Mastering Your SSH Config
Wait... SSH has a config?
Yep, it sure does!
Ok you might have already known that, maybe that's why you're here, but it took me a while to realise I could customise my SSH experience. And it turns out to be ridiculously easy!
So why Bother?
Using SSH is easy, right? Just type:
ssh user@ip
…and you're in. Done.
But who can remember all those IP addresses? We have phone books for phone numbers, why not IP books?
You could absolutely use shell aliases to remember all the IP addresses you need to connect to, but I want to show you why using the SSH config can give you so much more control!
Aliases: A Better Alternative
Let's start simple: replacing those clunky aliases with something cleaner.
If you're anything like I was, you probably have a bunch of SSH aliases like this:
alias ssh-ent=ssh [email protected]
Instead, you can add this to your SSH config file (~/.ssh/config):
Host ent
Hostname enterprise.uss
User spock
Now, connecting is as simple as:
ssh ent
Same convenience, less clutter. And it gets better.
Shared Configuration
One of the biggest perks of SSH config is reusable settings.
For example, if you use the same username across multiple servers, you don't have to repeat yourself:
Host ent voy ds9
User spock
Now, ssh ent, ssh voy, and ssh ds9 all default to the same username.
Less typing, more efficiency.
Navigating to a Specific Directory
Ever connect to a server only to immediately cd somewhere else? Maybe to your project's root folder or a logs directory?
You can automate that with the RemoteCommand option:
Host ent
Hostname enterprise.uss
User spock
RequestTTY yes
RemoteCommand cd /home/spock/bridge && /bin/bash --login
Now, every time you ssh ent, you'll land exactly where you need to be.
⚠ Important: You must include
RequestTTY yes, or SSH will close immediately after running the command.
Running Commands on a Remote Server
Sometimes, you just need to run a quick command without opening a full session.
Instead of typing this every time:
ssh [email protected] /usr/bin/engage
You can define it in your SSH config:
Host engage
Hostname enterprise.uss
User picard
RemoteCommand /usr/bin/engage
Now, running the command is as simple as:
ssh engage
Effortless.
Tips & Tricks
Obfuscating SSH Ports
By default, SSH runs on port 22, making it that port a common target for bots and brute-force attacks.
A simple way to make your server less visible (but not necessarily more secure) is to change the SSH port:
Host ent
Hostname enterprise.uss
User spock
Port 493
Now, you don't have to remember the port when connecting—SSH does it for you.
🔒 Note: Changing the port is just obfuscation, not security. Always use firewalls, fail2ban, and proper SSH keys for real protection.
Managing Different Security Levels
Not all SSH keys are created equal.
For example:
- Your GitHub key might be passwordless for convenience.
- Your production server key might be password-protected for extra security.
Instead of manually specifying keys each time, let SSH config handle it:
Host ent
Hostname enterprise.uss
User spock
IdentityFile ~/.ssh/secure_ed25519
Now, ssh ent will automatically use the correct key.
Simplifying GitHub Cloning
SSH config isn't just for logging into servers—it can also make Git operations smoother.
Instead of typing:
git clone [email protected]:username/repo
You can define a GitHub shortcut:
Host github.com
IdentityFile ~/.ssh/git_ed25519 # If you use a specific SSH key for GitHub
Host gh
Hostname github.com
User git
Now cloning is as easy as:
git clone gh:username/repo
Shorter, cleaner, faster.
Boosting Performance with Compression
If you're on a slow connection, enabling SSH compression can speed things up:
Host *
Compression yes
This is especially useful for low-bandwidth networks (e.g., mobile data, satellite internet).
⚠ However: Avoid using compression when transferring large compressed files (like
.zipor.tar.gz), as it won't help and may even slow things down.
Advanced Tips
Now that we've covered the basics let's take a look at a few useful settings that you might not have known SSH could do.
Keeping the Connection Alive
Some firewalls kick connections that have been idle for a period of time. If you find you've been kicked out of a server after just a few minutes then this setting is for you.
Host *
ServerAliveInterval 60
This option will tell SSH to ping the server every 60 seconds just to let it know you're still active.
Forwarding Identity Keys
If you ever find yourself needing to SSH into multiple servers one after the other, it can be frustrating to have to exit out just to SSH somewhere else. However there is a setting that allows you to tell SSH to keep using your SSH key even within an SSH session.
Host *
ForwardAgent yes
Sadly this does not also forward your new awesome config, so you may want to exit out anyway so you can use your shortcuts.
Example Config
Let's put it all together and see what a wicked SSH config might look like.
# ==============================
# Spock's Starfleet SSH Config
# ==============================
# General settings for all hosts
Host *
User spock # Most servers use this name, and it can be overridden if needed
Compression yes # Enable compression for text-heavy SSH sessions
ServerAliveInterval 60 # Keep connections alive
ForwardAgent yes # Enable SSH agent forwarding
# -----------------------------------
# USS Enterprise - Science Operations
# -----------------------------------
Host ent
Hostname enterprise.uss
Port 1701 # Custom port for security through obscurity
IdentityFile ~/.ssh/starfleet_ed25519
RequestTTY yes
RemoteCommand cd /home/spock/science_lab && /bin/bash --login
# -----------------------------------
# Deep Space Nine - Science Division
# -----------------------------------
Host ds9
Hostname deepspace9.uss
Port 499
IdentityFile ~/.ssh/starfleet_ed25519
RemoteCommand cd /home/spock/ds9_science && /bin/bash --login
# -----------------------------------
# Vulcan Science Academy - Remote Access
# -----------------------------------
Host vulcan
Hostname science.vulcan
Port 2001
IdentityFile ~/.ssh/vulcan_ed25519
RemoteCommand cd /home/spock/logic_laboratory && /bin/bash --login
# -----------------------------------
# GitHub (Starfleet Open Source Contributions)
# -----------------------------------
Host github.com
IdentityFile ~/.ssh/starfleet_git_key
Host gh
Hostname github.com
User git
Final Thoughts
SSH config is one of the most underrated productivity boosts for developers and sysadmins.
With just a little tweaking, you can:
- Simplify server access (no more IP addresses!)
- Automate repetitive tasks (like
cdafter login) - Enhance security & performance
So, what's stopping you? Open up ~/.ssh/config and start making SSH work for you.