What is ~/.ssh/config?
The SSH client config file lets you define per-host connection settings so a long command like ssh -i ~/.ssh/key.pem -p 2222 [email protected] collapses to ssh myserver. Each block starts with a Host alias followed by indented options β HostName, User, Port, IdentityFile, and dozens more. OpenSSH reads ~/.ssh/config first, then /etc/ssh/ssh_config, and the first matching value for each option wins, so put specific Host blocks above broad Host * defaults.
How does this generator work?
Add host entries with the visual form β hostname, user, port, identity file β plus advanced options like ProxyJump, ProxyCommand, LocalForward, RemoteForward, keepalive settings, compression, and log level. Presets for a basic server, jump host, GitHub, AWS EC2, and a database tunnel give you a working starting point in one click. The formatted config builds in your browser (nothing is uploaded) and is ready to paste straight into ~/.ssh/config.
How do I set up an SSH jump host?
A jump host (bastion) is the single hardened entry point into a private network. In your config, add ProxyJump bastion to the internal host's block and SSH tunnels through automatically: ssh internal-server just works. The one-off CLI equivalent is ssh -J bastion internal-server, and you can chain hops with commas: ProxyJump bastion1,bastion2. ProxyJump (OpenSSH 7.3+) replaces the older ProxyCommand ssh -W %h:%p bastion incantation, which this tool also supports for legacy setups.
How do I tunnel a database connection over SSH?
Use LocalForward to map a local port to a service reachable from the remote host. LocalForward 5432 localhost:5432 in a host block means ssh tunnel-db opens the tunnel, and your local psql connects to localhost:5432 as if Postgres were local. The ad-hoc equivalent is ssh -L 5432:localhost:5432 user@remote. RemoteForward does the reverse β exposing a local service to the remote machine β handy for webhooks against a dev laptop.
How do I use different SSH keys for different hosts?
Set IdentityFile per host block β for example ~/.ssh/github_ed25519 for GitHub and a separate ~/.ssh/work_ed25519 for production servers. This is essential when a service like GitHub identifies you by key, since offering the wrong key first can log you in as the wrong account. If you have many keys loaded in ssh-agent, the server may reject you with too many authentication failures before the right key is tried; pairing IdentityFile with IdentitiesOnly yes in your config fixes that.
How do I stop SSH sessions from disconnecting?
Idle connections get dropped by NAT routers and firewalls, often after 5-15 minutes. Set ServerAliveInterval 60 so the client sends an encrypted keepalive every 60 seconds, and ServerAliveCountMax 3 so it gives up after three unanswered probes β meaning a genuinely dead connection fails fast instead of hanging your terminal. These two options, included in most of this tool's presets, solve the vast majority of mysterious broken pipe and frozen session complaints.
Why is my SSH config being ignored?
Check three things. First, permissions: OpenSSH refuses overly permissive files, so run chmod 600 ~/.ssh/config and chmod 700 ~/.ssh. Second, option precedence: the first match wins, so a Host * block above your specific entry silently overrides it β generic defaults belong at the bottom of the file. Third, the Host vs HostName mixup: Host is the alias you type, HostName is the real address; ssh myserver fails if you put the IP under Host. Debug any of these with ssh -v myserver.