Home ExampleConfig logo

OpenSSH /etc/ssh/ssh_config

Authentic ๐Ÿ“‹ Debian 13 (Trixie) 54 lines
๐Ÿ“ฅ Download ๐Ÿ” Compare

Compatibility

Currently viewing:
Debian 13 (Trixie)
Also compatible:
Different versions:
Debian 10 (Buster) Debian 11 (Bullseye) Debian 12 (Bookworm) Debian 9 (Stretch) Ubuntu 18.04 LTS (Bionic Beaver) Ubuntu 20.04 LTS (Focal Fossa) Ubuntu 22.04 LTS (Jammy Jellyfish) Ubuntu 24.04 LTS (Noble Numbat)

File Info

Size
54 lines
MD5
0f05748bffda634f4fb2b23dce8db1c4
SHA256
2a6f95f82ff24c74627826953f3414ff856231235ca387c1bf60d08fa81ac77e

Quick Commands

curl:
curl https://exampleconfig.com/api/v1/config/original/0f05748bffda634f4fb2b23dce8db1c4?hint=ssh_config
wget:
wget -O ssh_config https://exampleconfig.com/api/v1/config/original/0f05748bffda634f4fb2b23dce8db1c4?hint=ssh_config
/etc/ssh/ssh_config 
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Include /etc/ssh/ssh_config.d/*.conf

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_* COLORTERM NO_COLOR
    HashKnownHosts yes
    GSSAPIAuthentication yes

How to Install OpenSSH

Alpine Linux

sudo apk add openssh-server

Debian

sudo apt update && sudo apt install openssh-server

Red Hat Enterprise Linux

sudo yum install openssh-server

Ubuntu

sudo apt update && sudo apt install openssh-server

Configuration File Location

File Path
/etc/ssh/ssh_config
Directory
/etc/ssh/
Significance
System-wide configuration directory
Description
Files in /etc/ contain system-wide configuration settings that affect all users.

Complete OpenSSH Configuration Guide

What is ssh_config?
Get the original 'ssh_config' (sshd_config) configuration file from a fresh OpenSSH installation on Debian 13 (Trixie). This is the factory-default SSH server configuration, crucial for security hardening, remote access troubleshooting, and understanding baseline security settings.
Technical Details
Located at '/etc/ssh/ssh_config', this 54-line file controls authentication methods, encryption algorithms, key exchange protocols, and access controls. Secures millions of servers worldwide and is the foundation for secure remote administration, file transfers, and automated deployments.
Common Configuration Question
How do you configure OpenSSH for maximum security, key-based authentication, and compliance on Debian 13?
Why Use This Configuration?
This default configuration includes modern cipher suites, authentication controls, and security best practices. Essential for security professionals, system administrators, and DevOps engineers managing secure remote access to production systems.

Frequently Asked Questions

When should I use this ssh_config file?

Use this original configuration file when you need to restore OpenSSH to its default state after misconfiguration, during fresh installations, or as a baseline for customization. It's particularly useful for troubleshooting when your current config isn't working properly.

How do I restore OpenSSH to default settings?

Download this file and replace your current configuration at /etc/ssh/ssh_config. Make sure to backup your existing configuration first, then restart the OpenSSH service to apply the changes.

Is this ssh_config file secure for production use?

This is the factory-default configuration that ships with OpenSSH on Debian 13 (Trixie). While it provides a secure baseline, you should review and customize security settings based on your specific production requirements and compliance needs.

What's the difference between this and other OS versions?

This configuration is specifically from Debian 13 (Trixie). Different operating systems and versions may have slightly different default settings, security patches, or feature availability. Check the compatibility section above for other OS versions.

Can I use this configuration file for OpenSSH troubleshooting?

Yes, this original configuration is excellent for troubleshooting. Compare it with your current settings to identify modifications that might be causing issues, or temporarily replace your config with this one to isolate problems.

Related Files

/etc/ssh/ssh_host_ed25519_key.pub
OpenSSH ยท Debian 9 (Stretch)
/etc/ssh/ssh_host_ed25519_key
OpenSSH ยท Debian 9 (Stretch)
/etc/ssh/ssh_host_ecdsa_key.pub
OpenSSH ยท Debian 9 (Stretch)