What does ProxyJump do in SSH config?

ProxyJump (or the -J flag) routes your SSH connection through an intermediate bastion host, allowing you to reach servers in a private network with a single command.

How do I set correct permissions on my SSH config?

Run chmod 600 ~/.ssh/config to restrict access to your user only. SSH refuses to use the config file if it is world-readable, and similarly requires id_rsa keys to be chmod 600.

Can I use wildcards in SSH Host patterns?

Yes. Host * matches all connections and sets global defaults. Host *.example.com matches any host in that domain. More specific patterns override general ones.

SSH Client Config File Examples

The SSH client configuration file at ~/.ssh/config lets you define aliases and default settings for every host you connect to, eliminating the need to remember long ssh commands with multiple flags. This example shows entries for a direct server, an alias with a custom key and port, and a jump host configuration for reaching servers in a private network. The text diff tool is useful for comparing config files across machines to identify divergent settings. Always set StrictHostKeyChecking and restrict permissions on the config file to 600.

Example

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
    AddKeysToAgent yes

Host prod-web
    HostName 203.0.113.10
    User deploy
    IdentityFile ~/.ssh/prod_rsa
    Port 2222

Host bastion
    HostName bastion.example.com
    User ec2-user
    IdentityFile ~/.ssh/aws_key.pem

Host private-db
    HostName 10.0.1.50
    User ubuntu
    ProxyJump bastion
    IdentityFile ~/.ssh/aws_key.pem

[ open in Text Diff Checker → ]

FAQ

What does ProxyJump do in SSH config?: ProxyJump (or the -J flag) routes your SSH connection through an intermediate bastion host, allowing you to reach servers in a private network with a single command.
How do I set correct permissions on my SSH config?: Run chmod 600 ~/.ssh/config to restrict access to your user only. SSH refuses to use the config file if it is world-readable, and similarly requires id_rsa keys to be chmod 600.
Can I use wildcards in SSH Host patterns?: Yes. Host * matches all connections and sets global defaults. Host *.example.com matches any host in that domain. More specific patterns override general ones.

Related Examples

Manage a .env Environment File

Environment files store secrets and configuration that differ between developmen...

Nginx SSL and Security Configuration

A secure Nginx configuration enables TLS 1.2 and 1.3 only, disables weak ciphers...

EditorConfig for a Multi-Language Project

EditorConfig enforces consistent code style rules across different editors and I...