ZeroData Tools
Tools
JSON Formatter Format and validate JSON instantly with no uploads, no server calls, and no stored data. JSON Validator Validate JSON instantly before deploys with local processing and zero server calls. YAML Validator Validate YAML files and catch indentation errors instantly with no uploads or backend processing. Base64 Encoder Encode or decode Base64 strings instantly with zero uploads. URL Encoder Encode and decode query parameters locally for APIs, redirects, and forms. HTML Formatter Pretty-print messy markup and inspect structure without exposing page code. CSS Minifier Shrink stylesheets for production with browser-only processing and instant output. JavaScript Beautifier Reformat dense JavaScript into readable code locally for debugging.
← Back to Blog DevOps

SSH Config File Examples: How to Manage Multi-Host Connections

· 6 min read
Need a quick solution?

Build secure SSH configs or Ansible inventory lists 100% locally in your browser:

If you manage multiple remote servers, you know how frustrating it is to type long SSH strings like ssh [email protected] -p 2222 -i ~/.ssh/prod_rsa. Remembering custom ports, specific key combinations, and IP addresses for staging, production, and backup instances slows down your DevOps workflow.

Instead of memorizing long commands, you can configure standard connection profiles in your local SSH config file. This lets you connect instantly by typing a simple alias: ssh production-web.

1. Where is the SSH Config File?

The SSH client configuration is a plain-text file located in your user's home directory. If it doesn't already exist, create it:

  • macOS & Linux: ~/.ssh/config
  • Windows (PowerShell): $HOME\.ssh\config

Crucial Security Step: The SSH client will refuse to parse your configuration if the file has insecure permissions. In your terminal, restrict file access so only your user can read and edit it: 

chmod 600 ~/.ssh/config

2. Core Configuration Parameters

SSH files use a simple layout consisting of one or more Host blocks. Within each block, you configure options:

  • Host: The shorthand alias you will type in your shell (e.g., ssh staging).
  • HostName: The physical domain name or IP address of the target server.
  • User: The Linux username to execute the session under (like deploy, ubuntu, or admin).
  • Port: The target port (defaults to 22 if not specified).
  • IdentityFile: The absolute path to the local SSH private key matching your user.
  • ProxyJump: The alias of an intermediate bastion or jump server to tunnel the session through.

3. Battle-Tested SSH Config Template

Here is a comprehensive local SSH config template handling standard servers, custom ports, keeping connections alive, and secure bastion hops: 

# 1. Global Defaults for all Hosts
Host *
  AddKeysToAgent yes
  UseKeychain yes
  ServerAliveInterval 60
  ServerAliveCountMax 3

# 2. Production Web Server (Standard Custom Port + Private Key)
Host production-web
  HostName 198.51.100.24
  User deploy-user
  Port 2222
  IdentityFile ~/.ssh/prod_rsa

# 3. Secure Bastion / Jump Server Setup
Host bastion
  HostName 203.0.113.10
  User admin-user
  IdentityFile ~/.ssh/bastion_key

# 4. Internal Database Server (Accessed through the Bastion Host)
Host internal-db
  HostName 10.0.1.50
  User db-admin
  IdentityFile ~/.ssh/db_key
  ProxyJump bastion

4. Integrating with Ansible

Once your local SSH config is in place, other automation scripts benefit immediately. Your terminal client and deployment tools will resolve connection strings automatically.

When building out orchestration scripts, you can match these host aliases inside our browser-only Ansible Inventory Generator to generate clean INI or YAML inventories that require zero manual host or SSH key definitions.

Frequently Asked Questions

Where is the local SSH config file located?
In Linux and macOS, the SSH config file is located at ~/.ssh/config. In Windows, it resides in C:\Users\YourUsername\.ssh\config.
What permissions should my SSH config file have?
Your SSH configuration file must have restricted permissions to prevent system security errors. Set it to read/write only for the owner (chmod 600 or chmod 400).
How do I connect to a server through a Bastion Host using SSH config?
Use the ProxyJump parameter. For example, configure 'ProxyJump bastion-host-alias' under your target host block. This handles the intermediate SSH hop automatically.