Works On

Viewing:

Debian 13 (Trixie)

Same on:

Other versions:

Debian 10 (Buster) Debian 11 (Bullseye) Debian 12 (Bookworm) Debian 9 (Stretch) Ubuntu 18.04 LTS (Bionic Beaver) Ubuntu 20.04 LTS (Focal Fossa) Ubuntu 22.04 LTS (Jammy Jellyfish) Ubuntu 24.04 LTS (Noble Numbat)

Details

Size: 53 lines
MD5: 0f05748bffda634f4fb2b23dce8db1c4
SHA256: 2a6f95f82ff24c74627826953f3414ff856231235ca387c1bf60d08fa81ac77e

/etc/ssh/ssh_config

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Include /etc/ssh/ssh_config.d/*.conf

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_* COLORTERM NO_COLOR
    HashKnownHosts yes
    GSSAPIAuthentication yes

Copy & Paste

curl:

curl https://exampleconfig.com/api/v1/config/original/0f05748bffda634f4fb2b23dce8db1c4?hint=ssh_config

wget:

wget -O ssh_config https://exampleconfig.com/api/v1/config/original/0f05748bffda634f4fb2b23dce8db1c4?hint=ssh_config

For AI Agents

<prompt><role>DevOps agent</role><source url='https://exampleconfig.com/api/v1/config/original/0f05748bffda634f4fb2b23dce8db1c4?hint=ssh_config' /><config><app>OpenSSH</app><os>Debian 13 (Trixie)</os><location>/etc/ssh/ssh_config</location><lines>53</lines><md5>0f05748bffda634f4fb2b23dce8db1c4</md5><sha256>2a6f95f82ff24c74627826953f3414ff856231235ca387c1bf60d08fa81ac77e</sha256></config></prompt>

Paste into Claude, ChatGPT, or any AI assistant.

Install OpenSSH

Alpine Linux

sudo apk add openssh-server

Debian

sudo apt update && sudo apt install openssh-server

Red Hat Enterprise Linux

sudo yum install openssh-server

Ubuntu

sudo apt update && sudo apt install openssh-server

File Location

File Path

/etc/ssh/ssh_config

FAQ

When should I use this ssh_config?

Use it to restore a missing default, confirm what shipped, or diff against your current OpenSSH config.

How do I restore OpenSSH defaults?

Download the file, back up the current one in /etc/ssh/ssh_config, replace it, then reload or restart OpenSSH.

Is ssh_config safe for production?

It is the vendor default for Debian 13 (Trixie). Treat it as a baseline and review security and performance settings before production use.

How does this differ from other OS versions?

Defaults vary by distro and version. This copy matches Debian 13 (Trixie).

Can I use this for OpenSSH troubleshooting?

Yes. Diff it against yours to find drift, then restore only the sections you need.

OpenSSH /etc/ssh/ssh_config