Configuring SSH Client for Key Authentication

1 min read Data Protection & Compliance

Configuring SSH Client for Key Authentication

Proper SSH client configuration streamlines key usage while maintaining security. The SSH client configuration file (~/.ssh/config) allows you to specify key files, connection parameters, and security options for different hosts.

Create a comprehensive SSH client configuration:

# ~/.ssh/config
# Global defaults
Host *
    # Use key authentication only
    PasswordAuthentication no
    # Prevent SSH agent forwarding by default
    ForwardAgent no
    # Enable strict host key checking
    StrictHostKeyChecking yes
    # Hash known hosts file
    HashKnownHosts yes
    # Keep connections alive
    ServerAliveInterval 60
    ServerAliveCountMax 3

# Production web servers
Host web-prod-*
    HostName %h.example.com
    User webadmin
    IdentityFile ~/.ssh/id_ed25519_prod
    IdentitiesOnly yes
    Port 22

# Development environment
Host dev-*
    HostName %h.dev.example.com
    User developer
    IdentityFile ~/.ssh/id_ed25519_dev
    IdentitiesOnly yes
    Port 2222

# Bastion host configuration
Host bastion
    HostName bastion.example.com
    User security
    IdentityFile ~/.ssh/id_ed25519_bastion
    IdentitiesOnly yes
    ForwardAgent yes  # Only for bastion
    Port 22

# Access internal servers through bastion
Host internal-*
    HostName %h.internal.example.com
    User admin
    IdentityFile ~/.ssh/id_ed25519_internal
    ProxyJump bastion
    Port 22