SSH config directives reference
Complete reference for ~/.ssh/config directives including Host, HostName, Port, IdentityFile, ProxyJump, and ForwardAgent.
Complete reference for SSH client configuration directives in
~/.ssh/configcovering connection, authentication, tunneling, and proxy settings.
SSH Connection Directives
| Directive | SSH behavior | Default | Example |
|---|---|---|---|
Host | SSH defines a named alias that matches against the hostname argument; supports wildcards (
*,
?) | Required | Host production |
HostName | SSH connects to this hostname or IP address when the alias matches | Alias name | HostName 203.0.113.50 |
Port | SSH connects to this TCP port on the remote server | 22 | Port 2222 |
User | SSH authenticates as this username on the remote server | Local username | User admin |
AddressFamily | SSH uses IPv4 only (
inet), IPv6 only (
inet6), or both (
any) | any | AddressFamily inet |
SSH Authentication Directives
| Directive | SSH behavior | Default | Example |
|---|---|---|---|
IdentityFile | SSH uses this private key file for public key authentication | ~/.ssh/id_rsa,
~/.ssh/id_ed25519 | IdentityFile ~/.ssh/prod_key |
IdentitiesOnly | SSH offers only the keys specified by
IdentityFile, ignoring the agent's key list | no | IdentitiesOnly yes |
PreferredAuthentications | SSH attempts authentication methods in this order | publickey,keyboard-interactive,password | PreferredAuthentications publickey |
PasswordAuthentication | SSH allows password authentication to the server | yes | PasswordAuthentication no |
SSH Tunneling and Proxy Directives
| Directive | SSH behavior | Default | Example |
|---|---|---|---|
LocalForward | SSH binds a local port and forwards traffic to a remote destination through the SSH tunnel | None | LocalForward 3306 localhost:3306 |
RemoteForward | SSH binds a port on the remote server and forwards traffic back to the local machine | None | RemoteForward 8080 localhost:80 |
DynamicForward | SSH creates a local SOCKS5 proxy that routes all traffic through the SSH connection | None | DynamicForward 1080 |
ProxyJump | SSH routes the connection through an intermediate SSH host (bastion/jump host) before reaching the target | None | ProxyJump bastion |
ForwardAgent | SSH forwards the local SSH agent to the remote server, allowing onward SSH connections using local keys | no | ForwardAgent yes |
SSH Session Directives
| Directive | SSH behavior | Default | Example |
|---|---|---|---|
ServerAliveInterval | SSH sends a keepalive message every N seconds to prevent idle connection drops | 0 (disabled) | ServerAliveInterval 60 |
ServerAliveCountMax | SSH disconnects after this many unanswered keepalive messages | 3 | ServerAliveCountMax 5 |
ConnectTimeout | SSH limits the TCP connection phase to this many seconds | System default | ConnectTimeout 10 |
Compression | SSH enables zlib compression on the connection — useful for slow links | no | Compression yes |
LogLevel | SSH sets the verbosity of client-side logging | INFO | LogLevel DEBUG |