Customized SSH under Linux to simplify remote access


SSH uses system global and user-specified (user-defined) configuration files. In this article, we will show you how to create a custom SSH configuration file and connect to a remote host through specific options.

SSH (SSH client) is a program for accessing remote hosts, which enables users to execute commands on remote hosts. This is one of the most popular ways to log on to remote hosts, because it is designed to provide secure encryption for communication between two untrusted hosts in a non-secure network environment.

SSH uses system global and user-specified (user-defined) configuration files. In this article, we will show you how to create a custom SSH configuration file and connect to a remote host through specific options.


1. You must install OpenSSH client on your desktop Linux.

2. Understand the common options for remote connections via ssh.

SSH Client Configuration File

The following is the SSH client configuration file:

1. / etc / SSH / ssh_config is the default configuration file, which belongs to the global configuration file of the system and contains the settings applied to all users’SSH clients.

2. ~/.ssh/config or $HOME/.ssh/config specifies/customizes the configuration file for the user. The configuration in this file is only valid for the specified user, so it overrides the settings in the default system global configuration file. This is also the file we want to create and use.

By default, the user gets authentication by entering a password in ssh. You can use Keygen to set up SSH passwordless login in a simple step.

Note: If you do not have a ~/.ssh directory on your system, create it manually and set the following permissions:

$ mkdir -p ~/.ssh 
$ chmod 0700 ~/.ssh  

The above Chmod command indicates that only the directory owner has read, write and execute permissions on the directory, which is also the setting required by ssh.

How to create user-specified SSH profile

This file will not be created by default, so you need to create it using users with read/write permissions.

$ touch ~/.ssh/config 
$ chmod 0700 ~/.ssh/config 

The above file contains parts defined by a particular host, and each part applies only to matching parts of the host definition.

~/ The common formats of.Ssh/config files are as follows, with all empty lines and behavioral annotations starting with #:

Host  host1 
ssh_option2=value1 value2 
Host  host2 
ssh_option2=value1 value2 
Host  * 
ssh_option2=value1 value2 

As detailed in the above format:

1. Host host1 is a header definition for host1. The host-related settings begin here until the next header definition, Host host2, appears, thus forming a complete definition.

2.host1 and host2 are host aliases used on the command line, not actual remote hostnames.

3. Among them, configuration options such as sshoption1 = value1, sshoption2 = value1 Value2 will be applied to matching hosts and can be indented to look neater.

4. For options such as ssh_option 2 = value1 value2, the value of value1 will be preferred when SSH is executed in sequence.

5. Header definition Host * (where * is a matching pattern/wildcard, matching zero or more characters) matches zero or more hosts.

Still taking the above format as an example, SSH reads configuration files in the same form class. If you execute the SSH command to access the remote host host1, as follows:

$ ssh host1 

The SSH command above performs one action:

1. Match the host alias host1 in the configuration file and use the settings in the header definition.

2. Continue to match the next host definition, and then find that the host name provided on the command line does not match, so the next settings will be skipped.

3. Final execution to the last host defines Host*, which matches all hosts. Here, all subsequent settings are applied to all host connections. But it does not override those options that were previously defined by the host.

4. SSH host2 is similar.

How to use user-specified Shh configuration files

After you understand how SSH client profile works, you can create it in the following way. Remember to use the corresponding options and values (host alias, port number, user name, etc.) in your server environment.

Open the configuration file through your favorite editor:

$ vi ~/.ssh/config 

And define the necessary parts:

Host fedora25 
Port 22 
ForwardX11 no 
Host centos7 
Port 22 
ForwardX11 no 
Host ubuntu 
Port 2222 
ForwardX11 yes 
Host * 
User tecmint 
IdentityFile ~/.ssh/id_rsa 
Protocol 2 
Compression yes 
ServerAliveInterval 60 
ServerAliveCountMax 20 
LogLevel INFO 

Detailed explanation of the above SSH configuration file:

1. HostName – Defines the host name to be logged in, and you can also use a digital IP address, either on the command line or in the HostName definition.

2. User – Specifies which user to log in to.

3. Port — Sets the port to connect to the remote host, defaulting to port 22. But it must be the port number defined in the sshd configuration file of the remote host.

4. Protocol – This option defines the version of the protocol that is supported by SSH first. Common values are `1’and `2′, and English commas must be used to separate the two protocol versions at the same time.

5. Identity File – Specifies a file for reading authorization authentication information such as user DSA, Ed25519, ECDSA, etc.

6. Forward X11 – Defines whether X11 connections are automatically redirected to secure channels and DISPLAY settings. There are two values that can be set, yes or no.

7. Compression – The default value is no, and if set to yes, compression is used for transmission during connection to the remote host.

8. Server Alive Interval – Sets the timeout time when no server response (or data) is received, in seconds, and SSH sends information over an encrypted channel to request a server response. The default value is 0, which means SSH does not send a response request to the server; if the BatchMode option is defined, the default is 300 seconds.

9. Server AliveCountMax – Sets the number of active messages sent by the server when the server does not receive any response from the server.

LogLevel – Defines the level of log redundancy for SSH login information. Permissible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3, default to INFO.

The standard way to connect to any remote host is to define the second part in the above two files (I’m connected to CentOS 7). Normally, we enter commands like this:

$ ssh -i ~/.ssh/id_rsa -p 22 [email protected] 

However, after using the SSH client configuration file, we can do the following:

$ ssh centos7 

You can also find more settings and use examples on the man help page:

$man ssh_config 

So far, this is the end of the article. In this article, we show you how to use user-specified (custom) SSH client configuration files in Linux.