What are the common options in SSH configuration files? How to simplify connection management through configuration files?

SSH configuration files can greatly simplify connection management and improve work efficiency. SSH has two main configuration files: client configuration file and server configuration file.

Client Configuration File

Location

• Global Configuration: /etc/ssh/ssh_config
• User Configuration: ~/.ssh/config

Common Configuration Options

bash
# ~/.ssh/config example

# Basic host configuration
Host server1
    HostName 192.168.1.100
    User admin
    Port 2222
    IdentityFile ~/.ssh/id_ed25519

# Using alias
Host production
    HostName prod.example.com
    User deploy
    IdentityFile ~/.ssh/prod_key

# Batch configuration
Host *.example.com
    User webadmin
    IdentityFile ~/.ssh/web_key

# Jump host configuration
Host internal-server
    HostName 10.0.0.50
    User root
    ProxyJump jump.example.com

# Other common options
Host dev-server
    HostName dev.example.com
    User developer
    ServerAliveInterval 60
    ServerAliveCountMax 3
    Compression yes
    StrictHostKeyChecking no

Configuration Options Explanation

Option	Description
HostName	Actual hostname or IP address
User	Login username
Port	SSH port number
IdentityFile	Private key file path
ProxyJump	Jump host address
ServerAliveInterval	Keep-alive heartbeat interval (seconds)
Compression	Whether to enable compression
StrictHostKeyChecking	Host key checking level

Server Configuration File

Location

• Main Configuration File: /etc/ssh/sshd_config

Common Security Configuration

bash
# /etc/ssh/sshd_config example

# Basic settings
Port 22
Protocol 2

# Authentication settings
PasswordAuthentication no          # Disable password authentication
PubkeyAuthentication yes           # Enable public key authentication
PermitRootLogin no                 # Disable root login
MaxAuthTries 3                     # Maximum authentication attempts

# Security hardening
X11Forwarding no                   # Disable X11 forwarding
AllowTcpForwarding yes             # Allow TCP forwarding
GatewayPorts no                    # Disable gateway ports

# Access control
AllowUsers admin deploy            # Only allow specific users
DenyUsers test guest              # Deny specific users
AllowGroups ssh-users              # Only allow specific groups

# Performance optimization
MaxStartups 10:30:100              # Connection rate limit
LoginGraceTime 60                  # Login timeout

# Logging
LogLevel INFO                      # Log level
SyslogFacility AUTHPRIV            # Log facility

Usage Tips

1. Quick Connection

After configuration, you can connect directly using aliases:

bash
ssh server1  # Equivalent to ssh -p 2222 admin@192.168.1.100

2. Batch Operations

bash
# Execute the same command on multiple hosts
for host in server1 server2 server3; do
    ssh $host "uptime"
done

3. Configuration File Priority

• Command line arguments > User configuration file > Global configuration file
• Later configurations override earlier ones

4. Configuration File Syntax

• Use Host pattern to match hosts
• Use spaces for indentation
• Support wildcards * and ?
• Use # for comments

Best Practices

1. Use user configuration file to manage personal connections
2. Create different configurations for different environments (dev, test, prod)
3. Regularly review and clean up unused configurations
4. Use meaningful aliases for better readability
5. Disable insecure features on the server side
6. Limit authentication attempts to prevent brute force attacks