How do I use ProxyJump to connect through a bastion host?

Add the bastion host as its own Host entry, then add the target server with a ProxyJump directive pointing to the bastion alias. For example: `ProxyJump bastion`. The SSH client will automatically tunnel through the bastion to reach the target host. ProxyJump requires OpenSSH 7.3 or later.

Is it safe to use ForwardAgent yes?

ForwardAgent forwards your local SSH agent to the remote server, allowing it to authenticate with your local keys. Only enable it on fully trusted hosts, because a compromised server with agent forwarding can use your keys to connect to other servers. Never enable ForwardAgent on public or shared servers.

What does StrictHostKeyChecking accept-new do?

The accept-new value automatically adds unknown host keys to your known_hosts file on the first connection, but refuses connections if an existing key changes. This is safer than 'no' (which silently accepts any key) and more convenient than 'yes' (which requires manual key verification for new hosts). It is a good default for cloud VMs that change frequently.

Is my SSH config data sent to a server?

No. All SSH config generation happens entirely in your browser. Your hostnames, usernames, key paths, and other connection details are never transmitted to any server and remain completely private on your device.

SSH Config Generator Online | ~/.ssh/config File Builder

You SSH into 8 servers daily: ssh -i ~/.ssh/prod-key -p 2222 deploy@prod-server.example.com. With an SSH config, that becomes ssh prod. But writing the ~/.ssh/config block means remembering the exact directive names — HostName (not Hostname), IdentityFile, ProxyJump (not ProxyCommand for modern setups), ServerAliveInterval — and getting the indentation right.

Why This Generator (Not a Text Editor)

SSH config syntax is simple but unforgiving — one wrong directive name and it silently falls back to defaults. This tool provides a visual form — fill in host alias, hostname, user, port, identity file, ProxyJump for bastion hosts, and keepalive settings. Includes presets for GitHub, GitLab, AWS EC2, and cloud VMs. Copy the correctly formatted config block. Everything runs in your browser.

What Is the SSH Config File?

The ~/.ssh/config file lets you define named shortcuts for SSH connections. Instead of typing long commands like:

ssh -i ~/.ssh/my-key.pem -p 2222 ubuntu@192.168.1.100

You define a Host block once and connect with just:

ssh myserver

The config file is read by the OpenSSH client on every connection, so every tool that uses SSH — including git, scp, rsync, and VS Code Remote — also benefits from your config entries.

SSH Config Directives Reference

Directive	Description	Example
`Host`	Alias used in `ssh <alias>`	`Host myserver`
`HostName`	Actual IP address or domain	`HostName 192.168.1.100`
`User`	Remote login username	`User ubuntu`
`Port`	SSH port (default: 22)	`Port 2222`
`IdentityFile`	Path to private key	`IdentityFile ~/.ssh/id_ed25519`
`ProxyJump`	Jump through a bastion host	`ProxyJump bastion`
`ForwardAgent`	Forward local SSH agent to remote	`ForwardAgent yes`
`ServerAliveInterval`	Keep-alive ping interval in seconds	`ServerAliveInterval 60`
`ServerAliveCountMax`	Max unanswered keep-alive pings before disconnect	`ServerAliveCountMax 3`
`StrictHostKeyChecking`	Host key verification policy	`StrictHostKeyChecking accept-new`

How to Use This Tool

Add a host entry — Click “Add Host” to create a new host block.
Fill in the fields — Enter your host alias, hostname or IP, username, and any optional settings. Leave fields blank to omit them from the output.
Use a preset — Click a preset button (Basic Server, Bastion, GitHub, etc.) to auto-fill common configurations.
Repeat for each host — Add as many host blocks as you need. They are all generated together.
Copy the output — Click the Copy button and paste it into your ~/.ssh/config file.

Common SSH Config Patterns

Basic Server Connection

The simplest config entry replaces all the flags you’d pass on the command line:

Host myserver
    HostName 192.168.1.100
    User ubuntu
    IdentityFile ~/.ssh/id_rsa
    ServerAliveInterval 60
    ServerAliveCountMax 3

Bastion / Jump Host Setup

SSH through a bastion (jump) host to reach servers on a private network:

Host bastion
    HostName bastion.example.com
    User ubuntu
    IdentityFile ~/.ssh/id_ed25519
    ForwardAgent yes

Host internal-server
    HostName 10.0.0.50
    User ubuntu
    IdentityFile ~/.ssh/id_ed25519
    ProxyJump bastion

The ProxyJump directive replaces the older ProxyCommand ssh -W %h:%p bastion syntax and is supported in OpenSSH 7.3+.

GitHub and GitLab

Use separate keys for different Git hosting services:

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_github

Host gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/id_ed25519_gitlab

AWS EC2 Instance

Host my-ec2
    HostName ec2-X-X-X-X.compute-1.amazonaws.com
    User ec2-user
    IdentityFile ~/.ssh/my-key.pem
    ServerAliveInterval 60
    StrictHostKeyChecking accept-new

StrictHostKeyChecking Options

Value	Behavior
(omit)	Uses SSH default (`ask`) — prompts on first connection
`yes`	Refuses to connect if host key is unknown or changed
`no`	Silently accepts any host key (insecure — only for testing)
`accept-new`	Automatically accepts new keys, rejects changed keys (safe for new hosts)

Use accept-new for cloud VMs that are frequently re-created. Use yes for production servers where you need to detect MITM attacks.

ForwardAgent Considerations

ForwardAgent yes passes your local SSH agent through the connection, letting remote servers authenticate with your local keys. This is useful for:

Running git commands from a remote server using your local Git identity
Chaining SSH connections through multiple hops

Security note: Only enable ForwardAgent on hosts you fully trust. A compromised remote server with agent forwarding enabled can use your local keys to connect to other servers.

Applying Changes

After editing ~/.ssh/config:

No restart required — SSH reads the file on each connection
Test a new entry with: ssh -v myserver (verbose output shows which config was applied)
Check syntax with: ssh -G myserver (prints the effective config for that host)

Frequently Asked Questions

Where is the SSH config file on Windows? On Windows with OpenSSH (built-in since Windows 10), the config file is at C:\Users\YourName\.ssh\config. Git for Windows and WSL each have their own OpenSSH installation with separate config files.

Can I use wildcards in Host patterns? Yes. Host *.example.com matches any subdomain, and Host * sets defaults for all connections. More specific Host blocks take precedence over wildcard blocks.

What is the difference between IdentityFile and IdentitiesOnly? IdentityFile specifies which key to offer during authentication. Adding IdentitiesOnly yes tells the SSH client to use only the specified key and ignore any keys loaded in the agent. This prevents accidental authentication with the wrong key.

How do I use a non-standard port with git over SSH? Add the port in your SSH config and git will pick it up automatically:

Host github.com
    HostName ssh.github.com
    User git
    Port 443

This is the recommended workaround when port 22 is blocked by a firewall.

Is my config data sent to a server? No. All processing happens entirely in your browser. Your hostnames, usernames, and key paths are never transmitted to any server and remain completely private on your device.

SSH Config Generator

Generated SSH Config