Summary
OpenSSH provides the way to define configurations based on hosts, etc. with the keywords, Host
and Match
.
Environment
- SSH client: OpenSSH 7.9
Basis
Open the ssh_config
file.
$ nvim ~/.ssh/config
Then write definitions.
Examples
Here is an example of multiple conditions.
The definition of each condition is valid up to the next Host
or Match
keyword.
# [~/.ssh/config]
Host %host-name%
%Parameter-Name% %parameter-value%
Host %multiple-hosts-name-1% %multiple-hosts-name-2%
%Parameter-Name% %parameter-value%
Match {host,originalhost,user,localuser,exec,canonical,final} "%criteria%"
%Parameter-Name% %parameter-value%
...
Here is an example of multiple parameters in a single host.
Of course, it's all right to define more or less parameters in any hosts than others. (Be careful of the default values.)
# [~/.ssh/config]
Host %nickname%
Hostname %real-hostname%
Port %specified-port%
User %specified-user%
IdentityFile ~/.ssh/specified-user_id_rsa
ServerAliveInterval 60
* Note: Indentation is just for ease of viewing, which isn't actually necessary.
Flexible Definitions
#1: Patterns
Pattern Symbol | Usage |
---|---|
* |
Matches zero or more characters. |
? |
Matches exactly one character. |
! |
Negates targets. |
Examples
# [ `*` keyword ]
# any hosts
Host *
# any .com domains
Host *.com
# [ `?` keyword ]
# 192.168.0.[0-9]
Host 192.168.0.?
# [ `!` keyword ]
# any except specified domain
Host * !cool-website.com
# any except specified domain and subdomains
Host * !cool-website.com !*.cool-website.com
# any 192.168.* except 192.168.0.*
Host 192.168.* !192.168.0.*
* Caution: !
keyword requires matched targets as well as negated ones:
- NG:
Host !some.domain.com
- OK:
Host * !some.domain.com
#2: Match
Instead Of Host
Keyword | Usage |
---|---|
host |
The real host name to log into. |
originalhost |
The hostname as it is specified on the command-line. |
user |
The target username on the remote host. |
localuser |
The name of the local user running ssh . |
Examples
# a single condition with a single option
Match host "some-domain.com"
# which equals to:
# Host some-domain.com
IdentityFile ~/.ssh/default_id_rsa
# a single condition with multiple options
Match host "specified-domain.com,some.specified-domain.com"
# which equals to:
# Host specified-domain.com some.specified-domain.com
IdentityFile ~/.ssh/specified-domain_id_rsa
# multiple conditions
Match host "specified-domain.com" user "specified-user"
IdentityFile ~/.ssh/specified-user_id_rsa
* Caution: Don't put space between multiple options:
- NG:
Match host "specified-domain.com, some.specified-domain.com"
- OK:
Match host "specified-domain.com,some.specified-domain.com"
(Optional) More Controls With Match
Keyword | Usage |
---|---|
exec |
Executes the specified command under the user's shell. If the command returns a zero exit status then the condition is considered true. Arguments can be defined as Tokens. |
canonical |
Matches only when the configuration file is being re-parsed after hostname canonicalization. |
final |
Requests that the configuration be re-parsed (regardless of whether CanonicalizeHostname is enabled), and matches only during this final pass. If CanonicalizeHostname is enabled, then canonical and final match during the same pass. |
Usages
#1: Configuration For Specified Hostname
Host some.cool-website.com
User %user-specified%
Host *
User %user-default%
#2: Configurations By Subdomains
# specified domain
Host cool-website.com
# write configuration...
# specified subdomain
Host www.cool-website.com
# write configuration...
# all subdomains
Host *.cool-website.com
# write configuration...
# specified domain and subdomains
Host cool-website.com *.cool-website.com
# or:
# Match host "cool-website.com,*.cool-website.com"
# write configuration...
#3: Hostname Alias
Host %nickname%
HostName real.very-long-hostname.com
#4: Port Switching
Host %host-with-unique-port%
Port %real-port%
#5: Using An Identity File
Host www.cool-website.com
IdentityFile ~/.ssh/specified_id_rsa
Happy serving 🕊