SSH Config Generator

Generate optimized and hardened ~/.ssh/config files and bastion setups.

Connection Details

Security Settings

- CAUTION: Allows remote servers to use your local SSH agent. Better to use ProxyJump.
- Forward X11 GUI applications.

Route connection through another SSH host (Bastion).

Keep-Alive & Tuning

Ping server every X seconds to keep connection open.

Disconnect if X pings fail.

config
1

SSH Client Configuration Guide

The ~/.ssh/config file allows you to define shortcuts and specific parameters for different SSH connections, saving you from typing long, complex SSH commands every time.

Security Best Practices

  • Avoid Agent Forwarding (ForwardAgent): Agent forwarding allows a remote server to use your local SSH agent to authenticate with other servers. If the remote server is compromised, an attacker with root access can hijack your agent socket and impersonate you. Use ProxyJump instead.
  • StrictHostKeyChecking: Always set this to yes for production servers. It ensures that if the server's fingerprint changes (a potential Man-in-the-Middle attack), SSH will refuse to connect.
  • IdentityFile Management: Instead of loading all keys into your SSH agent, explicitly specify which IdentityFile (private key) to use for each host. This prevents the server from rejecting your connection after too many failed authentication attempts using the wrong keys.
  • Bastion Hosts (ProxyJump)

    A Bastion Host (or Jump Host) is a specialized server designed to be the only entry point into a private network. Modern OpenSSH supports the ProxyJump directive, which securely tunnels your connection through the bastion host to the internal server without needing to forward your SSH agent.