SSH Config Generator
Build your ~/.ssh/config file interactively. Add hosts, configure ProxyJump, port forwarding, and identity files. Copy or download. 100% client-side.
Global Settings (Host *)
Generated Config
# Generated by RawOps.dev — SSH Config Generator
Host *
AddKeysToAgent yes
ServerAliveInterval 60
ServerAliveCountMax 3
Host my-server
HostName 192.168.1.100
User root
Quick Recipes
Click a recipe to populate the form with a common SSH configuration pattern.
SSH Config File Guide
The SSH config file (~/.ssh/config) lets you define per-host connection parameters so you can type ssh my-server instead of ssh -i ~/.ssh/key -p 2222 [email protected]. It supports wildcards, jump hosts, port forwarding, and more.
Config File Structure
# Global defaults
Host *
AddKeysToAgent yes
ServerAliveInterval 60
# Per-host configuration
Host my-server
HostName 192.168.1.100
User admin
Port 2222
IdentityFile ~/.ssh/id_ed25519Common Options
| Option | Description |
|---|---|
| HostName | Real hostname or IP address |
| User | Login username |
| Port | SSH port (default: 22) |
| IdentityFile | Path to private key file |
| ProxyJump | Jump through another host (bastion) |
| ForwardAgent | Forward SSH agent to remote host |
| LocalForward | Forward local port to remote address |
| DynamicForward | SOCKS proxy on local port |
| ServerAliveInterval | Keepalive interval in seconds |
| ControlMaster | Enable connection multiplexing |
| Ciphers | Allowed encryption algorithms |
| MACs | Message authentication code algorithms |
| SetEnv / SendEnv | Set or forward environment variables |
| UseKeychain | Store passphrase in macOS Keychain |
SSH Connection Multiplexing
SSH multiplexing lets you reuse an existing connection for subsequent sessions to the same host, eliminating the TCP handshake and authentication overhead. This is especially useful for tools like git, rsync, and scp that open many short-lived SSH connections.
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600ControlMaster auto creates a master connection on the first session. ControlPersist 600 keeps the master alive for 10 minutes after the last session disconnects. Create the socket directory first: mkdir -p ~/.ssh/sockets.
SSH Algorithm Hardening
Modern OpenSSH supports restricting which ciphers, MACs, and key exchange algorithms are offered during the handshake. This reduces the attack surface by disabling legacy or weak algorithms:
Host secure-server
Ciphers [email protected],[email protected]
MACs [email protected],[email protected]
KexAlgorithms curve25519-sha256,[email protected]
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512
HashKnownHosts yesHashKnownHosts hashes hostnames in known_hosts so they cannot be read if the file is compromised. UpdateHostKeys yes lets the server rotate its host keys without breaking strict checking.
ProxyJump (Bastion Hosts)
ProxyJump (introduced in OpenSSH 7.3) replaces the older ProxyCommand approach. It creates an SSH tunnel through one or more intermediate hosts. For multi-hop connections, comma-separate the jump hosts: ProxyJump jump1,jump2.
Wildcards and Patterns
Use * for wildcard matching and ? for single character. The special token %h expands to the target hostname, making patterns like Host k8s-worker-* with HostName %h.internal.example.com powerful for managing fleet of servers.
Security Tips
- Use Ed25519 keys — faster and more secure than RSA
- IdentitiesOnly yes — only offer the specified key, not all keys from the agent
- ForwardAgent with caution — only enable for trusted hosts (compromised host can use your agent)
- StrictHostKeyChecking — keep “yes” or “accept-new” in production, only use “no” for ephemeral CI/CD hosts
- chmod 600 — SSH config file and private keys must be readable only by you
Privacy First
All configuration is generated entirely in your browser using JavaScript. Your hostnames, IP addresses, usernames, and key paths are never sent to any server.