Free tool · Runs in your browser

SSH Config Generator

Build a clean ~/.ssh/config from a simple form - aliases, hostnames, users, ports, keys, and jump hosts. Connect with "ssh myserver" instead of memorizing IPs. Everything stays in your browser.

Host 1
Connection
What you type after ssh
Authentication
Routing & behavior
~/.ssh/config
Host myserver
HostName 192.0.2.10
User deploy
IdentityFile ~/.ssh/id_ed25519

Save this to ~/.ssh/config, then run chmod 600 ~/.ssh/config. Now ssh myserver just works.

What is the SSH config file?

The SSH config file at ~/.ssh/config lets you save per-host connection settings so you never have to retype them. Instead of ssh -i ~/.ssh/id_ed25519 -p 2222 deploy@192.0.2.10, you define the host once and connect with a short alias: ssh myserver.

It is the cleanest way to manage a handful of servers from the command line - aliases, the right key per host, custom ports, and jump hosts all live in one readable file.

How to use this generator

  1. Enter a Host alias (what you will type after ssh) and the real HostName.
  2. Add the user, port, and IdentityFile (private key) as needed - blank fields are left out.
  3. Connecting through a bastion? Set ProxyJump. Need keepalives or strict checking? Open Advanced.
  4. Click "Add another host" to manage your whole fleet in one file.
  5. Copy the generated config into ~/.ssh/config and set its permissions (below).

Where the file lives and how to secure it

On macOS and Linux the per-user file is ~/.ssh/config; create the ~/.ssh directory first if it does not exist. On Windows with OpenSSH it is C:\Users\you\.ssh\config. System-wide defaults live in /etc/ssh/ssh_config.

SSH is strict about permissions. After saving, lock the file down so only you can read it: chmod 600 ~/.ssh/config and chmod 700 ~/.ssh. Not sure what those numbers mean? Our chmod calculator explains and builds the exact command.

Use a different key per host

A common reason to use a config file is mapping the right private key to each server. Set IdentityFile per host, and enable IdentitiesOnly (under Advanced) so SSH offers only that key instead of every key your agent holds - which avoids "too many authentication failures" errors on servers with strict limits.

Common SSH config directives

DirectiveWhat it does
HostThe alias you type after ssh - for example "ssh myserver". Supports wildcards like *.example.com.
HostNameThe real hostname or IP address the alias connects to.
UserThe login username, so you no longer need to type user@host.
PortThe SSH port, when it is not the default 22.
IdentityFilePath to the private key used to authenticate with this host.
ProxyJumpA bastion / jump host to route through before reaching this host.
ForwardAgentForwards your local SSH agent to the remote host. Use only with trusted hosts.
ServerAliveIntervalSeconds between keepalive packets, to stop idle connections from dropping.
StrictHostKeyCheckingHow strictly to verify the host key: ask, accept-new, yes, or no.
CompressionCompresses the connection. Can help on slow links; usually left off on fast ones.
IdentitiesOnlyUse only the key named in IdentityFile, ignoring others the agent offers.
SSH config FAQ

Frequently asked questions

The per-user SSH config file lives at ~/.ssh/config on macOS and Linux, and at C:\Users\<you>\.ssh\config on Windows with the OpenSSH client. System-wide defaults are stored in /etc/ssh/ssh_config. If the ~/.ssh directory does not exist yet, create it before adding the file.
Host is the alias you type after ssh - for example "ssh myserver". HostName is the real address that alias points to, such as an IP like 192.0.2.10 or a domain. This lets you connect with a short, memorable name instead of the actual hostname.
Add a separate Host block for each server and set its IdentityFile to the correct private key. Enable IdentitiesOnly yes so SSH uses only that key rather than offering every key in your agent, which prevents "too many authentication failures" errors on servers that limit attempts.
ProxyJump tells SSH to connect through an intermediate bastion or jump host before reaching the target server. For example, ProxyJump bastion routes the connection through the host aliased "bastion" first. It replaces the older, more verbose ProxyCommand with netcat approach.
Run chmod 600 ~/.ssh/config so only your user can read and write it, and chmod 700 ~/.ssh on the directory. SSH may ignore a config or key file that is readable by other users. You can use our chmod calculator at /tools/chmod-calculator to see exactly what those values mean.
Yes. For each setting, SSH uses the first matching value it finds reading top to bottom. Put specific Host entries before broad wildcard entries (like Host *) so the specific settings win. The generator outputs your hosts in the order you add them.
Manage hosts, not text files

Your whole fleet, without editing a config file.

CtrlOps stores every server as a named host with tags and the right key attached - one click to connect, no IP spreadsheets, and your credentials encrypted on your own machine.

Start instantly· No credit card· No sneaky autorenewals