5月28日 00:54
What are the common options in SSH configuration files? How to simplify connection management through configuration files?
SSH configuration files can greatly simplify connection management and improve work efficiency. SSH has two main configuration files: client configuration file and server configuration file.
Client Configuration File
Location
- Global Configuration:
/etc/ssh/ssh_config - User Configuration:
~/.ssh/config
Common Configuration Options
# ~/.ssh/config example # Basic host configuration Host server1 HostName 192.168.1.100 User admin Port 2222 IdentityFile ~/.ssh/id_ed25519 # Using alias Host production HostName prod.example.com User deploy IdentityFile ~/.ssh/prod_key # Batch configuration Host *.example.com User webadmin IdentityFile ~/.ssh/web_key # Jump host configuration Host internal-server HostName 10.0.0.50 User root ProxyJump jump.example.com # Other common options Host dev-server HostName dev.example.com User developer ServerAliveInterval 60 ServerAliveCountMax 3 Compression yes StrictHostKeyChecking no
Configuration Options Explanation
| Option | Description |
|---|---|
HostName | Actual hostname or IP address |
User | Login username |
Port | SSH port number |
IdentityFile | Private key file path |
ProxyJump | Jump host address |
ServerAliveInterval | Keep-alive heartbeat interval (seconds) |
Compression | Whether to enable compression |
StrictHostKeyChecking | Host key checking level |
Server Configuration File
Location
- Main Configuration File:
/etc/ssh/sshd_config
Common Security Configuration
# /etc/ssh/sshd_config example # Basic settings Port 22 Protocol 2 # Authentication settings PasswordAuthentication no # Disable password authentication PubkeyAuthentication yes # Enable public key authentication PermitRootLogin no # Disable root login MaxAuthTries 3 # Maximum authentication attempts # Security hardening X11Forwarding no # Disable X11 forwarding AllowTcpForwarding yes # Allow TCP forwarding GatewayPorts no # Disable gateway ports # Access control AllowUsers admin deploy # Only allow specific users DenyUsers test guest # Deny specific users AllowGroups ssh-users # Only allow specific groups # Performance optimization MaxStartups 10:30:100 # Connection rate limit LoginGraceTime 60 # Login timeout # Logging LogLevel INFO # Log level SyslogFacility AUTHPRIV # Log facility
Usage Tips
1. Quick Connection
After configuration, you can connect directly using aliases:
ssh server1 # Equivalent to ssh -p 2222 admin@192.168.1.100
2. Batch Operations
# Execute the same command on multiple hosts for host in server1 server2 server3; do ssh $host "uptime" done
3. Configuration File Priority
- Command line arguments > User configuration file > Global configuration file
- Later configurations override earlier ones
4. Configuration File Syntax
- Use
Hostpattern to match hosts - Use spaces for indentation
- Support wildcards
*and? - Use
#for comments
Best Practices
- Use user configuration file to manage personal connections
- Create different configurations for different environments (dev, test, prod)
- Regularly review and clean up unused configurations
- Use meaningful aliases for better readability
- Disable insecure features on the server side
- Limit authentication attempts to prevent brute force attacks