user@host configuration in ~/.ssh/config

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a setup of several users and hosts, all of which have their own
key/public key set up for passwordless login.
On several hosts I have multiple users.

What I was wondering was if I could set up the ~/.ssh/config file to use
the correct id_dsa_<something> file for each user, instead of having to
have a large list for each host?

Something like (which I know doesn't work):

Host user@host
   IdentityFile ~/.ssh/id_dsa_user_host
Host user2@host
   IdentityFile ~/.ssh/id_dsa_user2_host
Host user3@host
   IdentityFile ~/.ssh/id_dsa_user3_host
Host *
   IdentityFile ~/.ssh/id_dsa

I am aware that I can use aliases for the host, and thus achieve what I
want by having different aliases for different users (much the same as
you can do with .netrc and ftp), but this requires that you have to edit
in more than one file, and you need to have access to the /etc/hosts

Can what I want be achieved, or are there other ways to achieve this?

Stein Arne

Re: user@host configuration in ~/.ssh/config

Quoted text here. Click to load it

It would be nice if the "%r" worked here ("IdentityFile ~/.ssh/id_dsa_%r_%h")
but unfortunately it doesn't.

Quoted text here. Click to load it

Why do you need to edit /etc/hosts for that?  The following ought to work:

Host host-user1
    Hostname host
    User host
    IdentityFile ~/.ssh/id_dsa_user1_host

... and so on.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: user@host configuration in ~/.ssh/config

Quoted text here. Click to load it

DAMN, i didn't know this!
So when I do a "sftp user1-host" SSH actually does not do a DNS query
until it has checked the config file?
Well, it is something like that or other, because I just tried it, and
it worked.

I thought that the <host> part of "Host <host>" _had_ to be a real

I see now from the man-page of ssh_config:

   Specifies the real host name to log into.  This can be used to
   specify nicknames or abbreviations for hosts.  Default is the
   name given on the command line.  Numeric IP addresses are also
   permitted (both on the command line and in HostName

Thank you very much for clearing this up for me.

more intuitive.


Host <host>
  UserOpts user1
    ForwardX11 no
  UserOpts user1
    ForwardX11 yes

Oh well...

Stein Arne

Site Timeline