BestHub
Sign in
Operations 12 min read

Master SSH Config: 8 Powerful Tips to Simplify Remote Access

This guide explains what SSH is, how to configure the ~/.ssh/config file, and presents eight practical techniques—including managing multiple key pairs, remote file editing with Vim, port forwarding, connection sharing, keyword login, and proxying—to streamline and secure remote server operations.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Master SSH Config: 8 Powerful Tips to Simplify Remote Access

Overview

SSH (Secure Shell) is a protocol that provides encrypted remote login and other network services, protecting against eavesdropping, DNS spoofing, and IP spoofing.

Simplifying SSH commands with ~/.ssh/config

By defining host aliases, usernames, key files and other options you can replace long commands such as ssh [email protected] with a short alias:

Host example
    HostName example.com
    User root
    # IdentityFile ~/.ssh/id_ecdsa
    # Port 22

After adding the block above, ssh example logs you in, and scp a.txt example:/home/user_name copies files without typing the full address.

Configuration files

SSH reads two configuration files, the user‑specific file takes precedence over the system‑wide file:

$HOME/.ssh/config    # user‑specific
/etc/ssh/ssh_config # system‑wide

Common configuration directives

Host – pattern that matches the host name (e.g. *, *.example.com, !*.dialup.example.com,*.example.com, 192.168.0.?).

AddKeysToAgent – automatically add keys to ssh-agent (values: no, confirm, ask, yes).

AddressFamily – address family to use ( any, inet, inet6).

BindAddress – local address to bind when the machine has multiple interfaces.

ChallengeResponseAuthentication – enable challenge‑response authentication ( yes / no).

Compression / CompressionLevel – enable compression and set level (1‑9, default 6).

ConnectionAttempts – number of retries before giving up (default 1).

ConnectTimeout – timeout in seconds for establishing the connection.

ControlMaster , ControlPath , ControlPersist – enable multiplexed connections, define the socket path and its lifetime.

GatewayPorts – allow remote hosts to connect to locally forwarded ports.

HostName – real host name or IP address.

IdentitiesOnly – restrict authentication to identities listed in the config.

IdentityFile – path to a private key; supports %d, %u, %l, %h, %r substitutions.

LocalCommand – command executed locally after a successful connection (requires PermitLocalCommand).

LocalForward / RemoteForward – set up port forwarding.

LocalForward [bind_address:]port host:hostport
RemoteForward [bind_address:]port host:hostport

PasswordAuthentication – enable/disable password login.

PermitLocalCommand – allow LocalCommand ( yes / no).

Port – remote SSH port (default 22).

ProxyCommand – command used to reach the server via a proxy (e.g. nc -X connect -x proxy:8080 %h %p).

User – login username.

Tip 1 – Manage multiple key pairs

Define separate host blocks for services that use different keys, avoiding the need to specify -i each time.

Host github
    HostName %h.com
    IdentityFile ~/.ssh/id_ecdsa_github
    User git
Host coding
    HostName git.coding.net
    IdentityFile ~/.ssh/id_rsa_coding
    User git

Cloning a repository then becomes as simple as git clone coding:deepzz/test.git.

Tip 2 – Edit remote files with Vim

$ vim scp://[email protected]//home/centos/docker-compose.yml
$ vim scp://example//home/centos/docker-compose.yml

Tip 3 – Use a remote service locally (LocalForward)

Forward a remote database port to a local port.

Host db
    HostName db.example.com
    LocalForward 5433 localhost:5432

After ssh db, connect locally with psql -h localhost -p 5433 orders.

Tip 4 – Forward remote traffic to local (RemoteForward)

Expose a local development server to a remote host.

Host remote
    HostName remote.example.com
    RemoteForward 8080 localhost:3000

Tip 5 – Share multiple connections (ControlMaster)

Enable multiplexing so several shells reuse a single TCP connection.

ControlMaster auto
ControlPath /tmp/%r@%h:%p

Tip 6 – Keyword login

Create a short alias for a server.

Host deepzz
    HostName deepzz.com
    User root
    # IdentityFile ~/.ssh/id_ecdsa
    # Port 22

Now ssh deepzz logs in directly.

Tip 7 – Proxy (jump) host

Use an intermediate gateway to reach internal servers.

Host gateway
    HostName proxy.example.com
    User root
Host db
    HostName db.internal.example.com
    User root
    ProxyCommand ssh gateway netcat -q 600 %h %p

Connect with ssh db.

Tip 8 – Remote command execution

Run commands or scripts on a remote host without opening an interactive shell.

# Single command
$ ssh example "cd /; ls"

# Multi‑line command
$ ssh example "
cd /
ls
"

# Execute a local script remotely
$ echo "cd /; ls" > test.sh
$ chmod +x test.sh
$ ssh example < test.sh

# Interactive command (e.g., top)
$ ssh -t example "top"

Reference

ssh_config manual: https://www.freebsd.org/cgi/man.cgi?query=ssh_config

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

SSHssh-configssh tips
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment