What the SSH config file is
The SSH config file at ~/.ssh/config lets you save per-host settings — name, user, port, key, and dozens of options — so instead of typing ssh -i ~/.ssh/work_key -p 2222 [email protected] you just type ssh myserver. It's the single biggest quality-of-life upgrade for anyone using SSH from a terminal. This guide shows the format, the options you'll actually use, and how the same idea works on mobile.
The basic format
Create ~/.ssh/config (permissions 600) and add a block per host:
Host myserver
HostName 203.0.113.7
User deploy
Port 2222
IdentityFile ~/.ssh/work_keyNow ssh myserver expands to the full command. Host is the alias you type; HostName is the real address. That's 90% of the value right there.
The options you'll actually use
| Option | What it does |
|---|---|
HostName | The real hostname or IP |
User | Login username |
Port | Non-default port (if you moved off 22) |
IdentityFile | Which private key to use |
IdentitiesOnly yes | Offer only that key — fixes too many authentication failures |
ServerAliveInterval 60 | Keep-alive — fixes idle broken pipe drops |
ProxyJump bastion | Hop through a jump host |
HostKeyAlgorithms +ssh-rsa | Legacy server compatibility (no matching host key) |
Wildcards and defaults
Host accepts patterns, and settings apply top-down, so you can set defaults for everything and override per host:
Host *
ServerAliveInterval 60
AddKeysToAgent yes
Host *.internal.example.com
User admin
ProxyJump bastion
Host bastion
HostName 198.51.100.9
User jumpThe Host * block applies sensible defaults everywhere; more specific blocks add to them. Put specific hosts above broad wildcards — the first match for each option wins.
Jump hosts in one line
To reach a private server that's only accessible through a bastion, ProxyJump chains the hops automatically:
Host db
HostName 10.0.0.5
User postgres
ProxyJump bastionThen ssh db transparently routes through bastion. (A mesh VPN like Tailscale is an alternative that removes the need for a bastion entirely.)
The mobile equivalent
Mobile SSH clients don't use a ~/.ssh/config file — they store the same information per connection in the app: each saved host has its own user, port, key, and keep-alive settings, edited in a form instead of a text file. The benefit is the same (type once, reuse forever); the mechanism is a UI rather than a config file. In TermAI each connection carries its own auth and options, so the equivalent of IdentitiesOnly or a custom port is just a field on that connection.
FAQ
Where is the SSH config file?
At ~/.ssh/config on Linux and macOS (create it if missing, permissions 600). On Windows it's C:\Users\You\.ssh\config.
How do I use a specific key for one host?
Add IdentityFile ~/.ssh/that_key and IdentitiesOnly yes under that host's block — the second line stops the client offering other keys.
What's the difference between Host and HostName?Host is the alias you type (ssh myserver); HostName is the real address it resolves to.
Do mobile SSH apps use ~/.ssh/config?
No — they store the same settings per connection in the app's UI. The convenience is identical; it's a form instead of a file.
Quick Facts
- Location:
~/.ssh/config(permissions 600); WindowsC:\Users\You\.ssh\config - Core:
Hostalias →HostName,User,Port,IdentityFile - Most useful options:
IdentitiesOnly yes,ServerAliveInterval 60,ProxyJump - Patterns:
Host *for defaults; first match wins, so specific blocks go above wildcards - On mobile: the app stores the same settings per connection — a form, not a file
Free on iOS and Android. 5 AI requests/day on the free tier, plus unlimited SSH/SFTP and built-in Tailscale.