# Some useful ssh config option

Link: [https://taozhi.medium.com/some-useful-ssh-config-option-7858a58c5e7b](https://taozhi.medium.com/some-useful-ssh-config-option-7858a58c5e7b)

When managing multiple Linux servers, we use SSH for logging in and performing tasks. Understanding how to configure SSH properly is essential for efficient server management.

# Basic Config

```
Host my_jump<br></br>    identityfile "~/.ssh/my_jump"<br></br>    hostname 47.254.197.212<br></br>    hostkeyalias my_jump<br></br>    user root<br></br>    port 22
```

In the above config, “my\_jump” is the hostname supporting wildcards to match multiple servers simultaneously.

The identityfile specifies the authorized private keys, hostname is the server’s IP address, and hostkeyalias is useful for connecting to the server when its IP address changes without needing to update known\_hosts. The user and port specify the SSH login credentials.

# Reuse the sock

Upon relogging into the server, how can we bypass entering the password and reuse the previous session to quickly reconnect? We should the control setting in ssh config.

```
Host *<br></br>    serveraliveinterval 60<br></br>    keepalive yes<br></br>    controlmaster auto<br></br>    controlpath ~/.ssh/socks/%h-%k-%p-%r<br></br>    controlpersist yes
```

By using the above configuration, we set the controlpath for all servers using the ‘\*’ symbol in the Host field. The controlpath specifies the socket path.

%h represents the host IP.

%k represents the hostname.

%p represents the port.

%r represents the username.

When you connect to a server using ssh, you should see a socket file present. `~/.ssh/socks`.

<div class="fj fk fl fm fn" id="bkmrk-" style="text-align: justify;"><div class="ab cb"><div class="ci bh ev ew ex ey"><figure class="nc nd ne nf ng ob ny nz paragraph-image"><div class="oc od ed oe bh of" role="button" tabindex="0"><div class="ny nz oa"><picture><source sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px" srcset="https://miro.medium.com/v2/resize:fit:640/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 640w, https://miro.medium.com/v2/resize:fit:720/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 720w, https://miro.medium.com/v2/resize:fit:750/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 750w, https://miro.medium.com/v2/resize:fit:786/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 786w, https://miro.medium.com/v2/resize:fit:828/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 828w, https://miro.medium.com/v2/resize:fit:1100/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/format:webp/1*EFp-htHJ0ldUFPSLuPU1YA.png 1400w" type="image/webp"><source data-testid="og" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px" srcset="https://miro.medium.com/v2/resize:fit:640/1*EFp-htHJ0ldUFPSLuPU1YA.png 640w, https://miro.medium.com/v2/resize:fit:720/1*EFp-htHJ0ldUFPSLuPU1YA.png 720w, https://miro.medium.com/v2/resize:fit:750/1*EFp-htHJ0ldUFPSLuPU1YA.png 750w, https://miro.medium.com/v2/resize:fit:786/1*EFp-htHJ0ldUFPSLuPU1YA.png 786w, https://miro.medium.com/v2/resize:fit:828/1*EFp-htHJ0ldUFPSLuPU1YA.png 828w, https://miro.medium.com/v2/resize:fit:1100/1*EFp-htHJ0ldUFPSLuPU1YA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/1*EFp-htHJ0ldUFPSLuPU1YA.png 1400w">![](https://miro.medium.com/v2/resize:fit:945/1*EFp-htHJ0ldUFPSLuPU1YA.png)</source></source></picture></div></div></figure></div></div></div># Set Jump Server

To secure production servers inaccessible for direct login, we can first connect to a jump server, then use SSH through the jump server to access the production server. Automating this process is possible by configuring ProxyCommand or ProxyJump in the SSH settings.

Config the jump server a and b first.

```
Host jump-server-a<br></br> HostKeyAlias jump-server-a<br></br> Hostname 100.97.200.66<br></br><br></br>Host jump-server-b<br></br> HostKeyAlias jump-server-b<br></br> Hostname 100.97.200.67<br></br><br></br>Host jump-server-*<br></br> HashKnownHosts no<br></br> ServerAliveInterval 60<br></br> Port 22<br></br> User root<br></br> PreferredAuthentications publickey<br></br> IdentityFile ~/.ssh/id_taozhi<br></br> Controlpath ~/.ssh/socks/%h-%k-%p-%r<br></br> ControlMaster auto<br></br> ControlPersist 5m<br></br> setenv LC_ALL=C.UTF-8
```

Config the production servers

```
Host production-server-a<br></br> ProxyJump jump-server-a<br></br><br></br>Host production-server-b<br></br> ProxyJump jump-server-b<br></br><br></br>Host production-server-c<br></br> ProxyCommand ssh -W %h:%p jump-server-b<br></br><br></br>Host production-server-*<br></br> LogLevel ERROR<br></br> UserKnownHostsFile /dev/null<br></br> StrictHostKeyChecking no<br></br> Port 22<br></br> User root<br></br> IdentityFile ~/.ssh/id_taozhi<br></br> controlmaster no<br></br> setenv LC_ALL=C.UTF-8
```

Following configuration, we can login to the production server locally.

```
ssh -o Hostname=172.16.28.19 production-server-a
```

You can log in to the production server with one command now.

<div class="ab cb oh oi oj ok" id="bkmrk--1" role="separator" style="text-align: justify;">  
</div># Conclusions

SSH is a versatile command with numerous configuration options. More options can be found for reading [here](https://linux.die.net/man/5/ssh_config). If you have any useful ssh config you are using, please comment it, let using it together.