be 600, .ssh directory must be 700
Wrong user -- verify the User field matches the remote account
SSH agent not running or key not loaded -- run ssh-add ~/.ssh/your_key

Key SSH Config Directives Reference

Directive	Description	Example
`Host`	Alias for the connection	`Host myserver`
`HostName`	IP or domain of the server	`HostName 10.0.1.5`
`User`	Username for the connection	`User deploy`
`Port`	SSH port (default 22)	`Port 2222`
`IdentityFile`	Path to private key	`IdentityFile ~/.ssh/id_ed25519`
`ProxyJump`	Jump through another host	`ProxyJump bastion`
`ForwardAgent`	Forward SSH agent to remote	`ForwardAgent yes`
`LocalForward`	Forward local port to remote	`LocalForward 8080 localhost:80`
`RemoteForward`	Forward remote port to local	`RemoteForward 9090 localhost:3000`
`ServerAliveInterval`	Keepalive interval in seconds	`ServerAliveInterval 60`
`IdentitiesOnly`	Only use specified keys	`IdentitiesOnly yes`
`StrictHostKeyChecking`	Host key verification policy	`StrictHostKeyChecking accept-new`
`Compression`	Enable compression	`Compression yes`

Recommended VPS Providers for SSH Practice

If you need a remote server to practice SSH configuration, these providers offer affordable options:

DigitalOcean -- Droplets starting at $4/month. Simple UI, great docs, and fast SSD servers.
Linode (Akamai) -- Shared plans from $5/month. Reliable performance and global data centers.
Vultr -- Cloud compute from $2.50/month. Wide range of locations and OS options.

SSH Config Generator

Host Configuration

Live Preview

SSH Troubleshooter