Secure Shell (SSH) is a cryptographic network protocol, i.e., a set of network rules that use cryptography for operating network services securely. The typical application is using SSH to access remote machines and perform command-line, login, and remote command execution, but any network service can be secured with SSH. 
The freely available version of SSH present in most Linux environments is called OpenSSH. 
OpenSSH stores its configurations on the
.ssh directory, present under the user’s root directory. The .ssh directory is automatically created when the user runs the ssh command for the first time. If it doesn’t exist in your computer yet, you may created it using the command below (notice the 700 permission for security). 
mkdir -p ~/.ssh && chmod 700 ~/.ssh
SSH Keys configuration
SSH Keys allow authentication without the need of a password . It uses two keys, one private and one public. The public key has the
.pub extension as its filetype. The name of these keys is usually
id_rsa.pub, and they are usually placed in the
To generate the keys using the RSA algorithm, run:
ssh-keygen -t rsa
At this step you will be prompted for a password; you may choose to leave it empty, but be aware that whoever gains access to your private key file will be able to login to your remote machines. 
In order to SSH into another machine without typing a password, the remote machine must have a copy of your client’s public key under its
~/.ssh/authorized_keys file. You can either manually append to that file (if you need to manually create the file, make sure it has permissions “600” for security) or use the utility command
SSH Agent and related utilities
By default, you will have to enter your private key passphrase every time you use it. However, you can avoid to repeatedly do this by running an SSH agent (
ssh-agent -s), a small utility that stores your private key after you have entered the passphrase for the first time . After your SSH-agent is running, add your key via
ssh-add, and type your passphrase. Now, every time you need to use your private key, no passphrase will be prompted.
Ideally, your SSH-agent would automatically be run at startup, so that you don’t have to manually start it and add the keys yourself. However, this approach has the inconvinience that you will need to type your passphrase for all keys even if not using them throughout your session. To solve this issue, a number of solutions have been proposed, one of them being
ssh-ident, which creates SSH agents on demand as your SSH keys are first needed. Read the repository’s documentation for more information.
OpenSSH client-side configuration
Configuration on the client side is done via the
~/.ssh/config file, which should be readable and writable only by the user (permission 600).
touch ~/.ssh/config && chmod 600 ~/.ssh/config
The structure of the file defines, for each block, an alias for host you want to access, followed by the actual hostname and additional configuration. Below you find an example configuration, adapted from .
LocalForward 31086 22.214.171.124:31086
The example above can be edited to keep only the lines useful for your configuration. It is possible to use wildcards like
Host * in your config file also. [3,4]
Prevent SSH connection time outs
An example of wildcards use in your client’s SSH configuration is when you want to make sure the SSH connections are not timed out by firewalls or related. To do so, you can add to your client’s
~/.ssh/config file (create if it doesn’t exist) the snippet below:
For more details see references  and .
If you are using a web services provider, be aware that it may employ meta-mechanisms to control SSH authentication in the remote machine. For instance, Google Compute actively modifies/deletes the
~/.ssh/authorized_keys file of virtual machines for that purpose; changes you make to that file may be lost over time.