Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at

hpr1856 :: ssh config

Klaatu talks about ssh config.

<< First, < Previous, , Latest >>

Hosted by Klaatu on 2015-09-14 is flagged as Clean and is released under a CC-BY-SA license.
ssh, configuration, tutorial, hints and tips. 3.
The show is available on the Internet Archive at:

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:12:27


Put a file called 'config' into ~/.ssh and you can define any option you would normally provide as part of the command as an automatically-detected configuration.

For example:

host foo
    identityfile /home/klaatu/.ssh/foo_rsa
    port 2740
    protocol 2

Makes the command 'ssh klaatu@foo' look like this to SSH:

ssh -p2740 -i ~/.ssh/foo_rsa


Subscribe to the comments RSS feed.

Comment #1 posted on 2015-09-14 07:14:15 by 0xf10e

Nice intro to `~/.ssh/config`, klaatu.

The "protocol 2" option is the default for quite some time - as in "more than 10 yrs". I think the latest version of OpenSSH doesn't even compile with support for version 1 by default. At least the sshd.

Shortening hostnames comes really handy in cases like "". And there's also patterns matching like

Host * * Username joe-the-admin identityfile ~/.ssh/work_rsa

Host Port 56278 Host Port 57427 This way you can group hosts with common options easily.

Comment #2 posted on 2015-09-15 15:07:16 by b-yeezi


Thanks for this show. I immediately added a config file for the couple of accounts that I commonly use. The only that I added for security is to change the permissions of the file to 600 or 644. Keep up the great shows!

Comment #3 posted on 2015-09-17 12:31:38 by Gabriel Evenfire

Identity file

I'm curious if, from your example, you are creating separate identity files for each host. I imagine not, but it's a possibility I'd never considered before. I suppose it doesn't provide that much more security insofar as if someone can read one of your private keys from .ssh/ they can read all of them. But it does make me think.

For my part I have this ruby script to run ssh w/ shorthands to the different identities and accounts in our internal machines. This show is prompting me to do it the right way. (especially insofar as it will work with scp, sftp, and scripts that use them)

Thanks for the show. I'm enjoying that people are starting break open the tools other than the "blade" in this ssh swiss army knife.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?