Developer Tools

SSH Config Generator

Build a clean OpenSSH client config (~/.ssh/config) in your browser. Add hosts, set User, Port, IdentityFile, ProxyJump, port forwards, and more.

Hosts

Add one entry per remote you want to alias. ssh_config is first-match wins, so put the more specific entries above the generic ones.

prod-web

Host alias (one or more, space or comma separated)

Use a friendly nickname. Wildcards * and ? are allowed.

Port

Emitted only if not 22.

HostName (real hostname or IP)

User

IdentityFile (private key path)

IdentitiesOnly

ProxyJump

ForwardAgent

Notes (rendered as comments above the Host line)

bastion

Host alias (one or more, space or comma separated)

Use a friendly nickname. Wildcards * and ? are allowed.

Port

Emitted only if not 22.

HostName (real hostname or IP)

User

IdentityFile (private key path)

IdentitiesOnly

ProxyJump

ForwardAgent

Notes (rendered as comments above the Host line)

db-primary

Host alias (one or more, space or comma separated)

Use a friendly nickname. Wildcards * and ? are allowed.

Port

Emitted only if not 22.

HostName (real hostname or IP)

User

IdentityFile (private key path)

IdentitiesOnly

ProxyJump

ForwardAgent

Notes (rendered as comments above the Host line)

github.com

Host alias (one or more, space or comma separated)

Use a friendly nickname. Wildcards * and ? are allowed.

Port

Emitted only if not 22.

HostName (real hostname or IP)

User

IdentityFile (private key path)

IdentitiesOnly

ProxyJump

ForwardAgent

Notes (rendered as comments above the Host line)

Global defaults (Host *)

These apply to any host that does not set the option itself. ssh_config is first-match wins, so the Host * block is emitted at the bottom of the file.

Emit Host *

IdentityFile

IdentitiesOnly

AddKeysToAgent

UseKeychain (macOS)

ServerAliveInterval (seconds)

ServerAliveCountMax

HashKnownHosts

ForwardAgent

Output style

Include top banner commentInclude per-host comment linesBlank line between hosts

Validation

0 errors1 warning0 notes

warnHost #4: HostName is empty. Without HostName, ssh resolves the alias itself as the DNS name.

Generated ssh_config

Paste into ~/.ssh/config and set restrictive permissions: chmod 600 ~/.ssh/config. 46 lines.

# Generated by Zero Signup Tools SSH Config Generator.
# Save to ~/.ssh/config and run: chmod 600 ~/.ssh/config
# Reference: man 5 ssh_config

# Front-end web tier. Use the deploy key, no agent forwarding.
Host prod-web
  HostName web-01.prod.example.com
  User deploy
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes
  ForwardAgent no
  ServerAliveInterval 30
  ServerAliveCountMax 3

# Jump host for the private VPC.
Host bastion
  HostName bastion.example.com
  User alice
  Port 2222
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes
  ForwardAgent no
  Compression yes

# Private DB. Tunnels Postgres to local 5433.
Host db-primary
  HostName 10.0.4.21
  User ops
  IdentityFile ~/.ssh/id_ed25519
  ProxyJump bastion
  LocalForward 5433 localhost:5432

# Personal GitHub account key. Override the default GitHub key.
Host github.com
  User git
  IdentityFile ~/.ssh/github_ed25519
  IdentitiesOnly yes
  PreferredAuthentications publickey

# Defaults that apply to every host below unless overridden.
Host *
  IdentityFile ~/.ssh/id_ed25519
  AddKeysToAgent yes
  UseKeychain yes
  ServerAliveInterval 60
  ServerAliveCountMax 3

ssh_config quick reference

From man 5 ssh_config. The full per-option reference lives in the OpenSSH manual.

Host: One alias or a list of aliases (space separated). Wildcards * and ? are allowed. Prefix a token with ! to exclude it from a wildcard match.
HostName: The real hostname or IP the alias maps to. If omitted, ssh uses the alias name itself.
User: Remote username. Avoids typing user@host on every command.
Port: TCP port (default 22). Saved in config so you do not need ssh -p.
IdentityFile: Path to a private key. Combine with IdentitiesOnly yes to stop ssh from trying every key the agent holds.
ProxyJump: Chain through a bastion host. Modern replacement for ProxyCommand with ssh -W.
ForwardAgent: Forward your ssh-agent to the remote. Convenient but risky on untrusted machines.
StrictHostKeyChecking: Use accept-new for first-connect convenience without the risk of disabling host key verification entirely.
ServerAliveInterval: Send keepalives to the server every N seconds. Combined with ServerAliveCountMax, drops dead sessions cleanly.
LocalForward: Tunnel a local port to a remote host:port through the ssh connection (ssh -L equivalent).
RemoteForward: Expose a local service on a remote port through the ssh connection (ssh -R equivalent).
DynamicForward: Open a SOCKS proxy on a local port that routes traffic through ssh (ssh -D equivalent).
ControlMaster / ControlPath / ControlPersist: Reuse a single ssh connection for many sessions. Big speed win for tools that fork lots of short ssh calls.
AddKeysToAgent + UseKeychain: On macOS, add keys to ssh-agent and remember the passphrase in the Keychain so you only enter it once.

How to use

Start from the loaded sample or click Add host to begin with a blank entry. Each host represents one alias you will type after ssh.
Fill in Host (the alias), HostName (real DNS name or IP), User, and Port. Add IdentityFile and set IdentitiesOnly yes if you want ssh to use only that key.
Open Show advanced options to set ProxyJump for bastion hosts, port forwards (LocalForward, RemoteForward, DynamicForward), connection sharing (ControlMaster), keepalives, and other less-common options.
Configure the Host * defaults that should apply to every host (typical: default IdentityFile, AddKeysToAgent yes, UseKeychain yes on macOS, ServerAliveInterval 60).
Review the Validation panel for errors, warnings, and security notes, then copy or download ssh_config and place it at ~/.ssh/config. Run chmod 600 ~/.ssh/config so OpenSSH will trust it.

About this tool

SSH Config Generator builds a clean, comment-rich ~/.ssh/config from a small form. Add as many hosts as you need, give each a friendly alias (with optional wildcards), and set HostName, User, Port, IdentityFile, IdentitiesOnly, ProxyJump (the modern bastion replacement for ProxyCommand), ForwardAgent, X11 forwarding, StrictHostKeyChecking (including the safer accept-new), UserKnownHostsFile, keepalives (ServerAliveInterval and ServerAliveCountMax), Compression, AddKeysToAgent, UseKeychain for macOS, LocalForward, RemoteForward, DynamicForward (SOCKS proxy), RequestTTY, LogLevel, ControlMaster / ControlPath / ControlPersist for connection sharing, IPQoS, PreferredAuthentications, SendEnv, and SetEnv. A separate Host * section produces sensible global defaults (default IdentityFile, AddKeysToAgent, UseKeychain on macOS, keepalive cadence) that ssh applies to every host that does not override them. The tool validates as you type: aliases must be valid tokens, hostnames are checked against DNS or IP shapes, port must be 1 to 65535, keepalive numbers must be non-negative integers, forward lines must follow the OpenSSH bind plus target shape, SetEnv entries must be NAME=value, and conflicts (ProxyJump with ProxyCommand, duplicate aliases, StrictHostKeyChecking no, ForwardAgent yes on untrusted hosts) trigger warnings or notes so you know which lines to revisit. The output panel shows the full file with copy and download buttons, and a quick reference panel explains the most common ssh_config options for newcomers. Everything runs locally in your browser. The hostnames, key paths, ports, and tunnels you enter never leave your device.

Free to use. Works in your browser. No signup, no login.

Related tools

SSH Config Generator

Hosts

prod-web

bastion

db-primary

github.com

Global defaults (Host *)

Output style

Validation

Generated ssh_config

ssh_config quick reference

How to use

About this tool

You may also like

SSH Key Fingerprint Generator

RSA and EC Key Pair Generator

Authorization Header Generator

Gitignore Generator

htpasswd Generator