What is the SSH config file?

The ~/.ssh/config file is the SSH client configuration file. It lets you define connection parameters for multiple hosts in one place — aliases, usernames, port numbers, identity files, and proxy settings — so you can connect with just 'ssh myserver' instead of typing the full ssh command each time.

What is ProxyJump in SSH?

ProxyJump (or -J flag) routes your SSH connection through an intermediate 'jump host' or bastion server. This is used when your target server is on a private network not directly accessible from the internet. You connect to the bastion first, and SSH automatically tunnels through it to reach the target host.

What is the difference between LocalForward and RemoteForward?

LocalForward tunnels a local port to a remote destination through the SSH connection. For example, LocalForward 5432 db.internal:5432 lets you connect to a remote database at localhost:5432 on your machine. RemoteForward is the reverse — it makes a local port accessible on the remote server.

What is ServerAliveInterval?

ServerAliveInterval sends a keepalive packet every N seconds when the connection is idle, preventing the server from dropping inactive SSH connections. Combined with ServerAliveCountMax (number of missed responses before disconnecting), this prevents 'Broken pipe' errors on long-running sessions.

SSH Config Generator

Generate your ~/.ssh/config file. Add multiple hosts with aliases, jump hosts, port forwarding, and cloud provider templates.

Hosts

Global Options (applies to all hosts)

ServerAliveInterval (s)

ServerAliveCountMax

AddKeysToAgent yes

UseKeychain yes (macOS only)

~/.ssh/config

Add hosts above to generate your SSH config.

How to Use the SSH Config Generator

Add hosts — click "+ Add Host" or choose a cloud template to start.
Fill in the details — alias, hostname or IP, user, port, and identity file.
Enable advanced options — expand the advanced section for ProxyJump, port forwarding, and keepalive settings.
Copy or download — save the output as ~/.ssh/config (make sure permissions are 600: chmod 600 ~/.ssh/config).

Understanding the SSH Config File

The SSH client configuration file (~/.ssh/config) is one of the most useful but underutilized tools in a developer's workflow. Instead of memorizing and typing long SSH commands like ssh -i ~/.ssh/aws-key.pem -p 2222 [email protected], you define it once in the config file and connect with just ssh webserver. The file is read top to bottom; the first matching Host block wins, and the special Host * block at the bottom applies global defaults.

Host Aliases and Wildcards

Each Host directive defines a pattern that matches when you type ssh <pattern>. You can use wildcards: Host web-* matches web-prod, web-staging, etc. Multiple patterns on the same line (space-separated) match any of them. The HostName directive specifies the actual IP or DNS name to connect to — this is separate from the alias, letting you use short memorable names for long hostnames.

Jump Hosts and ProxyJump

In many corporate and cloud environments, production servers are on private networks with no direct internet access. A bastion host (also called a jump host) sits on the boundary — it has both a public IP and access to the private network. The ProxyJump directive (introduced in OpenSSH 7.3) handles this transparently. When you run ssh private-server, SSH first connects to the bastion host, then tunnels the connection to the private server. All of this happens in one command with no manual steps. Older OpenSSH versions use ProxyCommand instead.

Local Port Forwarding

Port forwarding lets you access remote services through an encrypted SSH tunnel as if they were running locally. LocalForward 5432 db.internal:5432 means that connecting to localhost:5432 on your machine tunnels to db.internal:5432 through the SSH server. This is the standard way to access databases, internal dashboards, and admin panels that are not exposed to the internet. It eliminates the need for VPNs for development access to remote infrastructure.

Identity Files and SSH Keys

The IdentityFile directive specifies which private key to use for a host. Different cloud providers generate different keys — AWS EC2 uses .pem files, GCP uses ED25519 keys managed by gcloud, and self-managed servers typically use ED25519 or RSA keys. Storing all keys in ~/.ssh/ and referencing them by name in the config file keeps your SSH workflow organized. Always use ssh-keygen -t ed25519 for new keys — ED25519 is faster, more secure, and produces shorter key material than RSA. Combine this with the Docker Compose Generator for full infrastructure management.

Frequently Asked Questions

The ~/.ssh/config file defines connection parameters for multiple SSH hosts — aliases, usernames, ports, identity files, and proxy settings. It lets you connect with just 'ssh myserver' instead of typing full ssh commands each time.

ProxyJump routes your SSH connection through an intermediate bastion server. This is used when your target is on a private network. SSH connects to the bastion first, then automatically tunnels through it to reach the target host.

LocalForward tunnels a local port to a remote destination through SSH (e.g., access a remote database at localhost:5432). RemoteForward is the reverse — it makes a local port accessible on the remote server.

ServerAliveInterval sends a keepalive packet every N seconds when the connection is idle, preventing the server from dropping inactive SSH sessions. Combined with ServerAliveCountMax, this prevents 'Broken pipe' errors.

No. This generator runs entirely in your browser. No data is sent to any server, logged, or stored anywhere outside your device. Your host names, usernames, and key paths are only used to generate the config text shown in your browser.