How to view SSH client configuration

Inspecting SSH client configuration reveals how remote logins authenticate, tunnel traffic, and keep idle sessions alive, which simplifies troubleshooting timeouts and unexpected password prompts.

On typical Linux systems with OpenSSH, client behavior is governed primarily by two configuration files: the user-specific /home/alice/.ssh/config and the system-wide /etc/ssh/ssh_config. The client parses these in a defined order, matching Host blocks against the destination name and combining options such as IdentityFile, ProxyJump, and ServerAliveInterval.

Configuration files may contain sensitive hostnames, usernames, and key paths, and misinterpreting precedence between user and system files can lead to confusion when changes seem to have no effect. Careful inspection of each file and use of the ssh -G option to dump the effective configuration ensures a precise understanding of what the client applies for any given host, while avoiding accidental exposure of confidential details in shared logs.

1. Open a terminal with a regular user account.

   $ whoami
   alice

2. Display the user-specific SSH client configuration from /home/alice/.ssh/config if present.

   $ cat ~/.ssh/config
   Host github.com
     HostName github.com
     User git
     IdentityFile ~/.ssh/id_ed25519
   ##### snipped #####

   File /home/USERNAME/.ssh/config defines per-user and per-host settings and overrides matching options from the system-wide file.

   Configuration may reference private repositories, internal hostnames, or key paths; avoid sharing full contents in public forums.

3. Show the system-wide SSH client configuration from /etc/ssh/ssh_config for global defaults.

   $ sudo cat /etc/ssh/ssh_config
   #   This is the system-wide ssh client configuration file.
   Host *
       SendEnv LANG LC_*
       HashKnownHosts yes
       GSSAPIAuthentication yes
   ##### snipped #####

   Options in /etc/ssh/ssh_config apply to all users unless overridden in /home/USERNAME/.ssh/config or on the command line.

4. Dump the effective SSH configuration for a specific destination using ssh -G.

   $ ssh -G github.com
   user git
   hostname github.com
   port 22
   identityfile /home/alice/.ssh/id_ed25519
   proxyjump bastion.example.net
   ##### snipped #####

   Command ssh -G prints the merged configuration after applying system-wide defaults, user-specific settings, and the selected Host block for the given name.

5. Filter the effective configuration output to focus on particular options when diagnosing behavior.

   $ ssh -G github.com | grep -Ei 'proxy(jump|command|use)'
   proxyjump bastion.example.net

   Using filters such as grep highlights how options like ProxyJump, IdentityFile, or Port are finally resolved for the target host.

6. Confirm that the inspected configuration matches runtime behavior by initiating a verbose connection.

   $ ssh -vv github.com
   OpenSSH_9.6p1 Ubuntu-3, OpenSSL 3.0.13 30 Jan 2024
   debug1: Reading configuration data /home/alice/.ssh/config
   debug1: /home/alice/.ssh/config line 1: Applying options for github.com
   debug1: Reading configuration data /etc/ssh/ssh_config
   ##### snipped #####

   Verbose output shows which configuration files and Host blocks are used, verifying that the observed settings are actually applied.