Client Configuration

The most common use of the SSH client configuration in ~/.ssh/config is the definition of aliases for host with special requiements.

Host ALIAS
HostName HOST
Port 12345

There are a few options that you should be aware of which can all either appear in a host section or globally.

• Security: The CheckHostIP option will provide some protection against ip spoofing whereas the StrictHostKeyChecking (no, ask, yes) command can even provent host key to be added to your ~/.ssh/known_hosts.

  CheckHostIP yes
  StrictHostKeyChecking ask
  

• Forwarding agent connections: Whether this is enabled or not is controlled via the ForwardAgent option. See also agent forwarding.

• Forwarding ports: These are defined via the ForwardLocal and the ForwardRemote options. For details see port forwarding.

• Forwarding x11 connections: Whether this is enabled or not is controlled via the ForwardX11 option.

• Authentication: It depends on your setup whether you intent to allow both methods of authentication on a host-per-host basis or globally. The following example contains the default settings:

  PasswordAuthentication yes
  PubkeyAuthentication yes
  

• rhost or shost authentication: This is evil. Don’t use it.

  HostbasedAuthentication no
  RhostsRSAAuthentication no
  

See also: escape characters