Taming SSH Config Chaos: Organizing Your SSH Connections with Include Files and Host Directives

Taming SSH Config Chaos

I’ve seen this go wrong when you’re managing multiple SSH connections to various servers - it can quickly lead to a tangled mess of SSH config files. You end up with a dozen different servers, each with its own set of configuration options, and it’s a nightmare to keep track of which server uses which settings. Don’t bother with manual editing of the SSH config file; there are better ways to organize your connections.

Organizing SSH Connections with Include Files

The real trick is to use include files. SSH allows you to split your config into multiple files, which can be included in the main config file using the Include directive. For example, you can create a separate file for each server or group of servers, and then include those files in your main SSH config file.

# Create a separate file for each server
echo "Host server1" > server1.conf
echo "  HostName server1.example.com" >> server1.conf
echo "  User user1" >> server1.conf

echo "Host server2" > server2.conf
echo "  HostName server2.example.com" >> server2.conf
echo "  User user2" >> server2.conf

# Include the separate files in the main SSH config file
echo "Include server1.conf" >> ~/.ssh/config
echo "Include server2.conf" >> ~/.ssh/config

This approach makes it easy to manage multiple SSH connections - just add or remove include files as needed. In practice, I usually start with a separate file for each server, and then include those files in my main config.

Using Host Directives

Another way to organize your SSH connections is to use host directives. Host directives allow you to specify a set of configuration options that apply to a particular host or group of hosts. For example, you can use the Host directive to specify a default username and port for a particular server.

# Specify a default username and port for a particular server
echo "Host server1" >> ~/.ssh/config
echo "  HostName server1.example.com" >> ~/.ssh/config
echo "  User user1" >> ~/.ssh/config
echo "  Port 2222" >> ~/.ssh/config

You can also use the Match directive to specify configuration options based on certain conditions, such as the hostname or IP address.

# Specify configuration options based on the hostname
echo "Match Host server1" >> ~/.ssh/config
echo "  User user1" >> ~/.ssh/config
echo "  Port 2222" >> ~/.ssh/config

For more information on SSH configuration options, check out the OpenSSH documentation.

Security Considerations

This is where people usually get burned - security. When managing SSH connections, it’s essential to consider security. One way to improve security is to use SSH keys instead of passwords. You can generate an SSH key pair using the ssh-keygen command, and then add the public key to the authorized_keys file on the server.

# Generate an SSH key pair
ssh-keygen -t ed25519

# Add the public key to the authorized_keys file on the server
ssh-copy-id [email protected]

You can also use tools like ssh-audit to scan your SSH configuration for potential security vulnerabilities.

See also

• Taming Log Noise with syslog and logrotate on a Small Linux Server
• Taming systemd-resolved: Tips for a Saner DNS Setup on Linux
• Taming Resource-Intensive Containers with Podman's CPU Limiting and cgroups
• Troubleshooting DNS Leaks on a Small Linux Server with systemd-resolved
• Taming Shared Directory Chaos with Setgid and Sticky Bits